Evidence Technology: Handling Digital Evidence Safely

DISCLAIMER: Without being on hand to actually inspect the situation firsthand, it is not possible to present steps that will guarantee the safety of digital evidence. We can only make general recommendations that offer the best chance of evidence preservation in most situations. We are not responsible for any damage that results, either directly or indirectly, as a result of following these steps.

First and foremost, the evidence must be preserved in an unaltered state:

If a computer is not on, don't turn it on.
If removeable media, like floppy disks or memory cards, are not inserted in a device, don't insert them in one. This includes computers, card readers, digital cameras, or any other device capable of accessing that piece of media.
If a computer is already on, your best best is probably to leave it on, unless you have reason to believe the suspect has initiated data-destructive routines, in which case the best option is probably to pull the power cord from the back of the computer.
Secure the evidence physically, taking care to properly maintain the chain of custody at all times.
Contact Evidence Technology immediately.

Handling Computers & Media

Avoid excessive heat, cold, or humidity.
Avoid excessive vibration.
Avoid any exposure to magnetic fields; magnets, speakers, and electric motors all generate magnetic fields that can alter or even destroy data.
Protect from any physical impact of any kind.

Chain of Custody

Chain of custody is just as important with digital evidence as it is with more traditional forms of evidence. The location, status, and possession must be documented without breaks. Transfer of possession from one person or entity to another must be documented in writing and signed for.






	DISCLAIMER: Without being on hand to actually inspect the situation firsthand, it is not possible to present steps that will guarantee the safety of digital evidence. We can only make general recommendations that offer the best chance of evidence preservation in most situations. We are not responsible for any damage that results, either directly or indirectly, as a result of following these steps. First and foremost, the evidence must be preserved in an unaltered state: If a computer is not on, don't turn it on. If removeable media, like floppy disks or memory cards, are not inserted in a device, don't insert them in one. This includes computers, card readers, digital cameras, or any other device capable of accessing that piece of media. If a computer is already on, your best best is probably to leave it on, unless you have reason to believe the suspect has initiated data-destructive routines, in which case the best option is probably to pull the power cord from the back of the computer. Secure the evidence physically, taking care to properly maintain the chain of custody at all times. Contact Evidence Technology immediately.







Handling Computers & Media Avoid excessive heat, cold, or humidity. Avoid excessive vibration. Avoid any exposure to magnetic fields; magnets, speakers, and electric motors all generate magnetic fields that can alter or even destroy data. Protect from any physical impact of any kind.


		Chain of Custody Chain of custody is just as important with digital evidence as it is with more traditional forms of evidence. The location, status, and possession must be documented without breaks. Transfer of possession from one person or entity to another must be documented in writing and signed for.



Copyright 2004, Evidence Technology, LLC, All Rights Reserved