The article states the importance of digital evidence, who has access to the evidence, and guidelines when taking care of a seized device.
Fremont, CA: Data collected digitally or online can be convenient evidence for investigators. This evidence can be collected from various sources like emails, text messages, computer documents, etc. For instance, mobile devices have a backup storage facility that restores old documents, pictures, and messages. This storage management system is called the cloud. Other sources like Global Positioning System (GPS) can also provide information and valuable data to the investigators. Summoning a mobile device can give an investigator with relevant data and information about the user and their activities.
Who Has the Access?
The national institute of Justice has given access only to digital evidence to experts trained explicitly for this purpose. It is challenging for local law enforcers to keep up with the developing technologies and electronic gadgets. Many law enforcement organizations do not have digital evidence experts. Even if they do, those experts may be experts in cell phones but not social media or bank fraud.
To be precise, certified digital media executives are the investigators who have the knowledge and training to access the evidence. Most states maintain at least one digital forensics lab or division and several task forces, such as the Joint Terrorism Task Force (JTTF), Internet Crimes Against Children (ICAC), and Narcotics and Property Crimes Task Force. These forces are police officers who have received specific training in their respective fields, including how to look for, seize, and use digital evidence.
Gathering of Digital Devices On-Site
If devices are lost due to natural calamities or in a water body, data and information from that device may be lost. Organizations like NIJ and SWGDE have developed specific practices to retrieve this information. Also, gadgets like chargers and cables are collected from the users to retrieve the data.
Taking Hold of Mobile Phones
Specific guidelines when seizing a mobile phone:
Mobile phones should be turned off, and batteries should be removed when seizing a cell phone. If the device cannot be turned off, it should be kept away from its cell tower by covering it in a Faraday bag or some other materials which could block the signals. Also, the device should keep in airplane mode, disconnected from Wi-Fi and other communication systems.
Taking Hold of Standalone Computers And Equipments
Initially, responders should record any activity on the computer, components, or devices by snapping a picture and documenting any information on the screen to prevent the manipulation of digital evidence during collection.
Calling in a computer forensic specialist is strongly advised if the computer is on, as connections to criminal activity may be lost if the computer is turned off. Power should be cut off to a computer when destructive software (formatting, deleting, erasing, or wiping information) is operating to preserve current data.
The evidence that can be acquired is not limited to files on a computer or other device. The analyst may need to look outside the hardware to locate evidence online, such as in chat rooms, instant messaging, websites, and other participant or information networks. The analyst can put together strings of exchanges that show activity by employing the system of Internet addresses, email header data, time stamps on messaging, and other encrypted data.
