First Responder to Digital Evidence

Question 0

What are tools or instruments of the crime?

Answer 0

1. Counterfeiting of documents, graphics, currency, or securities
2. Creation of Bogus Websites
3. Internet phishing or Pharming
4. Electronic stalking
5. identity theft

Question 1

What is Digital Evidence?

Answer 1

Any Probative info stored or transmitted to digital format that can be of evidentiary value in a criminal or civil court proceeding

Question 2

Computers can potentially store evidence in virtually any crime. What are some examples?

Answer 2

1. Financial Records
2. Personal Correspondence
3. Saved Emails
4. Illicit Graphics (not Just pornography
5. Temporary internet files (browser caches)

Question 3

What are some electronic devices that may be or may contain evidence?

Answer 3

1. Personal Laptops/Cpmputers
2. Cell Phones, PDAs, Pagers, Digital Cameras, MP3 Players
3. External Disks/Storage Devices
4. Bluetooth interfaces, flash memory, CD’s, DVDs, Blu-Ray disks
5. Jaz and Zip Disks (Magnetic Media)
6. Wireless Routers, off line storage devices, networks and network servers, phone answering machine can caller ID

Question 4

How can electronic evidence may be altered or destroyed?

Answer 4

accidental or intentional

Question 5

What are some reasons electronic evidence may be altered or destroyed?

Answer 5

Physical or external damage to the hardware devices or media containing data.
2. software or internal alteration or destruction of data

Question 6

What hazards is electronic evidence vulnerable?

Answer 6

1. moisture
2. magnetic fields
3. static electricity
4. extreme temperatures

Question 7

What are non-electronic related items that may be important in the investigation of an electronic crime?

Answer 7

1. all software documents
2. computer generated paper reports
3. documentary evidence such as magazines & letters that can tie the suspect to the computer workstation
4. photographs
5. address book
6. lists of passwords or access codes
7. all notes & paper scraps at the computer workstation

Question 8

What are the proper procedures in collecting, preserving, & transporting computers & electronic devices seized as evidence?

Answer 8

1. Officer Safety (First and Most Important)
2. Isolate computer from any user or potential user as well as cell phones
3. pull plug and network cable from the computer (move fast if dumping data or encrypting commands)
4. If computer is off, leave it off
5. photograph everything
6. consider traditional forensic tasks such as gathering latent prints, DNA, trace evidence
7. Place media in proper containers
8. collect any item relevant to the scene (wires, storage device, notes, ect)

Question 9

What are the proper steps in seizing and securing cell phones?

Answer 9

1. If phone is on, leave it on and immediately place in an electromagnetically shield device (Faraday Device)
2. If phone is off, leave it off
3. Seize all cabling and accessories at time of seizure (Charger ect.)
4. Do not remove the phone for analysis until you are in a shielded lab, office or protected facility