|When the Device Is The Evidence.|
Sure, you're familiar with how to work these devices and are completely comfortable texting and emailing, but what happens when you're dispatched to a call where the electronic device is the crime scene?
The first step is to determine what you have. Officers should be able to identify all potential sources of electronic evidence, from something as obvious as a computer to something as innocuous as the Micro SD card within a cellphone.
Officers should be familiar with portable USB drives, (aka "thumb drives") and understand that these devices are easily hidden and can be disguised as something else, such as a pen or even a Zippo-style lighter.
Once potential sources of evidence have been identified, it is imperative that they are handled properly to ensure that the digital evidence the devices contain is not altered or destroyed.
If it is a smart phone such as a Blackberry or iPhone, the device should be left on if it's on, and off if it's off.
If it is on, it should be secured in a signal-blocking container ("Faraday Cage") and brought to the digital forensics lab as soon as possible. If there is no "Faraday Cage" or bag available, a empty paint can or multiple layers of aluminum foil may serve as a substitute.
It is always a good practice to seize any corresponding power cables for cellphones.
If the evidence is stored on a computer, and the computer is off, leave it off. Document all connections with photographs before labeling and securing it.
If the computer is on, the officer should try to determine the operating system that the machine is using, and photograph the screen in detail to show what programs are operating and to document the system date and time.
In most cases, from this point the computer should be brought down by disconnecting the power cable from the rear of the machine.
If a laptop, unplug then remove the battery.
Remember that this is just a guideline, and there is no one perfect method. And of course, always follow your department procedures for securing digital evidence.
Jim Schwab is a police officer in Belmont, Massachusetts and has been investigating high-tech crime since 2002. He currently holds EnCase and AccessData certifications and is assigned to the NEMLEC Regional Computer Crime Unit.