1.1. Research Background

Globally, billions of people use social media to interact with others, exchange information, and keep in contact with family and friends. It has become a key component of our daily socioeconomic activities for both individuals and commercial enterprises. The term “social media” refers to all communication platforms that are utilized for communication and social interaction among a group of people by exchanging their views and content sharing (Arshad et al., 2019). Facebook, WhatsApp, Messenger, Instagram, Twitter, Myspace, and other online gaming platforms are among the social media platforms available today for social interactions and networking (Ngejane et al., 2018). Due to recent advancements in computer science and modern technologies, social media networks have become a vital aspect of human life. These platforms are widely recognized for sharing information, news, and daily updates, and serve as the main channel for gathering and transmitting data (Shahbazi & Byun, 2021). Even though these platforms might be useful, it is important to remember that some of the information available to users is false and could mislead them wrongly. However, they also serve as a tool for fostering interaction and content dissemination among a group of users or a specific set of people. As a result of its scalability and adaptability, social media has quickly surpassed traditional forms of communication in both personal and professional settings. However, it is also used regularly by several businesses to increase efficiency on the job (Sun et al., 2021). Despite the many positive effects of social media, criminals are still finding new methods to use it for their interests. This social media exploitation has serious political, cultural, and sociological repercussions, in addition to the obvious economic costs of lost productivity, compromised systems, and stolen identities.

Social media and other types of cutting-edge communication technologies are being used by criminals in their operations. When these platforms are monitored, law enforcement authorities may be able to apply new methods for reporting crimes directly to the investigative authorities, allowing for a faster reaction time during the occurrence itself (Flores et al., 2021). Because of this, it is feasible to effectively adapt techniques across types of crime that need data or an established detection method (Fazil & Abulaish, 2018). Because of the advent and widespread use of the Internet, cybercriminals may now reach those who were previously out of their reach (Drury et al., 2022). These drawbacks, however, raise the possibility that criminals may use social media to target several people in multiple locations. Data misuse, money laundering, e-terrorism, illegal access to computer systems, and theft of intellectual property are just a few examples of the types of computer-related crimes that digital forensics is often employed to investigate (Mohammad & Alqahtani, 2019). As a result, digital forensics investigations are recognized as a defined technique that uses systematic principles and technology to identify, collect, preserve, and analyze electronic evidence in the aftermath of an Internet-connected crime. Data from computers and other electronic storage devices is acquired as part of these investigations to help determine what malicious actions were taken on a computer and who was accountable for them (Baig et al., 2017). But as more and more people make use of computers, the quantity and variety of data available for forensic examinations have grown exponentially. The growth of this phenomenon may be traced back to the proliferation of online and social media platforms (Bindu et al., 2017).

Accordingly, forensic investigators have challenges while attempting to analyze these platforms due to the information sources contained within them. However, there may be a greater weight on backlogs for digital forensic investigations (Mohammad, 2020). Social media platforms can provide valuable information about potential suspects, victims, and witnesses. These platforms offer a continuously updated collection of user-generated data sources, such as posts, friends, photos, demographics, chats, and more (Arshad et al., 2019). However, intelligent technologies like machine learning (ML) and natural language processing (NLP) have demonstrated their potential to enhance digital forensic investigations, particularly on social media platforms (Shahbazi & Byun, 2022; Sun et al., 2021). Therefore, the same problem exists when looking at massive volumes of data, including online interactions and chat histories. In contrast, these tools may automate the processes often used in digital forensics investigations. In addition, they may expedite the process and help law enforcement with the management of criminal exploitations that frequently occur on online media platforms (Nowroozi et al., 2021). Strategic utilization of email and various online networks offers significant advantages in information exchange and communication. ML text classification plays a crucial role in enhancing the security measures needed for daily interactions on social media platforms. Notable incidents, such as the misinformation spread during the US Clinton campaign and other high-profile cases, underscore the importance of interdisciplinary and digital forensics research. These incidents, reported and widely circulated on social media, highlight the urgent need for relevant stakeholders to support research efforts aimed at curbing the dissemination of false information and addressing the underlying issues it reveals (Lazer et al., 2018). Similar findings emerged during the recent COVID-19 pandemic, as presented in Song and Fergnani (2022)’s article on the strategies of underlining collective understanding of disease outbreaks. Additionally, concerns have been raised about terrorists and criminal syndicates exploiting social media for their activities. They create private communication channels to coordinate and exchange information, underscoring the need for vigilant monitoring and intervention (Goodman, 2019; Keatinge & Keen, 2019).

