Abstract image of a woman sitting on books and studying on a laptop

Criminal Investigative Team

CTIN, profile picture
CTIN

The document provides guidelines for investigating crime scenes involving computers. It outlines steps such as mapping the area, determining equipment needs, creating a plan of attack, preparing search warrants, securing the scene, interviewing suspects, and documenting findings. Key aspects are having the necessary tools and media for backups, assigning team roles and responsibilities, and thoroughly documenting all steps of the process.

TechnologyBusiness
1 of 37
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Crime Scene Investigation General Guidelines The information in this section is designed for a best case scenario. You will not be able to follow all of the steps all the time.
Crime Scene Investigation There is no set guide for investigating a crime scene. You must use your best judgement for every case and may sometimes need to change the steps depending on the situation. Some of these steps are only applicable for search warrants.
Evaluate the scene in advance. When planning a raid it helps to have some advanced information. Knowing where the location, type and quantity of the equipment to be seized is can reduce the amount of frustration and delays experienced during the raid.
Map the area. 10 9 8 7 3 1 2 11 11 4 5 6 11 LEGEND: 1) Drafting Table 2) File Cabinet 3) Desk 4) Computer 5) Printer 6) Computer 7) Bookshelves 9) Desk 10) Storage Cabinet 11) Chairs
Draw out the site or obtain a copy of the floor plan if available This information may be obtained from the contractor who constructed the building, informants or customers or just an undercover recon of the place to be searched. On your map, identify all known computer equipment including computers and printers. If a safe or vault exists, include it on the map and identify what might be contained in it.
Determine the type and number of computers and media involved. Needs: Equipment Cables Software Media
Plan what equipment you will need for the raid Determine the storage media needed to back up the suspects equipment. Always attempt to overestimate your storage media needs. This will save you having to send someone back to the office for additional media.
Obtain necessary Hardware/Software If you anticipate needing any special hardware or software, this is the time to acquire it. Knowing how difficult it is to get money for emergencies, the more time you allow for this step, the less stress you will heap on yourself.
Make sure you have all the items for your tool box, in advance. Equipment needed:
Prepare a Check List Preparing for a raid is much easier if you have a checklist of all the tools and equipment you may need ready. Your checklist can have everything you would ever need listed. You can then omit items you will not need for each raid.
Have necessary media for backups and copies. In a business environment you probably only need data. Make arrangements to provide a complete backup before investigative steps are taken to preserve original Provide copy to business and retain a copy for investigation Arrange to use hardware through agreements or court order
Unforeseen requirements Volume of equipment Disk size Unusual operating systems Unusual networks VPN Type of business Business hours
. Have additional funds or an open Purchase Order ready for the purchase of additional hardware, software and technical expertise NOTHING CAN BE MORE FUSTRATING AND WASTEFUL THAN NOT HAVING NECESSARY RESOURCES TO COMPLETE THE INVESTIGATION
Set up Search Teams. Setting up the teams sounds easy. The success of your investigation depends on your team and your plan. A written plan should always be created and followed in putting your teams together so nothing is forgotten. You may have ideas to add to this section that help you function more efficiently.
Assemble the required personnel. Give team members as much notice as possible to prepare for the raid. This insures all will have the opportunity to be prepared with a plan and equipment to do the job.
Assign team member responsibilities. Ensure each team member knows their job. Write a plan with what is expected of each team member as far in advance as possible and distribute it to your team.
Establish a plan of attack. A plan everyone can understand is essential to the success of your search. Complete your plan in writing with diagrams and a check list. A written plan will increase the efficiency of your entire team. The check list helps insure you (or any members of your team) don’t forget anything. Before leaving for the scene, review the plan with all team members at the same time.
How to Create a Plan An easy acronym is SMEAC which is the five paragraph military order and is well suited to all tactical planning.
SMEAC Situation What are we facing? It would be foolish to take on any investigation without any idea of who or what you are up against. You need to define everything you are up against. Included in this definition are the number of people, type of equipment and geographical location.
SMEAC Mission What do you want to accomplish? Are you attempting to catch your suspect at the computer or do you want the computers unattended? Determining the patterns of your suspects might take a few days of surveillance during the times you select for serving your warrant.
