Proper Forensic Examination of Electronic Evidence

April 23, 2018 | 5 minutes read
Proper Forensic Examination of Electronic Evidence

When the word “forensic” is brought up, thoughts of investigators dusting for fingerprints or collecting blood samples come to mind. In the past few decades, major changes to the way we go about our daily lives have occurred due to the introduction and subsequent prevalent proliferation of consumer electronics. The crime world has been no exception to this phenomenon.

Unlike law enforcers of yesterday, all officers performing investigative duties today will eventually encounter and have to process electronic evidence of some kind. Even if a law enforcement officer is not certified to forensically examine electronic evidence, he/she must have some basic knowledge of computer forensics and electronic evidence management. Proper technique and close attention to detail is a must when dealing electronic evidence.

At the Scene

When electronic evidence is discovered, be it at the scene of a crime, or during the execution of a search warrant, there are a few fundamental rules that must be followed.

First and foremost, all pieces of electronic evidence should be photographed in the place they were discovered before they are moved. Photographs must also be taken of any connecting wires or cables that are protruding from the computer or other device, in case the assigned forensic examiner needs to re-create the suspect’s setup. It is always best practice to have an investigator or support staff employee trained in computer forensics dismantle any computers or computer hardware at the scene. If one is not available however, law enforcement officers on scene must follow all guidelines and procedures for the packaging and transport of electronic evidence as dictated by the policy of their department of agency.

All chain of custody forms must be filled out at the scene and all evidence bags and boxes must be marked with the case number, description of the item, and location where the item was found. It is also worth noting that electronic evidence can be damaged or even ruined if it is placed near a police car radio and that radio is keyed. Electronic evidence must be placed as far away as possible from the radio within the police vehicle to ensure the integrity of the item.

The Examination

While it is always best practice for a law enforcement officer trained and certified in computer forensic examinations to be present at the crime scene or at the scene of a search warrant, real world limitations dictate that this is not always possible. When evidence has been transported to the closest forensic examiner, it is important to follow all chain of custody procedures to the absolute letter.

All forms must be signed by both the seizing officer and the forensic examiner who will be taking possession of the electronic items. It is also important at this time for the seizing officer to enter the information (including item description, serial number, and location found) into their department or agency’s general evidence management system so that it can be tracked properly.

It is recommended that law enforcement departments and agencies provide computer forensic investigators with their own space in which to conduct their examinations. Examinations of all items must be done in conjunction with a write blocker, or similar device that prevents the alteration of evidence. The forensic examiner must take meticulous notes and must be willing and able to describe the process he or she used to perform the forensic examination should the need arise during a trial or court hearing.

After the Examination

After the examination is complete, all electronic evidence must be stored in a facility that is cool and dry so as not to cause damage to the evidence because of extreme temperatures. The evidence must be readily available in case it is necessary to present the evidence in court.

As always, proper chain of custody procedures must be followed and the proper evidence management systems must be updated any time evidence is moved. Has the examination yielded additional created digital evidence in the form of an electronic report on a CD or external storage drive? This newly created evidence must be stored according to policies relating to the department or agency’s digital evidence management system.

Finally, it is recommended that all electronic evidence be kept in storage for at least a year after the suspect has been sentenced to ensure that no further appeals can take place in their case. It is also recommended that the investigating officer obtain permission in writing from the prosecutor in the case before destroying any evidence.

Conclusions

Every law enforcement officer on the job today and from now on will eventually come into contact with, and have to properly handle, electronic evidence of some kind during his or her career. The ability to forensically examine electronic evidence and present results of these examinations are crucial for any law enforcement department or agency to have. Law enforcement officers and/or support staff performing these duties must be properly trained and certified in forensic examinations and must have the proper tools (such as write blockers), to successfully complete their duties.

By being careful and thorough when gathering, transporting, and examining electronic evidence, law enforcement officers can avoid making drastic errors such as losing evidence or damaging electronic evidence inadvertently. With the proper training and guidance, any law enforcement officer should be able to fulfill their responsibilities with regard to the forensic examination of electronic evidence, whatever those responsibilities may be.

Related Reads

Join The Authority In Redaction At IACP 2023
September 12, 2023 | 3 minutes read
Join The Authority In Redaction At IACP 2023

Join the authority in redaction at IACP this October 14th-17th. Learn how CaseGuard can blur faces, mute audio, and more with AI-powered technology.

Learn More »
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Join The CaseGuard Team at IAI’s International Forensic Educational Conference
August 02, 2023 | 3 minutes read
Join The CaseGuard Team at IAI’s International Forensic Educational Conference

Meet our team at the Annual IAI International Forensic Educational Conference in Maryland this August from August 21st to 23rd.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
Join The CaseGuard Team at The 2023 NATIA Conference
June 01, 2023 | 3 minutes read
Join The CaseGuard Team at The 2023 NATIA Conference

Stop by booth 628 at the NATIA conference to learn about how CaseGuard Studio can benefit your team and help make the difficult job of solving crimes easier with its straightforward approach to redacting and enhancing videos, images, audio files, and documents.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »