Warrant Day! Do's and Dont's

Warrant Day! Do's and Dont's

  • Blog Post
  • Posted on 3 September 2018

By David Kerstjens, Digital Forensics Lead

The Law In Order Forensics Team identify and preserve data for court dictated discovery or investigatory requests. Responding to these requests can raise risks and the job of our Forensics Team is to use defensible preservation methodologies and processes to mitigate these risks and reduce overall costs.

Our Forensic Team use industry standard forensic software and hardware and collect data across a wide range of data sources and devices. The collection and Chain of Custody methodologies are designed to meet requirements for court acceptance.

Our Forensics team have been involved in more warrants that we can remember throughout our careers and we have a great wealth of experience working for law enforcements, governments and the private sectors.

So, what exactly is involved on the day of a warrant?

1.  Early Starts

Typically, you will meet at the pre-arranged rendezvous point around sunrise which means a very early start when you are visiting rural areas.

2.  RVs (Rendezvous)

When the law enforcement (LE) agency arrives at the RV, a secondary briefing is conducted to discuss what is involved, what we are looking for and any concerns that have been identified. If the police are managing the warrant, each member that will be attending the warrant will be sworn in as a constable assist for the purposes of the warrant at that particular site. The LE agency will then depart the RV, attend the site and ensure it is secure and then they will call for the team to attend.

3.  Arriving at the Site

This is the first time, from a forensic perspective, you get to see what you are dealing with. Typically, during a briefing, you will often hear someone say, “It’s a small apartment, I think we’ll be able to wrap it up in an hour or so”. These small apartments generally have more electronic devices than you could ever imagine and the searchers will find boxes at the back of wardrobes containing hard drives dating back to the 60s, each one potentially containing the “smoking gun”.

4.  Forensic Reviews

This is the time-consuming part.  Each device that is identified as potentially relevant, whether it’s a mobile phone, a laptop that has a cracked screen or a box of USBs, needs to be reviewed by the Forensic Team to identify what data is contained on them that can be deemed relevant based on the three conditions of the warrant. These three conditions will consist of a timeline, particular types of files and a general summary of the offence that has occurred. Once relevance has been identified, a decision needs to be made about whether the selective data that has been identified as relevant should be forensically imaged or whether the full device (e.g. a 2TB hard drive) can be imaged. Whilst the lead investigator or law enforcement member may advise you one way or the other, you need to ensure that you are comfortable acquiring the data based on the warrant conditions, as at the end of the day, you could be called to the stand to defend your actions on the day. Throughout this time, you will be asked numerous times how much longer it will take and unfortunately the typical response you will get is, “How long is a piece of string?”. This is your one opportunity to secure electronic evidence. If it is missed in the first instance, it may never be possible to obtain.

5.  Contemporaneous Notes

During your time on site, you need to make sure you note everything you do. Any action you take. Any conversations you have. Anything that you believe you may need to recall in the future to ensure you can maintain chain of custody of the items and can provide an accurate statement relating to your involvement in the investigation.

6.  Time on Site

In our experience, warrants can be done and dusted in less than an hour or maybe not even started if the person of interest isn’t there. There are also some warrants that have taken numerous days and required around the clock attendance.

7.  Leaving a Site

Once the forensic acquisitions have been completed, the hard drive/s containing the forensic images are lodged into the Evidence Register and it’s time to pack up and leave.

Whilst this may all seem daunting, it is an exciting time in an investigation. Several months of preparation that have been put into the matter by the investigators have led to Forensics being involved on the day, potentially with only a few minutes notice, to confirm their suspicions. What you obtain on the day may lead to you getting up in the County Court as an Expert Witness to present your findings.


Share this post