The news that the Sandiganbayan has granted Sen. Bong Revilla's lawyers
limited access to the files in Benhur Luy's hard drive (see link below) creates an
interesting situation. The limitation, per the news report, is Revilla's
lawyers may access only files that relate to Revilla's involvement.
Which raises several questions:
(1) How will the lawyers - both of the prosecution and the defense - know that a file relates to Revilla without opening each and every file?
(2) If the answer to the first question is by filenames, what if Luy - or another person - disguised Revilla-related files by altering the filenames?
(3) What about erased files - the remaining data of which may be recovered by forensic tools?
(4) For accessed/recovered files, how do you prove authenticity and contemporaneity, esp. when the files were created and/or modified?
Philippine
laws and jurisprudence (including the obsolete Rules on Electronic
Evidence issued by the Supreme Court) provide no guidance on how the
examination of digital evidence inside a hard drive should be done.
