Cyber-Evidence, a Whole New World of Digital Evidence

Handling electronic evidence is a different and paramount task compared to the bagging and tracking of evidence in the past. 

When the question of collection, acquiring, and preserving electronic data comes into play, the department needs to have a strong data evidentiary process. 

Some key points that our customers have shared with us regarding this area:

1. Clearly document the status of the data device.  This can seem obvious but often more attention is paid to the device’s contents rather than the condition.  A previous damage, user altered appearance, etc. track these descriptors just as you would the description of a physical piece of evidence.  This data can be stored in ARMS so that it follows the record and can easily be tracked/updated.
2. Get Experts Involved, as, with most things, it is best to know what your department’s responsibilities are when data analysis requires experts and professionals.
3. Property should ALWAYS follow a type of chain of custody. Luckily, ARMS Property’s check-in/check-out process allows the department to track any changes in property status for later data retrieval.
4. Try to keep any device that is storing information in its current status as best as possible. This includes the power status (for battery-powered devices, keeping them on; for corded devices, keeping them plugged in).
5. The same principles apply to securing your evidence, electronic or physical: leaving property unattended, not storing evidence in open areas, low to no physical security for property storage. These items are just as important, no matter the format of evidence.
6. Copies are important. Working on data contained on devices, maintaining an original untouched copy is key to maintaining important items like Metadata.
7. Original electronic evidence is best kept ‘off the grid’. Storing original copies in network available sources, even secure network sources can still leave openings for accidental data loss.
8. Much like the backups for your departmental ARMS data, you will need to consider long-term data storage options. Maintaining disc libraries is becoming more obsolete so the department may need to consider other off-site options for data storage.
9. Audit your electronic evidence just like you would physical items.
10. Stay on top of evidence recording features. After major changes over the past couple of years, ARMS now includes the ability to “Relocate”, “Destroy”, and “Release” property among other features.
    Ensuring that you are staying up to date with your ARMS upgrades will also ensure that your department has access to the latest Property/evidence features.