Law around the topic of electronically stored data (ESI) and computer forensics is ever-evolving. In a suit, it is treated like paper files. Should you shred or burn off the paper proof, you are in trouble - and in case you are captured wiping or deleting digital signs, then you are in precisely the exact same boat.
However in some instances, it may be simpler to get busted for ruining ESI, both since electrons have a means of proliferating as electronic copies of documents and pictures and files, and since the practice of ruining data usually renders detectable digital traces.
Only yesterday, a fellow (I decline to call him a gentleman) phoned me up to ask if he can consult with me on a hourly basis about ways to ruin data (proof ) on his computer to an impending possible divorce. I really found myself offended and explained to him (trying to maintain the disdain out of my voice) that destroying signs is the specific reverse of this service I provide.
We do not mess evidence - we locate it.
I suggested he may want to check in the Federal Rules of Civil Procedure, Sections 26 & 34 and also how they employ in his condition. I advised him that I'm not a lawyer (and so can not advise him law), but if he moved on destroying evidence, the judge in his situation may sanction him in a means that could be catastrophic to his side of this litigation.
However, I might be wrong.Though there's usually a necessity under common law to maintain evidence, and while some judges may take unkindly to the devastation of some possibly relevant evidence, others have held to a deadline of 20 days after a complaint is registered, or not before the party is served with court documents. This man hadn't yet been served, though his interest in the destruction of information would lead a reasonable person to infer that there was something on that pc which would direct his wife to begin the procedure!
In over twenty five years in the computer investigative business, we have discovered that individuals seldom figure out how to erase all traces of a document, or of the actions of destruction of documents. When a document is deleted, it merely stays sitting for somebody with the appropriate instruments and skill set to discover it. It is not gone until it's been overwritten by something else. There are utilities designed to track files so as to completely eliminate them, but frequently references to the document stay in an old directory, either the Master File Table, or from shadow volume automatic backups. The file-destroying program generally leaves tracks of itself been utilized, and might even supply the forensic investigator a log of its actions.
Even when the document is totally uninstalled along with its attendant directory entries, etc"sanitized," several documents, for example MS-Word, create Autorecovery backup copies while the user is typing away. All these are deleted when the user closes his record, but as we've observed, what is deleted isn't gone. Such clusters could be invaluable evidence.
So such actions are detectable along with the planned goal of information destruction may endure the attempts. Then of course, there's the question of integrity. Even though, in certain jurisdictions, the destruction of information before certain additional documents are registered isn't justified, the notion of destroying lying or evidence about it's reprehensible and is definitely unethical.