Term
#1 – Describe what first responders should ensure before collecting any device that may contain electronic evidence. |
|
Definition
• The scene has been secured and documented • Legal authority exists to seize evidence • Appropriate personal protective equipment is used |
|
|
Term
#2 – Describe the broad categories of electronic evidence. |
|
Definition
• Computer systems/storage devices (e.g., laptops, desktops, tablets) o Computers along with any other personal storage devices (i.e., anything that can be plugged into a computer to store information) • Mobile o Portable data storage devices that provide communications, digital photography, navigation systems, entertainment, or personal information management (i.e., handheld devices) o This also includes applications (i.e., apps.) for information sharing and communications • Cloud computing o Storing and accessing data and programs over the Internet instead of using a computer’s hard drive |
|
|
Term
#3 – Describe how you would preserve cloud based or third party stored digital evidence. |
|
Definition
• If you think electronic evidence may be stored on third party sites, you will need to send the company a letter of preservation immediately so the data is not erased or altered by the user or company • Requests to preserve are sent under the authority of 18 U.S.C. 2703(f) and you can ask for anything (e.g., content, non-content) from the past to be preserved • Under the Stored Communications Act, the providers must comply with the letter of preservation request and will hold the information for 90 days |
|
|
Term
#4 – Explain how digital evidence is preserved on collected physical devices. |
|
Definition
• Turn phone off or disable internet connectivity • Place in evidence bag • It is ok to use your agency camera to take pictures of evidence that is located on a computer or phone screen, but you should never use the suspect’s or victim’s phone to take screen shots of the evidence |
|
|