Here's some highlights:
When dealing with digital evidence, general forensic and procedural principles should be applied:
- The process of collecting, securing, and transporting digital evidence should not change the evidence.
- Digital evidence should be examined only by those trained specifically for that purpose.
- Everything done during the seizure, transportation, and storage of digital evidence should be fully documented, preserved, and available for review.
First responders must use caution when they seize electronic devices. Improperly accessing data stored on electronic devices may violate Federal laws, including the Electronic Communications Privacy Act of 1986 and the Privacy Protection Act of 1980. First responders may need to obtain additional legal authority before they proceed. They should consult the prosecuting attorney for the appropriate jurisdiction to ensure that they have proper legal authority to seize the digital evidence at the scene.
In addition to the legal ramifications of improperly accessing data that is stored on a computer, first responders must understand that computer data and other digital evidence are fragile. Only properly trained personnel should attempt to examine and analyze digital evidence.
Remember, DME is digital evidence and should be treated as such. Many agencies have the "it's just video" mentality. Not respecting the evidence and the procedures necessary to properly collect the evidence will eventually get you in trouble. Thankfully, the NIJ provides this valuable piece of guidance.