Search Warrants for Digital Forensics:  What to Request and What is Covered?

The search warrant for a device in a digital forensics case must be specific as to the digital data which is being sought.  For example, if a search warrant for digital evidence covers e-mail messages, but the forensics examiner also uncovers items from the users photo library, those items might not be covered by the search warrant.  A search warrant affidavit must include a reason it is suspected that the device contains digital evidence.  The officer stating that “in their experience” certain crimes involve phones is usually not specific enough to support a mobile phone warrant. Also, keeping forensic images of hard drives for later use is considered outside the scope of the original warrant.  (See U.S. v. Ganias, 755 F.3d 125 (2d Cir. 2014)).  Some warrants might be specific regarding the destruction of a device after it has been searched.

For more information IRIS LLC DECAM White Paper and Digital Evidence Innocence Initiative