Digital evidence is information and data of great value that aids an investigation. This evidence can be stored on, received, or transmitted by an electronic device. Digital evidence can include photographs, cell phones, the text messages on a cell phone, emails, information and data stored on hard drives, social media profiles and interactions, voice recordings like voicemails and more (Mukasey et al., 2008). This type of evidence is something that creates a solid evidence profile for cases. This type of evidence can also be easily altered, damaged or destroyed completely during any stage in the investigation, collection, preserving, or storage phase. The very first thing to think about when collecting digital evidence is to ensure that there is a search warrant issued.
Since it can be fairly easy to tamper with this type of evidence, first responders will first need to ensure that photographs of this evidence is collected by forensics. Documentation includes photographing, and sketching all wires, cables, and devices that are connected to the device upon collection of the devices (Digital Evidence: How It’s Done, 2013).Evidence is collected by seizing such devices, and extracting the required data. The preservation of digital evidence is done by copying and photographing data that is in plain view. Plain view means that any documents or data that is already pulled up and readily available on the device being searched and seized (Digital Forensic Process—Preservation /Collection, 2017). In order to preserve this data being collected, investigators must prevent contamination. To do this forensics must ensure that there is a working copy of the original storage device to prevent potential loss or tampering.
Forensics may also install special software to devices such as encryption methods to prevent easy access, or hacking (Digital Forensic Process—Preservation / Collection, 2017).The storage of devices is also a vital piece of the investigation. If evidence isn’t properly stored this can raise the possibilities of contamination, tampering, or loss of evidence. In order to store evidence, forensics or other investigators must copy all data onto a hard copy CD, hard drive, or database that is encrypted. A hard copy CD can be the most efficient way of storing as there is a less likelihood of the data being erased. Although, it is important to explore copying data on to multiple devices to ensure there are backups in the event data goes missing. Like most things, there are legal challenges with data being searched and seized. As stated previously, before there can be any search and seizure of digital evidence there must be a search warrant issued. Without this, investigators have the chance of not being able to get this device and its contents in time legally, and if said devices are already seized then there is the