Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition

April 14, 2008

Chapter 5. Evidence Collection

Introduction

The first responder must have proper authority—such as plain view observation, consent, or a court order—to search for and collect evidence at an electronic crime scene. The first responder must be able to identify the authority under which he or she may seize evidence and should follow agency guidelines, consult a superior, or contact a prosecutor if a question of appropriate authority arises.

Digital evidence must be handled carefully to preserve the integrity of the physical device as well as the data it contains. Some digital evidence requires special collection, packaging, and transportation techniques. Data can be damaged or altered by electromagnetic fields such as those generated by static electricity, magnets, radio transmitters, and other devices. Communication devices such as mobile phones, smart phones, PDAs, and pagers should be secured and prevented from receiving or transmitting data once they are identified and collected as evidence.

STOP! If data encryption is in use on a computer, data storage device, or other electronic device and it is improperly powered off during digital evidence collection, the data it contains may become inaccessible.

Date Created: April 9, 2008