Term
| #1 – Describe what first responders should ensure before collecting any device that may contain electronic evidence. |
|
Definition
• The scene has been secured and documented
• Legal authority exists to seize evidence
• Appropriate personal protective equipment is used |
|
|
Term
| #2 – Describe the broad categories of electronic evidence. |
|
Definition
• Computer systems/storage devices (e.g., laptops, desktops, tablets)
o Computers along with any other personal storage devices (i.e., anything that can be plugged into a computer to store information)
• Mobile
o Portable data storage devices that provide communications, digital photography, navigation systems, entertainment, or personal information management (i.e., handheld devices)
o This also includes applications (i.e., apps.) for information sharing and communications
• Cloud computing
o Storing and accessing data and programs over the Internet instead of using a computer’s hard drive |
|
|
Term
| #3 – Describe how you would preserve cloud based or third party stored digital evidence. |
|
Definition
• If you think electronic evidence may be stored on third party sites, you will need to send the company a letter of preservation immediately so the data is not erased or altered by the user or company
• Requests to preserve are sent under the authority of 18 U.S.C. 2703(f) and you can ask for anything (e.g., content, non-content) from the past to be preserved
• Under the Stored Communications Act, the providers must comply with the letter of preservation request and will hold the information for 90 days |
|
|
Term
| #4 – Explain how digital evidence is preserved on collected physical devices. |
|
Definition
• Turn phone off or disable internet connectivity
• Place in evidence bag
• It is ok to use your agency camera to take pictures of evidence that is located on a computer or phone screen, but you should never use the suspect’s or victim’s phone to take screen shots of the evidence |
|
|
