- When seizing CD-ROMs, or diskettes, they should not be bent, a new set of draft standard operating procedures on digital evidence for police say.
- And a cellphone that is seized while turned on should be kept powered up, in an era of remote-wiping.
- The rules are for the implementation of the new Cybercrimes Act, which introduced new offences, and some new rules on evidence.
- For more stories go to www.BusinessInsider.co.za
Some forms of physical evidence that carry digital information can be volatile, new draft rules for the police warn, and so should be treated with care.
"Do not fold, bend, or scratch storage media such as diskettes, CD-ROMs, and tapes," caution the draft of what is formally known as the Standard Operating Procedures for the Investigation, Search, Access or Seizure of Articles in terms of Section 26 of the Cybercrimes Act, No. 19 of 2020, published for comment late last week.
That is one of the more peculiar pieces of advice in a document aimed, in part, at SA Police Service (SAPS) members that may not be overly familiar with technology.
The Cybercrimes Act has been partially in operation since December, creating new cybercrime offences and creating mechanisms for digital evidence to be handled and preserved.
The usual principles of gathering evidence apply, the draft rules warn, but when it comes to cybercrimes, the "items" to be seized may have unique characteristics that include being volatile, possible to destroy through normal use, and being "invisible to the untrained eye".
Police dealing with digital evidence can bring in a specialist civilian investigator. Still, the same rules apply to such civilians, and police officers remain ultimately responsible for everything from gathering evidence to maintaining the chain of custody.
The Cybercrimes Act and the operational rules provide for a range of ways of seizing information, including with or without a warrant, if justified, when someone is arrested, and voluntary disclosures from third parties who control data.
Though the importance of data held in data centres and the like is acknowledged, much of the rules deal with laying hands on physical storage, with advice such as "[w]henever possible, transport the collected articles in the original packaging".
"Certain types of articles are fragile and could be sensitive to temperature, humidity, physical shock, static electricity, magnetic sources, and even to some operational functions (e.g. switching on/off)," says the operating procedures elsewhere.
That leads to the injunction to "[l]eave cellular, mobile, or smart phone(s) in the power state (on or off) in which they were found."
The is no advice on how to prevent a powered-up phone from remaining connected to the internet, from where many smartphones can be securely wiped, using tools intended to protect their owners in case of theft.