1.2. Digital Forensics

Digital forensics involves the examination of crimes involving digital technologies. Its primary objective is to identify, gather, and assess evidence from digital sources, obtain evidence for legal proceedings, and present findings in a court of the relevant jurisdiction (Hargreaves & Patterson, 2012). The use of digital devices as tools for crime has increased criminals’ ability to execute different criminal offenses, such as stealinginformation, modifying user data, and unauthorized access to private information. The significance of digital forensics and the use of digital evidence in the field of forensics has been growing steadily, with technology playing a crucial role for both cybercriminals and security experts (Bankole et al., 2022). As a result, the importance of emphasizing cybersecurity and digital forensics cannot be overstated. Effective cybersecurity measures are essential to protect digital assets and sensitive information from malicious access. Simultaneously, digital forensics is pivotal for investigating cybercrimes, collecting digital evidence, and supporting legal proceedings. To stay ahead of cyber threats, ongoing advancements in digital forensics methodologies are necessary, along with collaboration between law enforcement, cybersecurity experts, and digital forensics specialists. Recognizing the importance of these fields and investing in research, training, and collaboration is crucial for defending against cyber threats and ensuring the integrity of digital environments.

However, it is necessary to protect businesses from cyber-attacks while also learning from digital evidence left after the incidents and being digitally forensically prepared for any kind of cyber/digital incident (Casino et al., 2022). Generally, the field of digital forensics has involved collecting and analyzing evidence of illegal conduct on digital media using a range of tools and methodologies for presentation in a court of competent jurisdiction. It is difficult to underline the importance of digital forensics in the context of a modern criminal investigation due to the environment in which they operate. In general, everything that can be retrieved from digital devices and is connected to computer technology is referred to as “digital evidence,” including files and data in digital form. This data is recorded and transmitted in digital form and is admissible in court (Khanafseh et al., 2019). Moreover, investigators who are currently working on developing models for digital forensics are increasingly recognizing its significance. Previous literature outlines four fundamental stages in digital forensics: acquisition, identification, evaluation, and admission. However, recent advancements have led to the development of various models describing techniques used to collect, examine, analyze, and report data from different digital devices. Recent studies have highlighted the impact of cognitive and human factors on investigative tasks, emphasizing the importance of identifying physical activities in the digital forensic investigation process, as noted (Horsman & Sunde, 2022). For digital forensics to be effective in criminal investigations, it must rely on clear and credible techniques. The processes of digital forensic investigation are illustrated in Fig. 1.

새창으로 보기

Fig. 1

Digital forensic investigation process.

1.3. Crimes Committed on Social Media Platforms

The following are the most prevalent tactics and strategies used by social media criminals to commit crimes to exploit people:

Therefore, this study aims to conduct a comprehensive survey of ML technologies, algorithms, and NLP methods utilized to tackle criminal activities within Online social networks (OSNs), as outlined in the work by Shahbazi and Byun (2022). The research not only outlines these approaches but also examines their effectiveness in addressing various challenges. A significant contribution of this study to the field of social media forensics lies in evaluating the applicability of ML techniques and NLP approaches to identify suspicious behavior in OSN interactions, aiding in the discovery of crime suspects for court presentations in relevant jurisdictions.

