Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition
Published April 14, 2008
This guide is intended to assist State and local law enforcement and other first responders who may be responsible for preserving
an electronic crime scene and for recognizing, collecting, and safeguarding digital evidence. It is not all inclusive but
addresses situations encountered with electronic crime scenes and digital evidence. All crime scenes are unique and the judgment
of the first responder, agency protocols, and prevailing technology should all be considered when implementing the information
in this guide. First responders to electronic crime scenes should adjust their practices as circumstances—including level
of experience, conditions, and available equipment—warrant. The circumstances of individual crime scenes and Federal, State,
and local laws may dictate actions or a particular order of actions other than those described in this guide. First responders
should be familiar with all the information in this guide and perform their duties and responsibilities as circumstances dictate.
When dealing with digital evidence, general forensic and procedural principles should be applied:
- The process of collecting, securing, and transporting digital evidence should not change the evidence.
- Digital evidence should be examined only by those trained specifically for that purpose.
- Everything done during the seizure, transportation, and storage of digital evidence should be fully documented, preserved,
and available for review.
First responders must use caution when they seize electronic devices. Improperly accessing data stored on electronic devices
may violate Federal laws, including the Electronic Communications Privacy Act of 1986 and the Privacy Protection Act of 1980.
First responders may need to obtain additional legal authority before they proceed. They should consult the prosecuting attorney
for the appropriate jurisdiction to ensure that they have proper legal authority to seize the digital evidence at the scene.
In addition to the legal ramifications of improperly accessing data that is stored on a computer, first responders must understand
that computer data and other digital evidence are fragile. Only properly trained personnel should attempt to examine and analyze
NOTE:Officer safety and the safety of others should remain the primary consideration of first responders. Nothing in this guide
is intended to be, or should be construed as being, a higher priority than officer safety or the safety of others.
Date Created: April 9, 2008