The courts have generally accepted evidence collected from the Internet as long as its authenticity can be established.

Taken together, Bruce Nikkel's ideas in Domain Name Forensics: A Systematic Approach to Investigating an Internet Presence,, those discussed in Lorraine v. Markel, the processes described in the NIJ Guide to Electronic Crime Scene Investigation: A Guide for First Responders, and commonly accepted digital forensic methodologies can all be used to identify a three-pronged approach to Internet forensics:

• Verifiable collection, or capture, of evidence as viewed by the user.
• Preservation of evidence such that it remains unchanged, and part of the chain of custody.
• Presentation of evidence, offline, in a way that simulates its collection.

Following the current methodology and the lessons learned from the field of traditional digital forensics, a standard can be developed for the collection of Internet based evidence. The methodology described in this article to collect, preserve, and present Internet based evidence is a simply structured standard. Utilizing a defined, repeatable, and verifiable process, any investigator wishing to verify and validate information collected on the Internet can be assured that they will have collected defensible online evidence.

From: Collection of Evidence from the Internet: Part 1 by Todd G. Shipley