Back

Document the legal requirements for evidence collection.


CONTROL ID
08654
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a digital forensic evidence framework., CC ID: 08652

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • A warrant of interception application shall contain the name of the person or customer whose communication is required to be intercepted. (§ 5(3)(a), South African Interception of Communications Act, No 6/2007)
  • A warrant of interception application shall contain the name of the service provider that is intercepting the communication. (§ 5(3)(b), South African Interception of Communications Act, No 6/2007)
  • A warrant of interception application shall contain the nature and location of the facility where the communication is being intercepted. (§ 5(3)(c), South African Interception of Communications Act, No 6/2007)
  • A warrant of interception application shall contain all of the facts and circumstances alleged by the applicant. (§ 5(3)(d), South African Interception of Communications Act, No 6/2007)
  • A warrant of interception application shall contain if other investigations have been used and failed to produce the required evidence, the reason why other investigations appear to be unlikely to succeed, or if the investigations involve undue risk to public safety or those wanting to obtain the re… (§ 5(3)(e), South African Interception of Communications Act, No 6/2007)
  • A warrant of interception application shall contain the period that the warrant is issued for. (§ 5(3)(f), South African Interception of Communications Act, No 6/2007)
  • A warrant of interception application shall contain the basis for believing the communication will be obtained through the interception. (§ 5(3)(g), South African Interception of Communications Act, No 6/2007)
  • A warrant of interception application shall contain any information required by the minister of transport and communications to make a decision. (§ 5(3)(h), South African Interception of Communications Act, No 6/2007)
  • A warrant shall be valid for a period not exceeding 3 months and may, for good cause shown by the authorized person, be renewed for a period not exceeding 3 months. (§ 7(1)(a), South African Interception of Communications Act, No 6/2007)
  • A warrant shall state the name and address of the interception subject and the interception method. (§ 7(1)(b), South African Interception of Communications Act, No 6/2007)
  • A warrant shall order the service provider to comply with the technical requirements for facilitating the interception. (§ 7(1)(c), South African Interception of Communications Act, No 6/2007)
  • A warrant shall state which equipment is to be used to identify the communications that is being intercepted. (§ 7(1)(d), South African Interception of Communications Act, No 6/2007)
  • A warrant shall contain other necessary details about the interception target. (§ 7(1)(e), South African Interception of Communications Act, No 6/2007)
  • A warrant that has been renewed under sections 7(1)(a)(i) or 7(1)(a)(ii) may be renewed for an additional 3 months, inside of 6 months of the expiration and with good cause. (§ 7(2), South African Interception of Communications Act, No 6/2007)
  • A warrant that has been renewed under section 7(2)(b) or inside of 6 months of the expiration may be renewed for an additional 3 months by the administrative court upon an ex parte application. (§ 7(3), South African Interception of Communications Act, No 6/2007)
  • Renewal of a warrant inside of 6 months of the expiration of a warrant that was renewed under sections 7(2)(a), 7(3), or 7(4) may be renewed for an additional 3 months at a time by the administrative court upon an ex parte application. (§ 7(4), South African Interception of Communications Act, No 6/2007)
  • Evidence obtained by interception in violation of this act shall not be admissible in criminal proceedings except with the leave of the court. (§ 8, South African Interception of Communications Act, No 6/2007)
  • Digital evidence is similar to any other form of legal proof - it needs to withstand challenges to its integrity, its handling must be carefully tracked and documented, and it must be suitably authenticated by concerned personnel as per legal requirements. Since the evidence resides on or is generat… (Critical components of information security 1) 5), Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • Determine the evidence collection requirement. (§ 3, A Ten Step Process for Forensic Readiness)
  • Conduct formal and informal coordination of collection requirements in accordance with established guidelines and procedures. (T0613, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Prepare legal and other relevant documents (e.g., depositions, briefs, affidavits, declarations, appeals, pleadings, discovery). (T0522, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Conduct formal and informal coordination of collection requirements in accordance with established guidelines and procedures. (T0613, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)