Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition
April 14, 2008
Chapter 5. Evidence Collection
The first responder must have proper authority—such as plain view observation, consent, or a court order—to search for and
collect evidence at an electronic crime scene. The first responder must be able to identify the authority under which he or
she may seize evidence and should follow agency guidelines, consult a superior, or contact a prosecutor if a question of appropriate
Digital evidence must be handled carefully to preserve the integrity of the physical device as well as the data it contains.
Some digital evidence requires special collection, packaging, and transportation techniques. Data can be damaged or altered
by electromagnetic fields such as those generated by static electricity, magnets, radio transmitters, and other devices. Communication
devices such as mobile phones, smart phones, PDAs, and pagers should be secured and prevented from receiving or transmitting
data once they are identified and collected as evidence.
STOP! If data encryption is in use on a computer, data storage device, or other electronic device and it is improperly powered
off during digital evidence collection, the data it contains may become inaccessible.
Date Created: April 9, 2008