1.4. Research Purpose

The purpose of this research is to explore and advance the use of ML techniques in digital forensics, specifically on social media platforms. However, the study will investigate how ML approaches can be used to effectively extract and analyze digital evidence from social media platforms. It will also study emerging ML methodologies and techniques that can enhance the capabilities of digital forensic investigators in handling and processing large volumes of data from social media platforms.

1.5. Research Objectives

3.1. Online Social Media Statistics

According to Statista’s 2022 estimate, Facebook was the first social media network to surpass one billion registered accounts, boasting over 2.89 billion monthly active users. Currently, the company oversees four of the most popular social media platforms: Facebook (the main platform), Facebook Messenger, WhatsApp, and Instagram, all of which have more than one billion monthly active users. In the third quarter of 2021, Facebook reported a staggering 3.58 billion monthly active users (Statista, 2022). Major social media sites are typically accessible in numerous languages, enabling users to connect with friends and others irrespective of geographical, political, or economic boundaries. As of 2022, social networking sites were estimated to have 3.96 billion users, a number expected to rise due to the increasing popularity of mobile devices and mobile social networks in underdeveloped countries. The growing usage of social media indicates a profound integration of these platforms into people’s daily lives. Projections suggest that by 2023, there will be 4.89 billion social media users worldwide, reflecting a 6.5% increase from the current year. Notably, there has been a significant 79.1% increase in social media users over just five years, from 1.7 billion in 2012 to 2.2 billion in 2019. Throughout that period, there was an average yearly growth rate of 10.2%. While the total number of people using social media will rise in the future, its pace of expansion is likely to level out. Forecasts indicate a 5% compound annual growth rate between 2023 and 2027. Fig. 2 illustrates the most widely used social networks worldwide (Oberlo, 2023).

새창으로 보기

Fig. 2

Popular social networks worldwide (Reprint from Oberlo, [2023] How many people use social media in 2024? https://www.oberlo.com/statistics/how-many-people-use-social-media).

3.2. Video Analysis Forensics with Machine Learning

In recent years, ML has played a significant role in problem-solving across diverse domains, notably in industries such as industrial and forensic science (Sandoval-Orozco et al., 2020). ML is a data analysis method that automates the creation of analytical models, incorporating techniques such as supervised learning, unsupervised learning, reinforcement learning, and semi-supervised learning, finding extensive applications across global sectors (Javed et al., 2021). Currently, it is a widely utilized tool for video analysis (Bengio & LeCun, 2017). In a similar vein, Güera and Delp (2018) introduced a temporal-aware pipeline architecture for detecting deepfake videos in movies and retrieving frame-level data. This method employs a Convolutional Neural Network (CNN) and a Recurrent Neural Network (RNN) trained to determine video modifications. Additionally, Hosler et al. (2019) provided a technique for identifying video sources and confirming their legality. However, developing and testing advanced video forensic algorithms is challenging without access to common digital video databases. To address this need, the authors proposed the video authentication and camera identification database, offering a diverse collection of movies, which is especially beneficial for developing camera model identification algorithms.

While there is limited research on forensic tools utilizing ML to detect image provenance, most of these approaches can be applied to already collected film frame data due to the complexity of direct operations on video. Comparatively, Li et al. (2018a) introduced a novel methodology classifying video source output identification methods based on wavelet transformations, convincing artifacts, color filter arrays, sensor flaws, and metadata. Attributes like mobile devices, sensor flaws, and cameras are commonly employed in evaluating video source output, with sensor flaws being a notable consideration (Xiao et al., 2019). However, the application of deep learning should be controlled carefully to prevent unintended consequences, such as damaging scene properties during frame removal. In the realm of video forensics, evidence extraction from videos is crucial, involving techniques like face recognition and keyframe detection to aid investigators in gathering evidence from crime scene recordings. Keyframe extraction, representing video sequences through summary keyframes, is a powerful method in this context. Many organizations are grappling with the challenge of establishing meaningful societal frameworks (Javed et al., 2021; Shi et al., 2017). The steps of the video tampering detection technique are depicted in Fig. 3 as a block diagram.

