ACPO Guidelines

Computer Investigations and Electronic Evidence

ACPO logo Below is a summary of the Association of Chief Police Officer’s (ACPO) guidelines in the handling of electronic evidence. You can read the full ACPO document in PDF format, the “Good Practice Guide For Computer-Based Electronic Evidence” by clicking this link.

Summary Of Principals

Principle 1: No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.
Principle 2: In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
Principle 3: An audit trail or other record of all processes applied to computer based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.
Principle 4: The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to.

Explanation Of The Principles:

Computer based electronic evidence is no different from text contained within a document. For this reason, the evidence is subject to the same rules and laws that apply to documentary evidence.

The doctrine of documentary evidence may be explained thus: the onus is on the prosecution to show to the court that the evidence produced is no more and no less now than when it was first taken into the possession of police.

Operating systems and other programs frequently alter and add to the contents of electronic storage. This may happen automatically without the user necessarily being aware that the data has been changed.

In order to comply with the principles of computer based electronic evidence, wherever practicable, an image should be made of the entire target device. Partial or selective file copying may be considered as an alternative in certain circumstances e.g. when the amount of data to be imaged makes this impracticable.

In a minority of cases, it may not be possible to obtain an image using a recognised imaging device. In these circumstances, it may become necessary for the original machine to be accessed to recover the evidence. With this in mind, it is essential that a witness, who is competent to give evidence to a court of law makes any such access. It is essential to show objectively to a court both continuity and integrity of evidence. It is also necessary to demonstrate how evidence has been recovered showing each process through which the evidence was obtained. Evidence should be preserved to such an extent that a third party is able to repeat the same process and arrive at the same result as that presented to a court.

Remember, we recommended that the full ACPO Guidelines on computer based electronic evidence are read by clicking here.

Go to Data Clinic’s main Computer Forensics page

Data Clinic Ltd

4.5

Jacob Greenwood

14:38 30 Mar 18

5* customer service! Recovered my father's book from an old drive, also retrieved some long forgotten about photos. Simply cant put a price on something like that.

Jarek Roover

12:21 30 Jul 18

Go there if you lost your data

Tony Cowgill

15:56 10 Apr 13

We've used Data Clinic twice now - once for my son's laptop which held all his University work and suddenly seemed to just die, that was recovered with ease. And then secondly in connection with work when our office computer system backups were somehow corrupted. These people really know their stuff - they are very helpful and professional and quick! Thanks so much for everything.

Rob Deighton

11:33 09 Dec 16

Happy to recommend Data Clinic to anybody that suffered Data Loss on storage Media. The guys were extremely helpful and knowledgeable and made the recovery of our valuable data a stress free experience.

George Thorpe

12:19 20 Feb 14

My company provides IT support to approximately 60 Yorkshire based companies ranging from small 10-15 users up to Enterprise sized organizations. Due to disk failure a client recently lost their entire database. We contacted Data Clinic and within hours a representative was onsite, several hours later the drive was returned, again in person by Data Clinic Manchester. I would not hesitate contacting them again, outstanding service in a market that can mean life or death to a business. 10 stars if there was an option!

Kieran Collins

21:02 25 Oct 18

Fantastic. Could not fault them at all, Brilliant, 10 year old iMac full of data and they had the data back to me in 72 hours. Communication via e-mail was fast, clear and superb.

David Tett

14:36 24 Aug 18

Sent them a 4tb WD Red hard drive to recover. They quoted me £588 incl VAT and recovery media. I was a bit sceptical so I asked for it to be returned. First they sent me the wrong hard drive (a 500GB WD Blue). Not too careful about data protection then. When I eventually got the drive back it had been totally stripped and outer casing binned (would have been nice to know about this beforehand). I decided to send it to Curry's PC World. They quoted £90 + recovery media. All data recovered and both hard drives returned within a week. What more is there to say.

Elle Sweet

22:12 20 Aug 18

Awful communication, I was constantly chasing them for updates on my device. My device was with them days before work was started on it. The data this company couldn’t retrieve was later retrieve by Apple. Waste of a £110.

Next Reviews

Salutation
First Name
Last Name
Primary Phone*
Primary Email
Device Type*
Description
GDPR opt in