U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Best Practices for Seizing Electronic Evidence (Version 2)

NCJ Number
209605
Date Published
2004
Length
24 pages
Annotation
This paper's aim is to impart to the reader a basic understanding of key technical and legal factors associated with searching and seizing electronic storage devices and media.
Abstract
Computers and related evidence range from the mainframe computer to the pocket-sized personal data assistant to the floppy diskette, CD, or the smallest electronic chip device. Images, audio, text, and other data on these media are easily altered or destroyed, so it is imperative that law enforcement officers recognize, protect, seize, and search such devices in compliance with relevant statutes, policies, and best practices and guidelines. This paper first poses questions to ask in determining the possible role of a computer as evidence in a criminal case. Once the computer's role is understood, the investigator must then determine whether there is probable cause to seize the hardware, the software, and any data. Other questions that should be asked are where the search will be conducted and what police skills are critical to the search. The paper then outlines steps in preparing for the search and/or seizure and conducting the search and/or seizure. Tasks described include securing the scene and securing the computer as evidence. Specific guidance is provided for networked or business computers, wireless telephones, cordless telephones, answering machines, caller ID devices, electronic paging devices, fax machines, smart cards and magnetic stripe cards, ID card printers, scanners, printers, copiers, compact disk duplicators and labelers, and digital cameras/videos/audio. Other electronic devices covered are electronic game devices, home electronic devices, global positioning system, personal data assistants/hand-held computers, security systems, vehicle computer devices, storage media, and skimmers/parasites/other criminal technology. The paper concludes with a description of how to trace Internet e-mail.