kr
Running Head: COMPUTER SEIZER PROCEDURE
1-Make sure you have authority to collect the evidence before entering the scene.
· Search Warrants
2- Document time and date of arrival to scene
3- document location of the scene.
4- Document type of device
· Document part makes, serial numbers, and model numbers
5-photograph the area surrounding the location include a picture of the address
· Take photos from each corner to make sure that you scan all area
6-take pictures of the computer screen
· Take pictures of the computer’s accessories
7-Photograph the evidence with a close-up shot and fill the space of the image if it is of something specific like and computer port, ID number, or something else that must be seen clearly by a judge and jury
8- If there is any activity being process in the device document that.
9- Make sure lighting is appropriate for what you're trying to capture and avoid dark areas cutting of what the judge and jury are looking at
· Do not delete photos if it’s not clear, simply take a new photo, and include all photos taken from the crime scene in a log
10- note the state of the device when it was found
· if the device was off, do not turn it on
· if the device is on, leave it on until it is ready to be moved
· Only unplug the device immediately if you have indications the data is being destroyed.
· If the device is on “live” evidence collection techniques should be applied before transport in order to replicate the computer's original state later
11- After live evidence is collected a device that is on should be placed in airplane mode and bagged in and anti-static bag or prevented from coming into contact with Electromagnetic interference
12- Collect and package the evidence (use anti-static bags)
· label the evidence you are collecting
· Note exactly which port the device or cable it plugged into and package the cables with the correct device
· remove hard-drive from the computer and place in anti-static bag peripheral device should be tied into box or placed in tight fitting boxes to prevent any damage to them
· label Chain of Custody and prepare to move evidence to the lab
· Move the evidence directly to the storage locker or lab for processing, do not stop anywhere else in between
· place it in the back seat of the car and keep the car at a climate that won't damage the evidence
· make sure evidence cannot move around while driving the cruiser
13- when returning to the lab:
· place evidence in an evidence locker with all devices collected from the same crime scene