One of the first steps in identifying evidence is understanding the purpose of the investigation. This knowledge will help you to decide what evidence you will need based on the type of case you’re participating in. A critical part of identifying evidence if it is a criminal investigation would be to know what is allowed on the search warrant. As the Computer Forensics Jumpstart we are using for our textbook, seldom is “take everything” allowed (Solomon et. al, 2011, Loc 2332). Even if the investigation does not involve a search warrant, care must be taken to operate within legal guidelines because ANY investigation may “end up as prime evidence for lawsuits in the future” (Solomon et. al, 2011, Loc 2341).
The second step in identifying the evidence is to take a look around. Perform a site survey (Solomon et. al, 2011, Loc 2351). Take pictures, make notes, sketch the area and make sure you have enough information to describe the area in detail should you need at some future date (Solomon et. al, 2011, 2361). Take note of what you see and what you think it means. You will look at the usual laptop or computer and at the hard drive and other portable storage devices of course, but remember to look beyond the obvious. The textbook uses the example of seeing a high-speed scanner and a credit card reader (Solomon et. al, 2011, Loc 2389) and thinking about what possibilities these items would be used for. Credit card readers are now available for iPhones and iPads and are quite portable (as small as 1” x 1”) and affordable