|
How Digital Devices are Collected
|
| bet | 5/17 | | Sana | 21.05.2024 | | Hajmi | 430,06 Kb. | | #248066 | | Turi | Guide |
Bog'liq DigitalEvidenceHow Digital Devices are Collected
On the scene: As anyone who has dropped a cell phone in a lake or had their computer damaged in a move or a thunderstorm knows, digitally stored information is very sensitive and easily lost. There are general best practices, developed by organizations like SWGDE and NIJ, to properly seize devices and computers. Once the scene has been secured and legal authority to seize the evidence has been confirmed, devices can be collected. Any passwords, codes or PINs should be gathered from the individuals involved, if possible, and associated chargers, cables, peripherals, and manuals should be collected. Thumb drives, cell phones, hard drives and the like are examined using different tools and techniques, and this is most often done in a specialized laboratory.
First responders need to take special care with digital devices in addition to normal evidence collection procedures to prevent exposure to things like extreme temperatures, static electricity and moisture.
Seizing Mobile Devices
Devices should be turned off immediately and batteries removed, if possible. Turning off the phone preserves cell tower location information and call logs, and prevents the phone from being used, which could change the data
on the phone. In addition, if the device remains on, remote destruction commands could be used without the investigator’s knowledge. Some phones have an automatic tier to turn on the phone for updates, which could compromise data, so battery removal is optimal.
If the device cannot be turned off, then it must be isolated from its cell tower by placing it in a Faraday bag or other blocking material, set to airplane mode, or the Wi-‐Fi, Bluetooth or other communications system must be disabled. Digital devices should be placed in antistatic packaging such as paper bags or envelopes and cardboard boxes. Plastic should be avoided as it can convey static electricity or allow a buildup of condensation or humidity. In emergency or life threatening situations, information from the phone can be removed and saved at the scene, but great care must be taken in the documentation of the action and the preservation of the data.
When sending digital devices to the laboratory, the investigator must indicate the type of information being sought, for instance phone numbers and call histories from a cell phone, emails, documents and messages from a computer, or images on a tablet.
|
| |