SMEAC Execution How will we accomplish our mission? What time of the day would be best? If the target is a business and you don’t intend on seizing the equipment, you might want to consider either before the business closes to avoid any contact with customers. Your surveillance will help you determine traffic patterns.
SMEAC Avenues of Approach and Escape How will we get there and handle the scene? Depending on the type of raid, your methods will vary. If you are taking a SWAT team you would proceed differently than if you were going with an auditor. Keep in mind how you will get your civilian help in and out of the crime scene. A good map identifying where you want all the vehicles to park, where potential obstacles are, where you will allow any media coverage and where you might load seized property.
SMEAC Communications How will we talk to each other? This sounds fairly simple. Right! It’s crucial and often creates the greatest problems and the lack thereof can result in lost evidence and even result in personal injury or worse. Radios and cellular phones are common methods of communications as long a everyone is on the same frequency and everyone knows all the cell phone numbers.
Prepare the Search Warrant. With search warrants involving new technology (or technology that is new to the attorneys and the judge), you should take as much time as necessary to compose your warrant. Have your warrant reviewed by experienced investigators and your prosecutor to make sure you have everything covered.
Prepare the Search Warrant. Prepare the Search Warrant Don’t use terminology you are not familiar with or don’t understand. When having a judge sign your warrant, spend time explaining the terminology so the judge understands the entire warrant. These steps are to prevent your warrant from being thrown out because it didn't include some important piece of evidence or that the judge did not understand what he was signing.
Execute the Warrant The basics of executing a search warrant do not change when computers are involved. Try not to give any advanced notice of your raid even when at the site. Since computers can run on battery power, don’t cut all building power then casually approach the suspects. The data you are seeking can disappear within seconds of tipping off the suspect.
Knock and notice. What is knock and notice? For Law Enforcemet this is critical Document the notice verbatim. In jurisdictions where it is legal, video with sound if possible
Video Taping In Washington State - Turn off the sound If you have a video recorder available, make use of it. Having the videotape will be very useful during the trial as well as to resolve complaints and claims which may arise out of the service of the warrant.
Secure the Scene You want me to do what at Boeing? Immediately locate all computers in the building. With the declining price of computers, there could by tens or even hundreds of computers at the location depending on the size of the business. There have been cases where several computers have been found in a home or apartment. This is where a little advanced intelligence pays off.
Each computer must be physically protected by an officer. A suspect can completely destroy evidence from a computer in seconds if left unattended. With the ever decreasing cost of networking computers, it is possible for one person at a remote computer to destroy the information on all computers on a network.
Have a location to interview suspects and witnesses. Try to keep this location away from the computers. Use a properly trained and briefed Team Member(s) for this task Have an appropriate number of Team members available. Guide: Interviews 30-45 min. Interrogations: 1-4 hours
Teams perform their functions The Case Agent makes assignments and is available for direction and questions. It is best if he is free of other responsibilities so as to properly evaluate and direct the overall scene. Sketching, Interviews, Photos and Searches can be simultaneous.
Reports are written by one member of each team. All reports, sketches and photos then go to the Case Agent. Interview report, Photo and sketch report, arrest and interrogation report, evidence search and seizure report and a computer search and evaluation report are usually necessary.
Note: Maintain the chronological worksheet during the entire investigation. Stress this to all non-law enforcement personnel. Documenting even the smallest step could prove to be important during the investigation and prosecution of a case. Most computer professionals do not understand the need for documentation and it’s purpose later during testimony at the trial.
Use only clean, write protected disks in the suspect computer. Do not use the suspect computer commands or software as you may alter evidence. Some programs when executed alter data and dates and there may be ANSI bombs, viruses, destructive executable batch files or other schemes employed which damage or erase or format the computer.
Completing the Search Team Debriefing. Before leaving for the scene, debrief the team and attempt to eliminate any questions that may not be resolved. New problem documentation. If you encounter any new problems, write them down in your procedures book for future investigations.
Search and Seizure Law This section has dealt with rules and concepts, not laws. You need to decide each time what will and what will not work for your particular circumstance. The most important consideration is the current law regarding search and seizure of computer evidence. Computer S&S law is in it’s infantcy and little case law exists…..YET

