The Originality of Digital Evidence and the Retention of Seized Digital Devices by Law Enforcement Officers in South Africa




digital forensics, forensic investigation, search and seizure, digital evidence, digital devices, original evidence, retention of evidence


Information and communication technology (ICT) devices, including mobile phones, laptops, computers and data storage mediums, such as memory sticks, are being seized daily by law enforcement agents. These devices are seized for different reasons in terms of the provisions of sections 21 to 23 of the Criminal Procedure Act 51 of 1977 and now, in terms of the provisions of sections 28 and 29 of the Cybercrimes Act 19 of 2020. The seizure and extended retention of such devices by law enforcement can have a devastating impact on businesses and individuals. In virtually all cases, the main objective of seizing an ICT device is to secure its data for purposes of investigation and the collection of evidence. This excludes, inter alia, cases where a device contains contraband and cannot be handed back to the suspect or in a case where circumstances justify forfeiture to the state. This article is limited to cases where the physical device has no evidential value. It is contended that the content of the evidential data and the requirement of originality on an ICT device is met by scientifically created forensic duplicates of the data, which negate law enforcement from unnecessary seizure and retaining the original device. The authors contend that ICT devices should only be seized in situations where a forensic duplicate of the evidential data cannot be created on the scene and, if seized, the evidential data should be forensically duplicated, and the original device returned within a pre-determined period. An extension of the pre-determined period should only be granted by a magistrate upon application. It is recommended that the subject be researched further, to arrive at a reasonable, pre-determined period, and that the Criminal Procedure Act 51 of 1977 and Cybercrimes Act 19 of 2020 be amended accordingly.


Metrics Loading ...

Author Biographies

Jacobus Gerhardus J Nortjé, North-West University

Jacobus Gerhardus Johannes Nortjé. BCom Hons Business Administration MBA MCom Forensic     Accounting (NWU) (FP)SA CFE. Associate Professor of Forensic Accounting and Forensic Investigation Management, North-West University, South Africa. Email:

Daniel C Myburgh, North-West University

Daniel Christoffel Myburgh. BCom Hons Information Systems (UCT) MCom Forensic Accounting  (NWU). Associate Professor of Practice WorkWell: Research Unit for Economic; Management Sciences, North-West University, South Africa


Angermeier V, ‘Swinging for the Fences: How Comprehensive Drug Testing Inc Missed the Ball on Digital Searches’ (2010) 100(4) Journal of Criminal Law and Criminology.

Ashcroft J, Daniels DJ and Hart SV, Forensic Examination of Digital Evidence: A Guide for Law Enforcement (US Department of Justice 2004) < pdffiles1/ nij/199408.pdf> accessed 5 January 2023.

ACFE, ACFE SA Digital Forensic Standard for Digital Forensic Practitioners in South Africa (2019) <> accessed 31 August 2023.

ACFE MOU signed with the DPCI (2023) <> accessed 10 October 2023.

Association of Chief Police Officers, Good Practice Guide for Computer-Based Electronic Evidence version (1997) 5 < ACPO_Good_Practice_Guide_for_Digital_Evidence_v5.pdf> accessed 27 January 2023.

Bartholomew P, ‘Seize First, Search Later: The Hunt for Digital Evidence’ (2014) 30(4) Touro Law Review.

British Attorney General, Attorney General’s Guidelines on Disclosure: Supplementary Guidelines on Digitally Stored Material (2011) < government/uploads/system/uploads/attachment_data/file/16239/Attorney_General_s_guidelines_on_disclosure_2011.pdf> accessed 5 January 2023.

British Attorney General, Attorney General’s Guidelines on Disclosure for Investigators, Prosecutors and Defence Practitioners (2013) < government/ uploads/system/uploads/attachment_data/file/ 262994/AG_ Disclosure_ Guidelines_-_December_2013.pdf> accessed 10 January 2023.

Casey E, Digital Evidence and Computer Crime: Forensics Science, Computers and the Internet (3rd edn, Elsevier Academic Press 2013).

Du Toit P, The Search Warrant Provisions of the Cybercrimes Act and Their Relationship with the Criminal Procedure Act’ (2022) Obiter (43 4) <> DOI:

International Organisation for Standardization, ISO/IEC 27037:2012 Information Technology – Security Techniques − Guidelines for Identification, Collection, Acquisition, and Preservation of Digital Evidence (2012) < 44381.html#:~:text=ISO%2FIEC%2027037%3A2012%20provides,can%20be%20of%20evidential%20value> accessed 15 January 2023.

