What to do if a Computer Contains Evidence
- STOP USING THE COMPUTER IMMEDIATELY!
- Continued use of this computer WILL DAMAGE EVIDENCE and may make any evidence recovered unusable.
- If the suspected computer is turned off leave it off.
- If the computer is on DO NOT go through a normal SHUT DOWN process. CALL FOR IMMEDIATE INSTRUCTIONS.
- Do not allow anyone to install any programs to conduct a “quick” search to see what may be on the computer. This may change last accessed times which may be crucial to any litigation.
- Keep a DETAILED LOG of who had access, what was done and where the computer has been stored since the dates in question.
- If the hard drive needs to be removed and sent in for a forensic examination make sure to document the date and time in the system BIOS and note whether it differs from the current time.
- Secure the computer in a locked closet, office or a location where only a limited number of individuals have access.
- Remember PREPARE for litigation
What are Computer Crimes - Crimes where computers are :
- Used as a tool to facilitate or enable an illegal activity.
- A target of criminal activity.
- Incidental to a criminal offense
Basic Elements for Admissibility of Computer Evidence
- No possible evidence is damaged, destroyed, or otherwise compromised by the procedures used to investigate the the computer.
- Extracted and possibly relevant evidence is properly handled and protected from later mechanical or electromagnetic damage.
- A continuing chain of custody is established and maintained.
- All procedures and findings are thoroughly documented.
Digital Crime Facts - According to the Nevada State Attorney Generals Office:
- Average Bank Robber Nets: $2,500.00
- Average Bank Fraud Net s:$25,000.00
- Average Computer Crime Nets:$500,000.00
- Average Technology Theft Crime Nets: $1,900,000.00
Computer Intrusion Case History Database - U.S. Department of Justice Computer Crime and Intellectual Property Section (CCIPS)
