The High Court of Karnataka has issued guidelines to be followed by investigators on how to search and / or preserve the evidence gathered during said search in relation to the smartphone, electronic equipment or email account. .
A single bench of Judge Suraj Govindaraj “It would be in the interest of all stakeholders if detailed guidelines are prepared by the police service with respect to the same thing. Pending such wording, it would be necessary that the following minimum guidelines be implemented. “
The court issued the following directives.
In the case of a personal computer or a laptop.
* When carrying out a search of the premises, with regard to any electronic equipment, Smartphone or e-mail account, the research team must be accompanied by a qualified forensic doctor.
* During a search of the premises, the investigator should not use the computer or attempt to search a computer for evidence. Computer use and / or research should be carried out by a duly authorized and qualified person, such as a duly qualified forensic examiner.
* At the time of research, the location where the computer is stored or kept should be photographed in such a way that all wire connections including power, network, etc., are captured on that (ies) photographs.
* The front and back of the computer and / or laptop when connected to any on-the-go peripherals.
* A diagram should be prepared showing how the computer and / or laptop is connected.
* If the computer or laptop is in power off mode, it should not be turned on.
* If the computer is on and the screen is blank, the mouse can be moved and as the image appears on the screen, a photo of the screen will be taken.
* If the computer is on, the investigator should not turn off the computer. As far as possible, the investigator secures the services of a computer forensic expert to download the data available in the volatile memory that is to say the RAM since said data would be lost when the power is turned off. from the computer or laptop.
* If the computer is turned on and connected to a network, the investigator secures the services of a medical examiner to capture volatile network data such as IP address, actual network connections, network logs, etc.,
* The MAC address must also be identified and secured. In the unlikely event that the forensic expert is not available, unplug the computer, pack the computer and wires in separate Faraday cases after labeling them.
* In the case of a laptop if removing the power cord does not stop the laptop to locate and remove the battery.
* If the battery of the laptop cannot be removed, turn off the laptop and pack it in a faraday bag in order to block all communication with said laptop, as most laptops today have communication wireless enabled even when the laptop is in the mode holder.
* Seizure of networked devices: Apart from the above measures taken with regard to seizure of the computer, laptop, etc., if said equipment is connected to a network:
* To check if said equipment is connected to remote storage devices or shared network drives, if applicable, enter remote storage devices as well as shared network devices.
* To enter wireless access points, routers, modems, and any equipment connected to such access points, routers, modems which may sometimes be hidden.
* To check if an unsecured wireless network is accessible from the location. If so, identify the same and secure the unsecured wireless devices, as the accused may have used the unsecured wireless devices for help.
* Find out who maintains the network and identify who manages the network – get all the details about the operation of the network and the role of the equipment to enter from this network manager.
* Obtain from the network manager, the network logs of the machine to be searched and / or entered in order to know the accesses made by said machine on the network.
For mobile devices: Mobile devices would include a smartphone, mobile phone, tablet, GPS units, etc., during the seizure of any of the mobile devices, except for actions taken Regarding a computer and / or laptop, the following additional steps to be taken:
* Prevent the device from communicating with the network and / or receiving wireless communications via wifi or mobile data by packing them in a faraday bag.
* Keep the device charged for the entire time, because if the battery discharges, the data available in the volatile memory could be lost.
* Look for thin slots, remove the sim card to prevent access to mobile network, pack the sim card separately in a faraday bag.
* If the device is in power off mode, the battery can also be removed and stored separately.
* If the device is on, put it in airplane mode in Android device or in airplane mode in IOS device.
* In all of the above cases, the seized material should be stored as much as possible in a dust-free and temperature-controlled environment.
* During the search, the investigator seized all electronic storage devices such as CD, DVD, Blu-Ray, USB key, external hard drive, USB keys, SSD drives, etc., located on the premises, label and pack them separately in a faraday bag.
* Computers, storage media, laptops, etc., should be kept away from magnets, radio transmitters, police radios, etc., as they could have a negative impact on the data on said devices.
* To search the premises for instruction manuals, documentation, etc. as in said place.
* The entire process and procedure followed must be documented in writing from the time of the entry of the investigation / research team into the premises until their exit.
Read also (other relevant decision of the same judge): Investigative Agency Cannot Keep Accused’s Social Media Platform Username / Password: Karnataka High Court