Computer Crime & Intellectual Property Section

United States Department of Justice

Searching & Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations

Third Edition
September 2009

CCIPS
Criminal Division

• Preface and Acknowledgments
• Introduction
• Chapter 1. Searching and Seizing Computers Without a Warrant
  • A. Introduction
  • B. The Fourth Amendment's "Reasonable Expectation of Privacy" in Cases Involving Computers
    • 1. General Principles
    • 2. Reasonable Expectation of Privacy in Computers as Storage Devices
    • 3. Reasonable Expectation of Privacy and Third-Party Possession
    • 4. Private Searches
    • 5. Use of Specialized Technology to Obtain Information
  • C. Exceptions to the Warrant Requirement in Cases Involving Computers
    • 1. Consent
    • 2. Exigent Circumstances
    • 3. Search Incident to a Lawful Arrest
    • 4. Plain View
    • 5. Inventory Searches
    • 6. Border Searches
    • 7. Probation and Parole
  • D. Special Case: Workplace Searches
    • 1. Private-Sector Workplace Searches
    • 2. Public-Sector Workplace Searches
  • E. International Issues
• Chapter 2. Searching and Seizing Computers With a Warrant
  • A. Introduction
  • B. Devising a Search Strategy
  • C. Drafting the Affidavit, Application, and Warrant
    • 1. Include Facts Establishing Probable Cause
    • 2. Describe With Particularity the Things to be Seized
    • 3. Establishing the Necessity for Imaging and Off-Site Examination
    • 4. Do Not Place Limitations on the Forensic Techniques That May Be Used To Search
    • 5. Seeking Authorization for Delayed Notification Search Warrants
    • 6. Multiple Warrants in Network Searches
  • D. Forensic Analysis
    • 1. The Two-Stage Search
    • 2. Searching Among Commingled Records
    • 3. Analysis Using Forensic Software
    • 4. Changes of Focus and the Need for New Warrants
    • 5. Permissible Time Period for Examining Seized Media
    • 6. Contents of Rule 41(f) Inventory Filed With the Court
  • E. Challenges to the Search Process
    • 1. Challenges Based on "Flagrant Disregard"
    • 2. Motions for Return of Property
  • F. Legal Limitations on the Use of Search Warrants to Search Computers
    • 1. Journalists and Authors: the Privacy Protection Act
    • 2. Privileged Documents
    • 3. Other Disinterested Third Parties
    • 4. Communications Service Providers: the SCA
• Chapter 3. The Stored Communications Act
  • A. Introduction
  • B. Providers of Electronic Communication Service vs. Remote Computing Service
    • 1. Electronic Communication Service
    • 2. Remote Computing Service
  • C. Classifying Types of Information Held by Service Providers
    • 1. Basic Subscriber and Session Information Listedin 18 U.S.C. § 2703(c)(2)
    • 2. Records or Other Information Pertainingto a Customer or Subscriber
    • 3. Contents and "Electronic Storage"
    • 4. Illustration of the SCA's Classifications in the Email Context
  • D. Compelled Disclosure Under the SCA
    • 1. Subpoena
    • 2. Subpoena with Prior Notice to the Subscriber or Customer
    • 3. Section 2703(d) Order
    • 4. § 2703(d) Order with Prior Notice to the Subscriber or Customer
    • 5. Search Warrant
  • E. Voluntary Disclosure
  • F. Quick Reference Guide
  • G. Working with Network Providers: Preservation of Evidence, Preventing Disclosure to Subjects, Cable Act Issues,and Reimbursement
    • 1. Preservation of Evidence under 18 U.S.C. § 2703(f)
    • 2. Orders Not to Disclose the Existence of a Warrant, Subpoena, or Court Order
    • 3. The Cable Act, 47 U.S.C. § 551
    • 4. Reimbursement
  • H. Constitutional Considerations
  • I. Remedies
    • 1. Suppression
    • 2. Civil Actions and Disclosures
• Chapter 4. Electronic Surveillance in Communications Networks
  • A. Introduction
  • B. Content vs. Addressing Information
  • C. The Pen/Trap Statute, 18 U.S.C. §§ 3121-3127
    • 1. Definition of Pen Register and Trap and Trace Device
    • 2. Pen/Trap Orders: Application, Issuance, Service, and Reporting
    • 3. Emergency Pen/Traps
    • 4. The Pen/Trap Statute and Cell-Site Information
  • D. The Wiretap Statute ("Title III"), 18 U.S.C. §§ 2510-2522
    • 1. Introduction: The General Prohibition
    • 2. Key Phrases
    • 3. Exceptions to Title III's Prohibition
  • E. Remedies For Violations of Title III and the Pen/Trap Statute
    • 1. Suppression Remedies
    • 2. Defenses to Civil and Criminal Actions
• Chapter 5. Evidence
  • A. Introduction
  • B. Hearsay
    • 1. Hearsay vs. Non-Hearsay Computer Records
    • 2. Confrontation Clause
  • C. Authentication
    • 1. Authentication of Computer-Stored Records
    • 2. Authentication of Records Created by a Computer Process
    • 3. Common Challenges to Authenticity
  • D. Other Issues
    • 1. The Best Evidence Rule
    • 2. Computer Printouts as "Summaries"
• Appendices
  • A. Sample Network Banner Language
  • B. Sample 18 U.S.C. § 2703(d) Application and Order
  • C. Sample Language for Preservation Requests under 18 U.S.C. § 2703(f)
  • D. Sample Pen Register/Trap and Trace Application and Order
  • E. Sample Subpoena Language
  • F. Sample Premises Computer Search Warrant Affidavit
  • G. Sample Letter for Provider Monitoring
  • H. Sample Authorization for Monitoring of Computer Trespasser Activity
  • I. Sample Email Account Search Warrant Affidavit
  • J. Sample Consent Form for Computer Search
• Table of Cases [PDF]
• Index [PDF]