AC
Anasayfa Makaleler Ceza Hukuku

Digital Chain of Evidence: CMK 134 Computer Search and Hash Integrity

TL;DR

CMK m.134 bilgisayar/sistem arama; sulh ceza onayı + canlı analiz + hash zinciri + bilirkişi raporu zorunlu, eksiklik delil ret nedenidir.

15 Şubat 2026 Ceza Hukuku 3 dk okuma 7 görüntülenme Son güncelleme: 9 Mayıs 2026

CMK Article 134, the slightest procedural error in the search for digital evidence refutes all evidence; Peace penalty approval + live analysis + hash chain + expert report is mandatory.

CMK art.134 — computer search procedure

  • The public prosecutor requests a search warrant from the criminal judgeship of peace.
  • The criminal judgeship of peace decides or approves insufficient data.
  • At the time of the call: the owner / representative / lawyer is present.
  • Live analysis if the device is live (on); If it is closed, it will be confiscated.
  • Integrity is recorded with a time stamp with a hash (MD5 / SHA-256) signature.
  • The clone (bit-for-bit copy) is removed; The original remains confiscated.
  • Expert examination; The report is prepared.

    • Hash chain

    • MD5: Old; risk of conflict today; alone is insufficient.
    • SHA-256: Standard; Mandatory for expert reports.
    • SHA-3: New generation; It is preferably used.
    • Hash comparison at each stage (seizure, clone, review); incompatibility = evidence decays.

    Typical procedural errors (cancellation of evidence)

    • Magistration approval missing (emergency exception proof missing).
    • Do not call before a lawyer is called.
    • No hash timestamp.
    • Examination without making clones.
    • Inability to appoint experts (uncertified).
    • The device was kept on, RAM was lost.

    Expert report content

    • Device identification (brand, model, serial, IMEI).
    • Seizure date and hash.
    • Clone method.
    • Analysis tool (FTK, Encase, Magnet AXIOM).
    • Findings (folder, file, application, log).
    • Hash comparison result.
    • Expert signature and certificates (CHFI, EnCE, GCFE).

    Frequently asked questions

    The client erased his device; Will it come back?

    Software deletion is at the file system level; data may still be on disk. It can be recovered with a forensic tool (FTK, Recuva pro). If it is a full disk wipe (such as DBAN), it will not come back.

    What happens if there is a hash mismatch?

    The integrity of the evidence was broken; the court rejects. This is a very strong argument in the opposing rebuttal strategy. The hash steps should be clear in the expert report.

    The device is encrypted, cannot be opened; what to do?

    CMK article 134/4 — not obliged to give password (right not to testify against oneself). State breaking techniques (brute-force, exploit, vendor request). Apple needs a request MLAT procedure.

    Why is RAM analysis important?

    There may be open passwords, cracked files, and connection sessions in RAM. It clears RAM when the device is turned off; live analysis (volatility, FTK Imager) is mandatory.

    How do we refute the expert report?

    Hash chain break, uncertified expert, incomplete methodology, parallel report (defense forensic expert), petition of objection + technical question at the hearing.

    Relevant legislation

    • HMK art.199-205 — Presentation of documents and evidence.
    • HMK art.400-405 — Determination; with witness / expert.
    • CMK art.134 — Computer search, copying; hash chain.
    • TCK art.243-245 — Computer crimes, digital evidence chain.
    • e-Signature Law (5070) — Electronic signature and time stamp.
    Legal notice: This article is for general information purposes; A meeting with a lawyer is required for a concrete case. Durations, rates and application are shaped by jurisprudence; Check the current legislation before applying.

    Kaynaklar ve referanslar

    Kaynaklar

    Dijital Delil Zinciri: CMK 134 Bilgisayar Arama ve Hash Bütünlüğü içeriği hazırlanırken resmi mevzuat ve yüksek yargı kaynakları esas alınmıştır.

    Telif bildirimi This content and all related Q&A texts are protected under Turkish Copyright Law No. 5846. Unauthorized copying, reproduction, publication, adaptation, bulk extraction, or commercial use is prohibited; legal and criminal remedies are reserved in case of infringement.

    Hukuki destek arıyorsanız

    Bu konuda profesyonel hukuki destek için Aycan Ceylan Avukatlık Bürosu olarak yanınızdayız.

    Görüşme Planla