More Related Content

PPT
Evidence Seizure Sandyb
CTIN
 
PPT
Evidence Seizure Level One
CTIN
 
PPTX
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Dr Raghu Khimani
 
PPTX
Is Your Data Literally Walking Out the Door-presentation
Mike Saunders
 
PPT
Scientific method forensics
BlancoScience
 
PDF
The Adam - A process model for digital forensic practice
Dr. Richard Adams
 
PDF
Fusing digital forensics, electronic discovery and incident response
Dr. Richard Adams
 
PDF
FARO 2014 3D Documentation Presentation by Direct Dimensions "3D Scanning for...
Direct Dimensions, Inc.
 
Evidence Seizure Sandyb
CTIN
 
Evidence Seizure Level One
CTIN
 
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Dr Raghu Khimani
 
Is Your Data Literally Walking Out the Door-presentation
Mike Saunders
 
Scientific method forensics
BlancoScience
 
The Adam - A process model for digital forensic practice
Dr. Richard Adams
 
Fusing digital forensics, electronic discovery and incident response
Dr. Richard Adams
 
FARO 2014 3D Documentation Presentation by Direct Dimensions "3D Scanning for...
Direct Dimensions, Inc.
 

Similar to Criminal Investigative Team (20)

PPT
Crime Scene Investigations
CTIN
 
DOCX
Evidence IdentificationYour initial task in an investigation is .docx
gitagrimston
 
PPT
Raidprep
CTIN
 
PDF
Computer Forensics MethodologiesList them and explain each one.P.pdf
feetshoemart
 
PPTX
Cyber
PuttaRahul
 
DOCX
Ethical Hacking And Computer Forensics
ShanaAneevan
 
PPT
Pentesting hygt frde education of engi.ppt
asranausheenasra
 
PPTX
Computer forensics powerpoint presentation
Somya Johri
 
PPTX
Computer forensics Slides
Varun Sehgal
 
PDF
Computer forensic
ibraheem ogundele
 
PDF
Forensic Expert Cross Examination
ivneetsingh
 
PDF
The tops for collecting network based evidenceyou think that your.pdf
noelbuddy
 
PDF
Evidence Collection Process
Michelle Singh
 
PDF
Daniel_CISSP_Dom7__1_.pdf
Alejandro Daricz
 
PDF
Cyber Forensics Module 2
Manu Mathew Cherian
 
PPTX
Digital Forensics Workshop
Tim Fletcher
 
PDF
Stackfield Cloud Security 101
Stackfield
 
PDF
4.content (computer forensic)
JIEMS Akkalkuwa
 
PPTX
Digital Evidence by Raghu Khimani
Dr Raghu Khimani
 
DOCX
Scenario CharactersYou Data Security Analyst, Allied Technolog.docx
todd331
 
Crime Scene Investigations
CTIN
 
Evidence IdentificationYour initial task in an investigation is .docx
gitagrimston
 
Raidprep
CTIN
 
Computer Forensics MethodologiesList them and explain each one.P.pdf
feetshoemart
 
