Abstract
Everyday law enforcement officers are executing search warrants and encounter digital devices that form part of the evidence. Agencies are now training first responders to handle upper level searches for relevance, prior to seizure. However problems exist, that this may not locate evidence in a cloud, a container or even a virtual machine. This evidence is essentially volatile in that once the device is turned off, connectivity with the cloud will be lost, encrypted containers will close, virtual machines will cease to operate and drive encryption will be invoked. The once accessible data may now become beyond reach of digital forensic staff, when the credentials to access the data are unknown or not available. This paper has focused on scene actions that need to be considered when staff, specifically first responders are confronted with a device, that could contain evidence that could be lost if the device is shut down.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
