Friday, December 2, 2011


I was recently testifying about my work in downloading the contents of a cell phone's memory card. In these types of cases, the investigator will request certain actions be performed and (usually) a search warrant will grant me the authority to search ... as well as to define the parameters of the search. As the investigator is usually responsible for the warrant, (usually) the request terms and the warrant terms are one and the same. Usually.

Many times, these downloads take place before an attorney is assigned to the case ... or even before there's a case. It may be a witnesses' device, or the suspect may be questioned and released. Once we give the phone back ...

As an analyst, I'm limited in searching a device by the terms of the warrant or consent letter. As I'm not the investigator, I can only advise, then do what I am ordered to do by the court or investigator.

So ... back on the stand, I'm asked if I did an analysis, looked for certain items, etc. Answer ... no. The request was only for a download of the contents. No time (or request) was given for analysis.

Part of teamwork is anticipating what each member of the team will want/need. Part of that is communication. "Just dump the contents and we'll worry about the rest later ..." works great when later actually happens. But, when I'm subpoenaed 2 years later, with no further communication happening, there's not much I can do to help ... other than state and affirm that I did perform a download, using write blockers, etc.

Part of the solution to this problem is coming soon. I'm working on "boiler plate" warrant language for a variety of scenarios and jurisdictions. I'm also working on some forms that can be modified for use at your agency. We may only get one shot at the evidence. I'll do what I can to help you get the most out of that one shot. When it's done, it'll be up on the book's web site. Stay tuned for more on this.

No comments: