Search of Electronic Devices

Question 1

searches of computers are governed by ________.

Answer 1

• 4th amendment

Question 2

private searches of computers:

Answer 2

• does not trigger 4th (allowed)

- ex: computer repairman finds evidence on a computer and gives to an LEO

Question 3

no REP

Answer 3

• if target has no REP, 4th not triggered

Question 4

when a computer has no REP:

Answer 4

A) exposure to public

B) stolen computers

C) 3rd party possession

Question 5

consent to search computers must be:

Answer 5

1) voluntary

2) actual or apparent authority

Question 6

co-users can give consent to search computer but if one party objects…

Answer 6

• there is NO CONSENT

Question 7

can consent be withdrawn or limited?

Answer 7

YES

Question 8

if computer has a network banner….

Answer 8

• consent is not necessary.

Question 9

can network administrators give consent?

Answer 9

YES

Question 10

3rd party consent:

husband > wife
parents > minor child
parents > adult child
roommate > roommate

Answer 10

• husband > wife
• parents > minor child
• parents > adult child
• roommate > roommate

Question 11

warrantless searches during exigent circumstances:

Answer 11

depends on:

• is there enough time to get a warrant?
• destruction of evidence?

Question 12

what can you do during an exigent circumstance?

Answer 12

• seize the computer, but must get a warrant after computer is seized.

Question 13

requirements for a plain view seizure (warrantless seizure):

Answer 13

1) lawfully present

2) incriminating evidence immediately apparent

Question 14

when you find evidence during plain view, you can not abandon your original search and begin….

Answer 14

• searching for evidence of another crime!

Question 15

search incident to arrest requirements:

Answer 15

1) lawful arrest

2) contemporaneous search

Question 16

what is the scope of an SIA (warrantless search):

Answer 16

• head to toe

- areas of immediate control

Question 17

what do you need to search a mobile phone?

Answer 17

• A SEARCH WARRANT

Question 18

purpose of inventory (warrantless search):

Answer 18

• to inventory items NOT to search for evidence of a crime.

Question 19

what are the requirements for an inventory:

Answer 19

1) lawful impoundment
2) standardized policy

**DO NOT INVENTORY DATA

Question 20

problems with searching a computer for data:

Answer 20

• mislabeled info.
• encrypted info.
• data can be instantly erased or destroyed
• data can be easily hidden

Question 21

issues when preparing a search warrant for a computer:

Answer 21

• pre search info (types of computers, software)
• meeting the particularity requirement
• justifying an off site search
• what jurisdiction do you get the warrant for?

Question 22

pre search info needed:

Answer 22

• types of computer
• types of software
• network connections

Question 23

meeting the particularity requirement:

Answer 23

1) independent component doctrine

2) identifying the objects of the search

Question 24

independent component doctrine:

Answer 24

• you must establish PC to search each component of the computer

Question 25

a warrant authorizing the search of a computer does not allow…..

Answer 25

• a search of detached devices
• ex: thumb drives, dvd’s, separate hard drive

**KEYBOARD, SCANNER, MANUALS SHOULD EACH BE SEPARATELY JUSTIFIED.

Question 26

requesting to search for records:

Answer 26

1) all records: you can not request to seize all business records unless you have PC to believe that the target’s criminal history pervades the entire business (too broad)
2) records in any form: includes paper and electronic records.

Question 27

you must establish PC for data (true or false)

Answer 27

TRUE

Question 28

hardware

Answer 28

• the computer itself not the data

Question 29

off site searches:

Answer 29

• you must justify in the warrant why you need to remove the computer to do an off site search.

Question 30

reasons to do an off site search:

Answer 30

• data hidden or encrypted
• time or tools not available
• number and size of computer
• condition of scene safe or unclean

Question 31

jurisdictional requirements for data/stored emails:

Answer 31

• data: if data is stored in more than one district, you must obtain a warrant in EACH DISTRICT where the data is located
• stored emails: the judge who has jurisdiction of the offense may issue the warrant and its good in all jurisdictions

Question 32

things to consider before executing a search warrant:

Answer 32

• technical assistance
• knock and announce rule
• no knock warrant needed?

Question 33

technical assistance

Answer 33

• non LEO personnel can assist

- forensic experts should be with you

Question 34

authentication of data/files:

Answer 34

• government must “LAY THE FOUNDATION” for all physical evidence
• government must establish CHAIN OF CUSTODY

Question 35

2 parts of authentication of evidence/files:

Answer 35

1) ensure the files are not altered after seizure

2) prove the authorship of the files

Question 36

defending claims of alteration:

Answer 36

• use forensic experts to help you collect files or data without altering

Question 37

who is the author of those files?

Answer 37

• you have to prove authorship by circumstantial evidence
• you must determine:
  • who had access
  • any passwords
  • any trace evidence
  • can you match email attachments