International Organisation for Standardization, ISO/IEC 27043:2015 Information Technology – Security Techniques − Incident Investigation Principles and Processes (2015) <> accessed 20 January 2023.

Kerr OS, ‘Search Warrants in an Era of Digital Evidence’ (2005) 75(1) Mississippi Law Journal.

Kerr OS, Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations (United States of America Department of Justice 2009).

Kessler G, ‘Judges’ Awareness, Understanding, and Application of Digital Evidence’ (PhD thesis, Nova Southeastern University 2010). DOI:

Losey R, ‘Hash’ (Ediscovery team 2007) <> accessed 8 November 2023.

Lowenstein AS, ‘Search and Seizure on Steroids: United States v Comprehensive Drug:

Testing and its Consequences for Private Information Stored on Commercial Electronic Databases’ (2007) 6 Cardozo Public Law, Politics and Ethics.

Media Clone <> accessed 25 January 2023.

Myburgh DC, ‘Developing a framework for the search and seizure of digital evidence by forensic investigators in South Africa’ (MCom dissertation, North-West University 2016).

Nieman A, ‘Cyberforensics: Bridging the Law/Technology Divide’ (2009) (1) Journal of Information, Law & Technology.

Nortjé JG and Myburgh DC, ‘The Search and Seizure of Digital Evidence by Forensic Investigators in South Africa’ (2019) 22 Potchefstroom Electronic Law Journal < 10.17159/ 1727-3781/2019/v22i0a4886>

Schneier B, Applied Cryptography, Second Edition Protocols, Algorithms and Source Code in C (Wiley 1996).

Schulman C, ‘Explanatory Report to the Convention on Cybercrime’ (2016) <> accessed 29 January 2023.

South African Law Reform Commission, Review of the Law of Evidence Electronic Evidence in Criminal and Civil Proceedings: Admissibility and Related Issues, Project 126 (SALRC 2010) <> accessed 25 January 2023.

SAPS Standard Operating Procedures in terms of Section 26 of the Cybercrimes Act, No 19 of 2020 for the Investigation, Search, Access or Seizure of Articles (2023) <> accessed 10 October 2023.

Thompson E, ‘MD5 Collisions and the Impact on Computer Forensics’ (2005) 2(1) Digital Investigation <> DOI:

Van Hoecke M, ‘Methodology of Comparative Legal Research’ (2015) Law and Method <> DOI:

Vacca JR, ‘Computer Forensics Computer Crime Scene Investigation’ (2nd edn, Charles River Media 2005).

Vandeven S, ‘Forensic images: For your viewing pleasure’ (SANS 2014) accessed 25 January 2023.

Van Deusen Phillips S, ‘Legal Considerations for Electronic Evidence, Part 5: Original vs. Duplicate Documents & Unfair Prejudice’ The Documentalist (27 July 2010) <> accessed 23 January 2023.


Beheersmaatschappij and Another v The Magistrate Cape Town 2004 SA SCA 5635.

Lorraine v Markel American Ins. Co. 2007 241 FRD 534, 544 (D Md).

Minister of Police and Others v Kunjana 2016 (CCT253/15) ZACC 21.

Muller v BOE Bank Ltd and Others 2011 (8723/98) 2010 ZAWCHC 121; 2011 (1) SA 252 (WCC); 2011 (1) All SA 166 (WCC).

R v Munshi 2002 CanLII 39110 (ON SC).

R v Vu 2013 SCJ No 60, 2013 (3) SCR 657.

United States v Comprehensive Drug Testing, Inc 579 F.3d 989, 1006-07 (9th Cir 2009) (en banc).

United States v Hernandez 183 F Supp 2d 468, 480–81 (DPR 2002).

United States v Metter [no 10-CR-600 (EDNY 05/17/2012)].

United States v Syphers 426 F 3d 461, 469 (1st Cir 2005).

United States v Triumph Capital Grp., Inc. 211 FRD 31, 66 (D Conn 2002).


Australian Crimes Act 12 of 1914.

Constitution of the Republic of South Africa 1996.

Criminal Procedure Act 51 of 1977.

Cybercrimes Act 19 of 2020.

Electronic Communications and Transactions Act 25 of 2002.

US Constitution.

US Federal Rules of Criminal Procedure Rule 41, Search and Seizure 2009.




How to Cite

Nortjé, Jacobus Gerhardus Johannes, and Daniel Christoffel Myburgh. 2023. “The Originality of Digital Evidence and the Retention of Seized Digital Devices by Law Enforcement Officers in South Africa”. Southern African Public Law 38 (2):17 pages.



Received 2023-08-16
Accepted 2023-10-27
Published 2023-12-04