Planning the Search and Seizure of investigation in this investigators need to design a strategic process to conduct the search and seizure process after analyzing the crime scene. This will help them distribute tasks between the team members to complete the seizure and allow the team to use time and tools in a well-defined manner.
Initial Search of the Scene
Once the forensic team has arrived at the scene and unloaded their equipment, they will more to the scene of the incident and try to identify any evidence. A perpetrator may use a self-destruct program or reformat the storage media upon the arrival of the team. To account for such possibilities, pull the power cord connected to the central processing system immediately.
- Identify, collect, label, preserve, and protect all digital evidence at the scene.
- Isolate the computer system (workstation, standalone, or network server) or other forms of media so that digital evidence will not be lost.
- In many cases, computer systems create backups on a regular basis. Though an attacker might delete files from the primary storage media, these files could still exist on the backup storage media.
- Include a search and seizure evidence log containing brief descriptions of all computers, devices, or media located during the search for evidence.
- Make a note of the locations on the crime scene sketch as well.
- Photograph and sketch the crime scene, along with a detailed account of all computer evidence.
- Document everything at the crime scene and the location where the evidence is found.
- Pack and transport the digital evidence safely.
Related Product : Computer Hacking Forensic Investigator
Warrant for Search and Seizure
The investigating officer or first responder must perform the investigation process in a lawful manner; otherwise, a court of law will reject the collected evidence. The first responder needs a search warrant for search and seizure of the electronic devices. A search warrant is a written permission from a concerned authority that mentions the electronic devices that the investigating officer or the first responder can search and seize. The court of law can also issue a search warrant. A magistrate may issue the search warrant if the first responder has convinced the magistrate of evidence of a crime.
Search warrants for electronic devices focus on the following: Electronic storage device search warrant an electronic storage device search warrant allows the first responder to search and seize the victim’s computer components such as:
- Hardware
- Software
- Storage devices
- Documentation
Service provider search warrant
If the crime involves the Internet, the first responder needs information about the victim’s computer from the service provider end. A service provider search warrant allows first responders or investigators to consult the service provider and obtain the available victim’s computer information.
First responders can obtain the following information from the service provider:
- Service records
- Billing records
- Subscriber information
Also Read : Documenting the Electronic Crime Scene
Obtain Search Warrant
An investigator can perform the investigation once investigation planning is over. It is advisable to perform some legal formalities, such as obtaining a search warrant to perform the investigation from the court. Successful computer search warrants should include the particulars of the objects that investigators want to seize, and the search strategy used in the investigation. These steps help the examiner in focusing and executing the search in a better way.
Depending upon the situation of the case, the warrant can include:
- Entire company or part of the company’s property
- Floor
- Room
- Car or Device
- House
The proposed warrant is a one-page form along with attachments incorporated by reference, which indicates the person or things the investigators need to seize and the place they will search. If the investigators mention the cause of search, elements that come under search, and the information about the place of search properly, then the judge will sign the warrant. Under the federal rules of criminal procedure, the warrant is valid for ten days from the day of signing.
Searches Without a Warrant
The court of law has allowed the investigators to perform searches without a warrant, but under certain circumstances, such as when the delay in obtaining a warrant may lead to the destruction or manipulation of evidence and hamper the investigation process. The following pronouncements of different U.S. courts have set the precedents for searches without a warrant:
“When destruction of evidence is imminent, a warrantless seizure of that evidence is justified if there is probable cause to believe that the item seized constitutes evidence of criminal activity.” United States v. David, 756 F. Supp. 1385, 1392 (D. Nev. 1991).
Agents may search a place or object without a warrant or probable cause, if a person with authority has consented. Schneckloth v. Bustamonte, 412 U.S. 218, 219 (1973).
Health and Safety Issues
The health and safety issues are:
- Clearly document all elements of an agency’s health and safety plan.
- Designated agency representatives should frequently monitor and document the health and safety program.
- Health and safety issues are important in all of the work carried out in all phases of the forensic procedures performed by the forensic analysts.
- Persons engaged in the inspection of different types of digital evidence should work according to the rules and policies of the agency.
- All forensic teams should wear protective latex gloves for all searching and seizing operations onsite. This is to both protect the staff and preserve any fingerprints that may come handy in future.
Questions related to this topic
- What are the four steps in collecting digital evidence?
- What are the investigative procedures involving computer forensics?
- How can email be investigated and used as evidence?
- What is the term for tracking evidence in an investigation?
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com