새창으로 보기

Fig. 3

Video tampering detection block diagram (Reprinted from Javed et al., [2021] Engineering Applications of Artificial Intelligence, 106, 104456).

3.3. Image Forensics Analysis with Machine Learning

Image forensics plays a vital role in both criminal investigations and civil cases, especially when manipulated images are used to promote hatred, prejudice, or false narratives about specific ethnic backgrounds or political entities (e.g., defamation). The integration of ML methods in image forensics is becoming more prevalent. However, ML-based systems have their limitations and drawbacks, such as distinguishing ad (image) instances, and they carry real-world implications (Nowroozi et al., 2021). In this digital age, aided by various devices and software, it is now possible to track pattern-of-life data points with precision, down to seconds, contributing to a wealth of information for analysis. The surge in online images and videos has transformed the nature of evidence analyzed in forensic investigations. Within digital pictures, two types of fingerprints are visible on the sensor. Utilizing the inherent Photo Response Non-Uniformity for image authentication and source camera identification has become a significant focus (Ahmed et al., 2021; Gupta & Tiwari, 2018). Moreover, efforts have been made to determine the acquisition period of digital images. Significant contributions to determining the acquisition period of digital images have been proposed by Ahmed et al. (2021) to identify the age of digital images; the concept combines a sophisticated defective pixel identification approach with ML techniques.

The concept of local variation features has been introduced as an effective method for identifying potentially compromised pixels in image dating. In preparation for the reconstruction process, tangible events were assigned virtual timestamps. A video, in essence, is an image sequence originating from a multimedia visual source, which collectively forms a moving image. These individual images are commonly referred to as frames. Temporal classification analysis of specific devices or sets of devices is an integral aspect of the forensic investigator’s toolkit. This analysis aids in framing the timeline of a given crime incident or other events, involving the gathering of information within a particular timeframe to pinpoint when the crime or related occurrences occurred (Ryser et al., 2020). In forensic analysis, there are three fundamental approaches: relational, functional, and temporal analysis. Relational analysis seeks to unveil connections or interactions between various elements. Functional analysis helps in understanding the operation or functioning of a system or object. Temporal analysis relies on temporal information and the passage of time, enabling investigators to construct a chronological sequence of events and identify patterns that provide a comprehensive view of events related to a crime (Ryser et al., 2020).

5.1. Infrastructure as a Service

Infrastructure as a Service (IaaS) is a model that provides virtualized computer resources such as virtual machines, servers, storage, and networking to users. Clients can customize, manage, and deploy their software and applications on these resources. Examples of IaaS providers include Amazon Web Services (AWS), Microsoft Azure, and Google Compute Engine (GCE). In this model, cloud service providers supply clients with servers, storage, and hardware for their operating systems and software. However, in IaaS clients are solely responsible for maintaining the infrastructure (Simou et al., 2016). Hardware as a Service is another term for IaaS, providing Internet-based computer infrastructure with hardware and software support to users. One of the main advantages of IaaS adoption is the avoidance of the complexity and cost associated with owning and operating physical servers (Baig et al., 2017). Key features of IaaS include highly scalable resources, adaptive services, dynamic functionalities, graphical user interface, and Application Programming Interface-based access. Moreover, operational functionalities are entirely automated. Leading providers in this domain include AWS, Microsoft Azure, GCE, Linode, DigitalOcean, and Rackspace (Pichan et al., 2015).