Cyber
PuttaRahul
 
Ethical Hacking And Computer Forensics
ShanaAneevan
 
Pentesting hygt frde education of engi.ppt
asranausheenasra
 
Computer forensics powerpoint presentation
Somya Johri
 
Computer forensics Slides
Varun Sehgal
 
Computer forensic
ibraheem ogundele
 
Forensic Expert Cross Examination
ivneetsingh
 
The tops for collecting network based evidenceyou think that your.pdf
noelbuddy
 
Evidence Collection Process
Michelle Singh
 
Daniel_CISSP_Dom7__1_.pdf
Alejandro Daricz
 
Cyber Forensics Module 2
Manu Mathew Cherian
 
Digital Forensics Workshop
Tim Fletcher
 
Stackfield Cloud Security 101
Stackfield
 
4.content (computer forensic)
JIEMS Akkalkuwa
 
Digital Evidence by Raghu Khimani
Dr Raghu Khimani
 
Scenario CharactersYou Data Security Analyst, Allied Technolog.docx
todd331
 
Ad

More from CTIN (20)

PPTX
Mounting virtual hard drives
CTIN
 
PPTX
Open Source Forensics
CTIN
 
PDF
Encase V7 Presented by Guidance Software august 2011
CTIN
 
PDF
Windows 7 forensics -overview-r3
CTIN
 
PDF
Windows 7 forensics event logs-dtl-r3
CTIN
 
PPTX
Msra 2011 windows7 forensics-troyla
CTIN
 
PPTX
Windows 7 forensics thumbnail-dtl-r4
CTIN
 
PPTX
Windows 7 forensics jump lists-rv3-public
CTIN
 
PPTX
Time Stamp Analysis of Windows Systems
CTIN
 
PPT
Vista Forensics
CTIN
 
PPT
Mac Forensics
CTIN
 
PPT
Nra
CTIN
 
PPT
Live Forensics
CTIN
 
PPT
Translating Geek To Attorneys It Security
CTIN
 
PPT
Edrm
CTIN
 
PPT
Computer Searchs, Electronic Communication, Computer Trespass
CTIN
 
PPT
CyberCrime
CTIN
 
PPT
Search Warrants
CTIN
 
PPT
Part6 Private Sector Concerns
CTIN
 
PDF
Sadfe2007
CTIN
 
Mounting virtual hard drives
CTIN
 
Open Source Forensics
CTIN
 
Encase V7 Presented by Guidance Software august 2011
CTIN
 
Windows 7 forensics -overview-r3
CTIN
 
Windows 7 forensics event logs-dtl-r3
CTIN
 
Msra 2011 windows7 forensics-troyla
CTIN
 
Windows 7 forensics thumbnail-dtl-r4
CTIN
 
Windows 7 forensics jump lists-rv3-public
CTIN
 
Time Stamp Analysis of Windows Systems
CTIN
 
Vista Forensics
CTIN
 
Mac Forensics
CTIN
 
Nra
CTIN
 
Live Forensics
CTIN
 
Translating Geek To Attorneys It Security
CTIN
 
Edrm
CTIN
 
Computer Searchs, Electronic Communication, Computer Trespass
CTIN
 
CyberCrime
CTIN
 
Search Warrants
CTIN
 
Part6 Private Sector Concerns
CTIN
 
Sadfe2007
CTIN
 
Ad

Recently uploaded (20)

PDF
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
PDF
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
PPTX
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PPTX
2018-HIPAA-Renewal-Training for executives
Mayank Mathur
 
PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PPTX
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
PDF
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
PPT
Geologic Time for studying geology for geologist
ssuser738f5a
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
2018-HIPAA-Renewal-Training for executives
Mayank Mathur
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
What is a Computer? Input Devices /output devices
GulJan8
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
Geologic Time for studying geology for geologist
ssuser738f5a
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 

