Legal and Proper Collection of Digital Evidence

By: Don Penven

Digital evidence has become increasingly valuable in many criminal investigations. Everything from pagers to desktop computers may hold information critical to the ultimate prosecution of criminal cases.

 (Reprinted from the NIJ Report: Electronic Crime Scene Investigation: A Guide For First Responders

First responders must use caution when they seize electronic devices. Improperly accessing data stored on electronic devices may violate Federal laws, including the Electronic Communications Privacy Act of 1986 and the Privacy Protection Act of 1980. First responders may need to obtain additional legal authority before they proceed. They should consult the prosecuting attorney for the appropriate jurisdiction to ensure that they have proper legal authority to seize the digital evidence at the scene.

 In addition to the legal ramifications of improperly accessing data that is stored on a computer, first responders must understand that computer data and other digital evidence are fragile. Only properly trained personnel should attempt to examine and analyze digital evidence.)

 First responders must be made fully aware of the significance of digital evidence and the role it may play when an investigation results in criminal proceedings. They should be trained to understand the basic forensic and procedural principles that must be applied:

1. The process of collecting, securing, and transporting digital evidence should not change the evidence. In other words, any storage devices in or attached to the electronic must be protected at all costs.

2. Only those persons specifically trained for that purpose should be permitted to examine any digital evidence present. 

3. Complete documentation must accompany every item to be seized, transported and stored. 

Definition of Digital Evidence:

Digital evidence is information and data of value to an investigation that is stored on, received, or transmitted by an electronic device. This evidence is acquired when data or electronic devices are seized and secured for examination.

• Digital evidence is latent, like fingerprints or DNA evidence. It must be developed or extracted under very controlled conditions.
• Crosses jurisdictional borders quickly and easily.
• It is easily altered, damaged, or destroyed.
• It can be time sensitive. 

Before collecting evidence at a crime scene, first responders should ensure that—

• Legal authority exists to seize evidence.
• The scene has been secured and documented.
• Appropriate personal protective equipment is used.
• First responders without the proper training and skills should not attempt to explore the contents of or to recover information from a computer or other electronic device other than to record what is visible on the display screen. Do not press any keys or click the mouse. 

Handling Digital Evidence at The Scene

Every precaution must be taken in the collection, preservation, and transportation of digital evidence. First responders should follow these guidelines below to ensure the proper handling of digital evidence at an electronic crime scene:

• Recognize, identify, seize, and secure all digital evidence at the scene. This will include pagers, cell phones, iPods, IPads, laptop (notebook) computers, PCs, monitors and auxiliary equipment such as: mouse, keyboard, external hard drives, disk drives, hand-held GPS units, printers, external power supplies, etc.
• Document the entire scene and the specific location of the evidence found. Photographs and video documentation is suggested, supplemented with a crime scene sketch.
• Collect, label, and preserve the digital evidence.
• Package and transport digital evidence in a secure manner.*

(*More information will follow on packaging digital evidence)

 Special Note: If a device is still turned on at the time of seizure—LEAVE IT TURNED ON UNTIL QUALIFIED PERSONNEL HAVE THE OPPORTUNITY TO EXAMINE IT!

 Packaging, Transportation and Storage of Digital Evidence

Digital evidence—and the computers and electronic devices on which it is stored—is fragile and sensitive to extreme temperatures, humidity, physical shock, static electricity, and magnetic fields.

The first responder should take precautions when documenting, photographing, packaging, transporting, and storing digital evidence to avoid altering, damaging, or destroying the data.

 Ensure that all digital evidence collected is properly documented, labeled, marked, photographed, video recorded or sketched, and inventoried before it is packaged. All connections and connected devices should be labeled for easy reconfiguration of the system later.

Remember that digital evidence may also contain latent, trace, or biological evidence and take the appropriate steps to preserve it. Digital evidence imaging should be done before latent, trace, or biological evidence processes are conducted on the evidence. 

Pack all digital evidence in antistatic packaging. Only paper bags and envelopes, cardboard boxes, and antistatic containers should be used for packaging digital evidence. Plastic materials should not be used when collecting digital evidence because plastic can produce or convey static electricity and allow humidity and condensation to develop, which may damage or destroy the evidence. 

Ensure that all digital evidence is packaged in a manner that will prevent it from being bent, scratched, or otherwise deformed. Label all containers used to package and store digital evidence
clearly and properly.

Leave cellular, mobile, or smart phone(s) in the power state (on or off) in which they were found. Package mobile or smart phone(s) in signal-blocking material such as faraday isolation bags, radio frequency-shielding material, or aluminum foil to prevent data messages from being sent or received by the devices. (First responders should be aware that if inappropriately packaged, or removed from shielded packaging, the device may be able to send and receive data messages if in range of a communication signal.)

Collect all power supplies and adapters for all electronic devices seized. 

For more information of digital evidence packaging supplies CLICK HERE For Digital Evidence! 

Turn to pages 203, 207. 

For a free copy of the NIJ Digital Evidence Report CLICK HERE! 

To receive E-mail alerts when new material is added to this blog: Please Register HERE For Alerts