5.2. Software as a Service

Software as a Service (SaaS) is a revolutionary concept that provides clients with convenient online access to software applications. In this model, the software is hosted and managed by the supplier and is accessible to the consumer through a web browser or dedicated application (Son & Buyya, 2018). Well-known SaaS vendors include Salesforce, Dropbox, and Google Workspace. An alternative term for this approach is “on-demand software,” as it is hosted by a cloud service provider, and users can effortlessly access these applications by connecting to the Internet via a web browser (Manoj & Bhaskari, 2016). SaaS exhibits several distinctive characteristics, including central management, hosting on remote servers, and availability over the Internet. Clients are relieved of the responsibility for hardware and software upgrades, as these are performed automatically. This service model aligns with the pay-per-use concept, enabling users to access an array of services from providers like BigCommerce, Salesforce, Google Apps, Dropbox, ZenDesk, Cisco WebEx, GoToMeeting, Slack, and many others. SaaS revolutionizes the way users access and utilize software applications, providing efficiency, scalability, and seamless updates without the need for client-side management (Ab Rahman et al., 2017).

5.3. Platform as a Service

This method provides users with a holistic platform for creating, operating, and overseeing applications, all without the need to build and sustain the foundational infrastructure. The operating system, programming language runtime, database, web server, and other required components are often included in the platform. Heroku, Google App Engine, and Microsoft Azure App Service are examples of PaaS providers. Cloud platform services, also known as Platform as a Service (PaaS), are today’s most popular service model. This model is primarily intended for developers, and it provides a framework for testing, deploying, and customizing applications using industry standards (Stoyanova et al., 2020). The development platform provides programming languages, libraries, and tools to developers. According to the PaaS paradigm, customers may also manage or control their deployed programs and, eventually, the application hosting environment settings rather than the underlying cloud infrastructure, network, servers, operating systems, or storage. According to Chung et al. (2017)’s analysis of key trends in public cloud services, the PaaS market will expand exponentially. Similarly, based on major trends in public cloud services, the report alsopredicts that the amount of PaaS services will grow between 2018 and 2022. Table 1 provides an overview of the cloud service deployment models described above, along with the important roles of each stakeholder participating in the execution process.

6.1. Phase I: Identification

The primary phase in digital forensic investigation is identification, where the forensic process commences by recognizing potential sources of digital evidence, including systems, media, and mobile devices. This identification process involves four distinct steps:

6.2. Phase II: Collection

The collection step in digital forensics is critical because it entails obtaining digital evidence from multiple sources such as computers, cell phones, and other electronic devices. The goal of the collecting phase is to acquire all necessary information without modifying or corrupting the original data. The following are some critical steps in the digital forensics collection stage:

Ultimately, the collecting step is crucial in digital forensics since it serves as the basis for all later studies and investigations. To guarantee that evidence is admissible in court, best practices must be followed and a proper chain of custody must be maintained. The traditional digital forensics procedure encounters several difficulties because of the cloud’s distributed nature. Although data collection is simply the real acquisition of investigation-related data, most investigators are expected to rely on cloud service providers. This reliance never assures 100% availability of resources, nor their retention after data collection. Another critical consideration is the storage capacity of the collecting device, as no data is stored in a single location in cloud architecture.

6.3. Phase III: Analysis

In digital forensics, the analysis phase is a vital component of the investigative process that involves examining digital evidence collected during the collection phase. The major goal of this phase is to extract and evaluate pertinent data from the acquired digital evidence to support the investigation. However, during the analysis phase, the digital forensic investigator examines the data using different tools and methods to find any artifacts that may provide evidence of criminal activity. The procedure involves data recovery, data analysis, and result interpretation. Data recovery is the process of identifying and extracting data from acquired evidence, which may include deleted files, hidden files, and temporary files. After the data has been recovered, the investigator performs an in-depth analysis of the data to identify any substantial trends, abnormalities, or evidence of criminal activity. In addition to data analysis, the forensic investigator must preserve a complete record of all activities taken throughout the analysis phase. This record, also known as case documentation, serves as an audit trail of the investigative process and as evidence in court. Ultimately, the analysis phase is an important part of the digital forensics investigation process since it gives vital information on the nature of the crime and the individuals involved. All relevant information is analyzed using appropriate and legally permissible methodologies, allowing the necessary suspicious hosts or data to be discovered through this investigative approach. Investigators must be able to respond to all questions presented during the court presentation of the analytical report.

