Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition

Published April 14, 2008

Introduction

This guide is intended to assist State and local law enforcement and other first responders who may be responsible for preserving an electronic crime scene and for recognizing, collecting, and safeguarding digital evidence. It is not all inclusive but addresses situations encountered with electronic crime scenes and digital evidence. All crime scenes are unique and the judgment of the first responder, agency protocols, and prevailing technology should all be considered when implementing the information in this guide. First responders to electronic crime scenes should adjust their practices as circumstances—including level of experience, conditions, and available equipment—warrant. The circumstances of individual crime scenes and Federal, State, and local laws may dictate actions or a particular order of actions other than those described in this guide. First responders should be familiar with all the information in this guide and perform their duties and responsibilities as circumstances dictate.

When dealing with digital evidence, general forensic and procedural principles should be applied:

  • The process of collecting, securing, and transporting digital evidence should not change the evidence.
  • Digital evidence should be examined only by those trained specifically for that purpose.
  • Everything done during the seizure, transportation, and storage of digital evidence should be fully documented, preserved, and available for review.

First responders must use caution when they seize electronic devices. Improperly accessing data stored on electronic devices may violate Federal laws, including the Electronic Communications Privacy Act of 1986 and the Privacy Protection Act of 1980. First responders may need to obtain additional legal authority before they proceed. They should consult the prosecuting attorney for the appropriate jurisdiction to ensure that they have proper legal authority to seize the digital evidence at the scene.

In addition to the legal ramifications of improperly accessing data that is stored on a computer, first responders must understand that computer data and other digital evidence are fragile. Only properly trained personnel should attempt to examine and analyze digital evidence.

NOTE:Officer safety and the safety of others should remain the primary consideration of first responders. Nothing in this guide is intended to be, or should be construed as being, a higher priority than officer safety or the safety of others.

Date Created: April 9, 2008