Criminal Investigative Team

  • 1. Crime Scene Investigation General Guidelines The information in this section is designed for a best case scenario. You will not be able to follow all of the steps all the time.
  • 2. Crime Scene Investigation There is no set guide for investigating a crime scene. You must use your best judgement for every case and may sometimes need to change the steps depending on the situation. Some of these steps are only applicable for search warrants.
  • 3. Evaluate the scene in advance. When planning a raid it helps to have some advanced information. Knowing where the location, type and quantity of the equipment to be seized is can reduce the amount of frustration and delays experienced during the raid.
  • 4. Map the area. 10 9 8 7 3 1 2 11 11 4 5 6 11 LEGEND: 1) Drafting Table 2) File Cabinet 3) Desk 4) Computer 5) Printer 6) Computer 7) Bookshelves 9) Desk 10) Storage Cabinet 11) Chairs
  • 5. Draw out the site or obtain a copy of the floor plan if available This information may be obtained from the contractor who constructed the building, informants or customers or just an undercover recon of the place to be searched. On your map, identify all known computer equipment including computers and printers. If a safe or vault exists, include it on the map and identify what might be contained in it.
  • 6. Determine the type and number of computers and media involved. Needs: Equipment Cables Software Media
  • 7. Plan what equipment you will need for the raid Determine the storage media needed to back up the suspects equipment. Always attempt to overestimate your storage media needs. This will save you having to send someone back to the office for additional media.
  • 8. Obtain necessary Hardware/Software If you anticipate needing any special hardware or software, this is the time to acquire it. Knowing how difficult it is to get money for emergencies, the more time you allow for this step, the less stress you will heap on yourself.
  • 9. Make sure you have all the items for your tool box, in advance. Equipment needed:
  • 10. Prepare a Check List Preparing for a raid is much easier if you have a checklist of all the tools and equipment you may need ready. Your checklist can have everything you would ever need listed. You can then omit items you will not need for each raid.
  • 11. Have necessary media for backups and copies. In a business environment you probably only need data. Make arrangements to provide a complete backup before investigative steps are taken to preserve original Provide copy to business and retain a copy for investigation Arrange to use hardware through agreements or court order
  • 12. Unforeseen requirements Volume of equipment Disk size Unusual operating systems Unusual networks VPN Type of business Business hours
  • 13. . Have additional funds or an open Purchase Order ready for the purchase of additional hardware, software and technical expertise NOTHING CAN BE MORE FUSTRATING AND WASTEFUL THAN NOT HAVING NECESSARY RESOURCES TO COMPLETE THE INVESTIGATION
  • 14. Set up Search Teams. Setting up the teams sounds easy. The success of your investigation depends on your team and your plan. A written plan should always be created and followed in putting your teams together so nothing is forgotten. You may have ideas to add to this section that help you function more efficiently.
  • 15. Assemble the required personnel. Give team members as much notice as possible to prepare for the raid. This insures all will have the opportunity to be prepared with a plan and equipment to do the job.
  • 16. Assign team member responsibilities. Ensure each team member knows their job. Write a plan with what is expected of each team member as far in advance as possible and distribute it to your team.
  • 17. Establish a plan of attack. A plan everyone can understand is essential to the success of your search. Complete your plan in writing with diagrams and a check list. A written plan will increase the efficiency of your entire team. The check list helps insure you (or any members of your team) don’t forget anything. Before leaving for the scene, review the plan with all team members at the same time.
  • 18. How to Create a Plan An easy acronym is SMEAC which is the five paragraph military order and is well suited to all tactical planning.
  • 19. SMEAC Situation What are we facing? It would be foolish to take on any investigation without any idea of who or what you are up against. You need to define everything you are up against. Included in this definition are the number of people, type of equipment and geographical location.
  • 20. SMEAC Mission What do you want to accomplish? Are you attempting to catch your suspect at the computer or do you want the computers unattended? Determining the patterns of your suspects might take a few days of surveillance during the times you select for serving your warrant.
  • 21. SMEAC Execution How will we accomplish our mission? What time of the day would be best? If the target is a business and you don’t intend on seizing the equipment, you might want to consider either before the business closes to avoid any contact with customers. Your surveillance will help you determine traffic patterns.
