The Fraud Examiners Manual lists required steps before seizing evidence:
Obtain legal authority.
Review privacy issues.
Ensure software/hardware are validated.
Document surroundings, inspect for traps, image drives, etc.
There is no requirement to assemble a team exclusively of outside experts.
Before seizing evidence in a digital forensic investigation, the 2014 International Fraud Examiners Manual outlines several critical steps:
“Before obtaining evidence, ensure that there is legal authority to seize evidence and review the data associated with the evidence. This might require obtaining a warrant in a criminal matter or ensuring that internal policies authorise seizure for an internal investigation.”
“Before the fraud examiner can seize evidence, he must take certain steps to help ensure that the evidence will be admissible: He must determine whether there are any privacy interests in the item(s) to be searched… In every case where it becomes necessary to seize a computer or other device capable of storing digital evidence, the investigator should consult with legal counsel.”
“It is important to allow a trained examiner to conduct a proper seizure and examination of digital evidence to help ensure that the information can be used in a legal proceeding.”
✅ These are all valid required steps.
In contrast, the idea that the team must be composed only of outside digital forensic experts is NOT a required step. The Manual stresses flexibility in team composition:
“Some organisations have their own in-house personnel… while others might prefer the use of an outside examiner. Sometimes retrieving digital data is as easy as searching the target computer’s hard drive, but other times retrieval requires a thorough knowledge of computers.”
Thus, requiring only outside experts is not a standard step, since investigations may use internal, external, or a mix of specialists depending on the situation.
