Digital Evidence

Question 1

What are sources of digital evidence that could be found at a crime scene?

Answer 1

Phones, computers, tablets, laptops, routers, drones, SD cards, USB sticks

Question 2

What should you always do before recovering electronics at a crime scene, and why?

Answer 2

Seek expert advice to prevent alteration, loss or encryption of data

Question 3

How can you prevent remote wiping and data changes?

Answer 3

Place in faraday bag and keep powered on, get to digital department ASAP

Question 4

What do you do when trying to recover a computer/PC that is switched OFF?

Answer 4

1. Disconnect from mains
2. Package in close-fitting, rigid box
3. Document all actions

Question 5

What do you do when trying to recover a computer/PC that is switched ON?

Answer 5

Consider if investigators need to know what the computer is doing right now and if it will encrypt itself when removed from power. if the answer is no to both:

1. Disconnect from mains
2. Package in close-fitting, rigid box
3. Record all actions and the time you disconnected it from power

If unsure: seek expert advice, leave device alone

Question 6

What do you when trying to recover a running laptop?

Answer 6

• Remove battery at the back
• Remove powder cable, record time
• Package in close-fitting, rigid box
  If no external battery:
• Don’t open lid
• Place in faraday bag and get to digital ASAP

Question 7

What do you do when trying to recover a phone/tablet?

Answer 7

• Place in faraday bag and keep powered on, get to digital ASAP

Question 8

How to recover a router?

Answer 8

• Disconnect from powder
• Package in close fitting, rigid box

Question 9

Can you swab devices?

Answer 9

Yes if you don’t touch buttons and the device is off

Question 10

Can you fingerprint devices?

Answer 10

No as aluminium powder can damage them, but you can photograph and gel lift screens