Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
15 views3 pages

Module 16 Notes

Module 16 outlines procedures for securing and evaluating a crime scene, emphasizing the importance of safety and data integrity. It details steps for documenting the scene, conducting interviews, and collecting evidence, particularly electronic data, while maintaining its evidentiary value. The module also includes guidelines for packaging and transporting evidence to ensure proper handling and admissibility in court.

Uploaded by

kenneth andes
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
15 views3 pages

Module 16 Notes

Module 16 outlines procedures for securing and evaluating a crime scene, emphasizing the importance of safety and data integrity. It details steps for documenting the scene, conducting interviews, and collecting evidence, particularly electronic data, while maintaining its evidentiary value. The module also includes guidelines for packaging and transporting evidence to ensure proper handling and admissibility in court.

Uploaded by

kenneth andes
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 3

Module 16: Securing and Evaluating the Scene

ensure the safety of all individuals at the scene and to protect the integrity
of all data, both conventional and electronic. All operations should comply
with and departmental policy, state, and local laws.

PROCEDURE:
- After securing the scene and all personnel on the scene,
- possible evidence, both traditional (physical) and electronic,
determined whether perishable evidence remains.
1. Secure and Evaluate the Scene Follow the jurisdictional policy to
safeguard the crime scene. This will require ensuring that all
individuals from the immediate area from which evidence is to be
obtained
2. 2. Conduct Preliminary Interviews Separate and identify all persons
(witnesses, Subjects, or others) at the scene and record their location
at time of entry.

TAKE NOTE: On keyboards, the computer mouse, CDs, or other


components, residual fingerprints or other physical traces may be
preserved. Chemicals used in processing latent prints may impair
equipment and data. Latent prints should then be collected after
electronic evidence recovery is complete.
3. Documenting the Scene By documentation of the Scene, a permanent
historical record of the scene is created. Reporting is a continuous
operation throughout the investigation.
PROCEDURE:
Initial documentation of the physical scene:
- Observe and record the physical scene, such as the position of the
cursor and the location of pieces relative to each other

- Document the computer system’s condition and position, including the


computer‟s power status (on, off, or in sleep mode). There are status
lights on most computers that show that the machine is on. Similarly,
the machine is presumably on if fan noise Is detected. In addition, if
the computer device is warm, it could also mean that it is on or has
recently been switched off.

- Identify relevant electronic components that will not be collected and


document them

- Photograph the entire scene as noted by the first responder to create a


visual record. Where possible, the complete room should be captured
with 360 degrees of coverage.

- Photograph the front of the computer as well as the screen of the


monitor and other items. Take written notes on what happens on the
display screen as well. Active programs can require videotaping

Evidence Collection
- A search warrant may include the search for and collection of evidence
at an electronic crime scene. Computer evidence must be treated
cautiously and in a way that maintains its evidentiary value, as all
other evidence. This applies not only to an object or device‟s physical
integrity, but also to the electronic data it holds.

- Recognize that there might be other forms of evidence, such as trace,


biological, or latent prints

STAND-ALONE AND LAPTOP COMPUTER EVIDENCE


- A computer not connected to a network or other computer is a „stand-
alone‟ personal computer.
- All actions you take and any modifications you find resulting from your
actions on the display, screen, printer, or other peripherals
- Make a note of the status of “off.”
- Mark all connectors and cable ends
- According to departmental procedures, record or log facts.
- Package the components as fragile cargo if transport is necessary.
PACKAGING, TRANSPORTATION, AND STORAGE
- Ensure that all electronic data obtained is correctly registered, labeled,
inventorized prior to packaging.
- Pay careful attention to latent or trace proof and take steps to maintain
it.
- In antistatic packaging, box magnetic media (paper or antistatic plastic
bags
- Stop the use of materials, such as regular plastic bags, that can
generate static electricity.
- proper labeling

note: A standard operating procedure (SOP) is intended to assist prosecutors


by providing the procedures and sequential actions to be performed in order
to prosecute cybercrime in a way that guarantees that the information
obtained in a court of law is admissible,

You might also like