6.4. Phase IV: Digital Evidence Evaluation

In this section, the evaluation metrics employed to assess model quality are discussed. Each supervised classification model relies on four classification outcomes derived from the confusion matrix. True Positive (TP) signifies correctly identified positive cases, False Negative (FN) indicates positive cases mistakenly classified as negative, False Positive (FP) represents negative cases inaccurately identified as positive, and True Negative (TN) signifies accurately classified negative cases. Various evaluation metrics can be derived from the confusion matrix. The following metrics are considered:

The confusion matrix is typically used to demonstrate the classifier’s performance. The non-diagonal elements reflect instances where the classifier mislabeled an object, while the diagonal elements (TN & TP) show the number of situations where the predicted label matches the true label, where:

i. TP is the number of examples predicted to be positive.

ii. TN is the number of examples predicted to be negative rather than positive.

iii. FP is the number of positive examples that were predicted to be predatory.

iv. FN is the number of predator examples that were predicted to be non-predatory.

It is important that digital forensics examiners formally validate digital forensic models to demonstrate that they are accurate and reliable. It is also important that examiners consider the limitations of the approaches, especially models that are not explicitly designed for digital forensic examination. To assess the error rate accurately and impartially, different cross-validation techniques are proposed to validate the proposed model for effective and efficient model performance. This technique is commonly used to determine and evaluate the performance of ML algorithms.

6.5. Phase V: Presentation and Reporting

These are the final steps of any investigation. The report must include all of the information on the investigative procedure (explanation of what, why, and how). The detailed report must be provided to the jurisdiction section with authenticity and correctness, without tampering with the evidence, which is the most important aspect of the investigation (Datta et al., 2016). In a presentation before a court or other audience, the forensic analyst will outline the facts of the case and explain how his or her conclusions were reached. Specifically, the forensic investigators will provide the court with relevant information and maintain the chain of custody in their findings.

7.1. Signature-Based Detection

Signature-Based Detection: This is a cybersecurity method that involves identifying and thwarting known threats by matching them against predetermined patterns or signatures (Zhang et al., 2017). These signatures are distinctive markers linked to recognized malicious entities or behaviors. This strategy is widely applied in antivirus programs and intrusion detection systems to rapidly identify and counter established threats (Kebande & Venter, 2018). Similar to antivirus software, signature-based detection involves creating a database of known attack signatures and comparing incoming data against these signatures (Kebande & Venter, 2018). If a match is found, the system can identify and respond to the attack. While effective against known attacks, this method may struggle with new and evolving threats (Javed et al., 2022).

7.2. Machine Learning Classifiers

ML classifiers are algorithms used to categorize data into predefined classes based on their features (Gilpin et al., 2018). Common types include decision trees, SVMs, Naive Bayes, and neural networks. These classifiers are trained on labeled data to make predictions on new data. The choice of classifier depends on data complexity and task requirements. Classification algorithms, such as decision trees, Naive Bayes, random forests, and SVMs, can be trained on labeled data to categorize digital artifacts or activities as benign or malicious (Del Mar-Raave et al., 2021; Sandoval-Orozco et al., 2020). These models rely on features extracted from data such as network traffic, log files, or system activities (Ahmed et al., 2021; Qadir & Varol, 2020).

7.3. Natural Language Processing

NLP is a branch of artificial intelligence that enables computers to understand and work with human language (Shahbazi & Byun, 2022). It involves tasks like classifying text, recognizing names and sentiments, generating language, and translating speech (Sun et al., 2021). However, it has proven to be a valuable tool in the field of digital forensics, where it helps in the analysis and interpretation of textual information for investigative purposes. NLP relies on techniques such as tokenization, word embeddings, RNNs, transformer models, and attention mechanisms. NLP has applications in chatbots, sentiment analysis, translation, and more, making human-computer communication more natural and efficient (Sun et al., 2021). NLP techniques can be employed to analyze text data from communication channels, documents, or online activities (Antony Vijay et al., 2021; Shahbazi & Byun, 2022). Sentiment analysis, topic modeling, and NER can help identify suspicious conversations or intent (Sun et al., 2021).

