As anyone who has dropped a cell phone in a lake or had
their computer damaged in a move or a thunderstorm knows, digitally stored
information is very sensitive and easily lost. There are general best
practices, developed by organizations to properly seize devices and computers.
Once the scene has been secured and legal authority to seize the evidence has
been confirmed, devices can be collected. Any passwords, codes or PINs should
be gathered from the individuals involved, if possible, and associated
chargers, cables, peripherals, and manuals should be collected.
Thumb drives,
cell phones, hard drives and the like are examined using different tools and
techniques, and this is most often done in a specialized laboratory.
First responders need to take special care with digital
devices in addition to normal evidence collection procedures to prevent
exposure to things like extreme temperatures, static electricity and moisture.
- Devices should be turned off immediately and batteries
removed, if possible. Turning off the phone preserves cell tower location
information and call logs, and prevents the phone from being used, which could
change the data on the phone. In addition, if the device remains on, remote
destruction commands could be used without the investigator’s knowledge. Some
phones have an automatic timer to turn on the phone for updates, which could
compromise data, so battery removal is optimal.
- If the device cannot be turned off, then it must be
isolated from its cell tower by placing it in a Faraday bag or other blocking
material, set to airplane mode, or the Wi-Fi, Bluetooth or other communications
system must be disabled. Digital devices should be placed in antistatic
packaging such as paper bags or envelopes and cardboard boxes. Plastic should
be avoided as it can convey static electricity or allow a build-up of
condensation or humidity.
- When sending digital devices to the laboratory, the
investigator must indicate the type of information being sought, for instance
phone numbers and call histories from a cell phone, emails, documents and
messages from a computer, or images on a tablet.
Computers and cellular devices have had an increasing role in modern crime, let the digital forensic experts at DLA follow the electronic trail to find and protect the digital evidence that you need.