“As fraud investigators, CFEs, financial crime investigators, you have got a big responsibility,” Dr. Graeme Edwards, CFE, AAICD, Director of CYBERi Pty Ltd, told attendees at the 2018 Fraud Conference Asia-Pacific. He was referring to the fraud examiner’s responsibility to know the right procedures to document and preserve evidence so that it is permissible in court, specifically when dealing with volatile digital evidence. In his session, “Navigating the Digital Crime Scene,” Dr. Edwards provided applicable, real-life advice on how a digital crime scene should be processed and worked.

Attendees walked away with several items to add to their investigator’s toolkit, plus Dr. Edwards shared a multitude of case studies to highlight how he’s used the tools throughout his career in law enforcement. Here are five elements you can implement in your investigations right now.

When walking into any crime scene, always take care of safety first.
The first question you want to answer when walking into any crime scene is, “What can hurt us in this room?” Are you conducting a search in someone’s home? Although it is usually not by design, it is common to end up speaking to a suspect in the kitchen. This is a room where many household items such as knives can be used as weapons. As you enter any room, particularly the kitchen, team members should always carry out a continual threat assessment and remove any items which can be used as weapons. Exposed power leads may also pose a threat. Dr. Edwards offered this sobering thought to attendees, “Even in a nice, lighted office with air-conditioning, a cornered person may make bad decisions.”

Photograph everything.
“As soon as you arrive on a scene, get your video out,” he advised. If you find $100,000 worth of cash in 50s and that cash is seized, record every single note, including the serial number with the video recorder. It’s a tedious job, yes, but you need to be able to prove, two years down the road, that the cash in evidence is the exact same cash that was seized on the scene. This methodology applies to everything in a crime scene — computers, telephones, USB drives, servers, routers, cell phones, sticky notes, things in drawers. Get any serial numbers available. Two years later, should your matter proceed to a court, something you didn’t even notice might become relevant.

Use a digital camera, not your smartphone.
Dr. Edwards advised attendees to buy a digital camera with video capabilities to document every crime scene. Don’t use a personal or company smartphone because when you’re presenting evidence in court, an opposing party could request a digital copy of the phone in order to prove that the photographs and videos haven’t been tampered with. Then they may have your personal photos and information. This is not the case in every legal jurisdiction. However, it is a good process to use a designated device.

Your job is to know and understand what you’re doing.
This sounds pretty basic, but it’s still an important point to cover. Some digital evidence can be destroyed just by turning off a computer. You must know what can be accidentally destroyed and what can be preserved. If you don’t know, have someone on your team who does. Later on, the court will want to see that whoever is doing a certain task is qualified to do it.

Keep a record of your decision-making process.
Any time you make a decision, record your reasons for doing so. If you find out later that it was the wrong decision, you can explain why it was the right one at that specific time with the information that was available at that time. Also, you can demonstrate that the decision was made in good faith.

Edwards’ biggest point, one that he reiterated several times throughout his session, was that you’ve got to handle every crime scene — whether it’s physical or digital — as if your evidence will eventually end up in court. “We all want to find the bad guy,” he said, “and as CFEs, you might be called in. You might find a fraud.” He described how you might gather and use your evidence to come to a conclusion on who committed the fraud. Maybe it’s a laptop. Maybe it’s a phone. Maybe it’s the servers used to store data that are in a completely different country. Whatever it is, you use your digital evidence in the case, and two and a half years later, you may find yourself sitting in the witness box. Everyone’s looking at you, asking you to walk through your investigation step by step, asking you why you did what you did, what you knew at the time and why you did not do something else.

“That is the reality of being an investigator,” Dr. Edwards stated with a sense of stalwart equanimity. “The day might come where you have to sit in a court and justify your actions. Whether you’re ex-law enforcement or not, sitting in the witness box can be a very lonely place.” With the proper handling of digital evidence, you set yourself up as a knowledgeable, ethical and trustworthy witness.