7.4. Deep Learning Approach

Deep learning models have become crucial in digital forensics due to their ability to extract complex patterns from data (MacDermott et al., 2022). They are used for various tasks, including image analysis, malware detection, file carving, network traffic analysis, detecting digital image forgeries, steganalysis, text analysis, behavioral analysis, and multimodal analysis (Aditya et al., 2018). These models offer enhanced capabilities in identifying anomalies, uncovering manipulation, and improving analysis in digital investigations (Shahbazi & Byun, 2020). However, they require substantial resources and expert interpretation for optimal performance. Deep learning techniques like CNNs and RNNs can be used for image analysis, sequence data (such as logs), and more complex patterns (Hoppe & Toussaint, 2020). Deep learning models can automatically extract meaningful features from raw data, diminishing the requirement for manual feature engineering (Ferreira et al., 2020).

7.5. Anomaly Detection

Anomaly detection techniques involve building a model of “normal” behavior and identifying instances that deviate from this norm (Karami, 2018). This approach is useful for identifying unusual patterns that might indicate malicious activities. Techniques like Isolation Forests, One-Class SVMs, and autoencoders can be employed for this purpose (Abraham et al., 2021; Wu et al., 2020).

8.1. The Evidence Must Be Complete

The evidence should represent the complete set of results, not just one point of view or a subset of the findings. The location and features of the evidence must be presented to the courts (Abiodun et al., 2022). As a result, it is up to attorneys and investigators to make tough decisions, such as: What information is required to establish the factual foundation of a case? Can the “whole” evidence presented be appropriately authenticated? How far should a timeline go in terms of privacy rights, and where is the line between too much freedom and too much restriction? Is it possible for a jury to accurately analyze scanty evidence and condemn a defendant? (Would, for example, the conviction be maintained on appeal?) What does this all mean for digital forensics examiners and attorneys (Arshad et al., 2020)?

8.2. The Evidence Must Be Admissible

Evidence is considered acceptable if it supports a legitimate claim, remains unmodified during the digital forensic investigation, and the outcomes are verifiable, valid, and subject to peer review. Furthermore, evidence is admissible in court when it is presented to illustrate the facts of a case and does not violate the law or other legal criteria. As a result, before it can be produced in court, the evidence must fulfill a variety of legislative standards (Abiodun et al., 2022). Digital evidence must be relevant to the current legal dispute. This implies that it must have a logical relationship to the facts of the case and must be directly tied to the issues being fought. It is essential to remember that the legitimacy, dependability, or significance of digital evidence may be questioned. The admissibility of the evidence may be contested, for instance, if the technique employed to acquire the evidence is questioned.

8.3. The Evidence Must Be Authentic

Authenticity: It must be shown that the digital evidence is exactly what it claims to be. However, digital signatures, metadata analysis, and forensic analysis are just a few of the techniques that can be utilized for it. When it comes to authenticating evidence, two conditions must be met. To begin with, electronic evidence must be legally obtained with the aid of a signed permit from the investigators (Abiodun et al., 2022; Bankole et al., 2022). IT and computer science experts must then independently verify the authenticity of the document before taking further action. If neither of the two conditions is fulfilled, the evidence is invalid and not complete. The digital evidence must precisely depict the incidents or activities it is meant to record to be considered reliable. The capacity to demonstrate that digital evidence was generated, maintained, and transferred following industry standards establishes its dependability. In general, the admissibility of digital evidence is decided on a case-by-case basis, considering the unique circumstances of each case.