  • 22. SMEAC Avenues of Approach and Escape How will we get there and handle the scene? Depending on the type of raid, your methods will vary. If you are taking a SWAT team you would proceed differently than if you were going with an auditor. Keep in mind how you will get your civilian help in and out of the crime scene. A good map identifying where you want all the vehicles to park, where potential obstacles are, where you will allow any media coverage and where you might load seized property.
  • 23. SMEAC Communications How will we talk to each other? This sounds fairly simple. Right! It’s crucial and often creates the greatest problems and the lack thereof can result in lost evidence and even result in personal injury or worse. Radios and cellular phones are common methods of communications as long a everyone is on the same frequency and everyone knows all the cell phone numbers.
  • 24. Prepare the Search Warrant. With search warrants involving new technology (or technology that is new to the attorneys and the judge), you should take as much time as necessary to compose your warrant. Have your warrant reviewed by experienced investigators and your prosecutor to make sure you have everything covered.
  • 25. Prepare the Search Warrant. Prepare the Search Warrant Don’t use terminology you are not familiar with or don’t understand. When having a judge sign your warrant, spend time explaining the terminology so the judge understands the entire warrant. These steps are to prevent your warrant from being thrown out because it didn't include some important piece of evidence or that the judge did not understand what he was signing.
  • 26. Execute the Warrant The basics of executing a search warrant do not change when computers are involved. Try not to give any advanced notice of your raid even when at the site. Since computers can run on battery power, don’t cut all building power then casually approach the suspects. The data you are seeking can disappear within seconds of tipping off the suspect.
  • 27. Knock and notice. What is knock and notice? For Law Enforcemet this is critical Document the notice verbatim. In jurisdictions where it is legal, video with sound if possible
  • 28. Video Taping In Washington State - Turn off the sound If you have a video recorder available, make use of it. Having the videotape will be very useful during the trial as well as to resolve complaints and claims which may arise out of the service of the warrant.
  • 29. Secure the Scene You want me to do what at Boeing? Immediately locate all computers in the building. With the declining price of computers, there could by tens or even hundreds of computers at the location depending on the size of the business. There have been cases where several computers have been found in a home or apartment. This is where a little advanced intelligence pays off.
  • 30. Each computer must be physically protected by an officer. A suspect can completely destroy evidence from a computer in seconds if left unattended. With the ever decreasing cost of networking computers, it is possible for one person at a remote computer to destroy the information on all computers on a network.
  • 31. Have a location to interview suspects and witnesses. Try to keep this location away from the computers. Use a properly trained and briefed Team Member(s) for this task Have an appropriate number of Team members available. Guide: Interviews 30-45 min. Interrogations: 1-4 hours
  • 32. Teams perform their functions The Case Agent makes assignments and is available for direction and questions. It is best if he is free of other responsibilities so as to properly evaluate and direct the overall scene. Sketching, Interviews, Photos and Searches can be simultaneous.
  • 33. Reports are written by one member of each team. All reports, sketches and photos then go to the Case Agent. Interview report, Photo and sketch report, arrest and interrogation report, evidence search and seizure report and a computer search and evaluation report are usually necessary.
  • 34. Note: Maintain the chronological worksheet during the entire investigation. Stress this to all non-law enforcement personnel. Documenting even the smallest step could prove to be important during the investigation and prosecution of a case. Most computer professionals do not understand the need for documentation and it’s purpose later during testimony at the trial.
  • 35. Use only clean, write protected disks in the suspect computer. Do not use the suspect computer commands or software as you may alter evidence. Some programs when executed alter data and dates and there may be ANSI bombs, viruses, destructive executable batch files or other schemes employed which damage or erase or format the computer.
  • 36. Completing the Search Team Debriefing. Before leaving for the scene, debrief the team and attempt to eliminate any questions that may not be resolved. New problem documentation. If you encounter any new problems, write them down in your procedures book for future investigations.
  • 37. Search and Seizure Law This section has dealt with rules and concepts, not laws. You need to decide each time what will and what will not work for your particular circumstance. The most important consideration is the current law regarding search and seizure of computer evidence. Computer S&S law is in it’s infantcy and little case law exists…..YET