Issues in Digital Evidence: Risks, Prevention & Protection

Instructor: Beth Hendricks

Beth holds a master's degree in integrated marketing communications, and has worked in journalism and marketing throughout her career.

Digital evidence is a valuable resource and there are risks associated with it. In this lesson, you'll learn about some risks associated with evidence and approaches to mitigating those risks.

Wiped Clean

It's a smartphone tool we seldom use, but keep in our thoughts if our device was ever lost or stolen. For one woman, she found a way to use it that landed her in hot water with investigators.

Police seized a mobile phone from a New York woman in the days after a drive-by shooting, a crime investigators believed the 24-year-old woman may have been a part of. Getting the young woman's phone wasn't an issue, but securing it was a bit of a challenge.

In the moments after the suspect's phone was recovered by police, the woman used the phone's ''remote wipe'' feature to delete any evidence from the device that might have implicated her in the crime. It led to multiple charges for the suspect and a lesson learned for investigators.

There are risks associated with all types of digital evidence today. In this case, police failed to secure the device by disconnecting it from its cellular and wireless networks, enabling the suspect to take advantage of the situation and wipe her device clean. But, that's not the only risk investigators face when dealing with digital forensic evidence. Let's take a look at some others.

Risks And Challenges Of Digital Evidence

Unlike physical evidence which can be collected and deposited into plastic or paper bags, digital evidence is susceptible to a host of concerns.


As illustrated in our lesson's opening, digital evidence is volatile, meaning it can change quickly. Any changes that occur can compromise the use of the device or the data in an investigation. Something as simple as a routine iPhone update can alter the make-up of the data contained therein.


Have you ever left an electronic device in a hot car? Extreme temperatures can create an environment that can alter both the physical device and its electronic components, sacrificing valuable evidence that may never be recoverable.

Human Error

Failure to properly handle or safeguard electronic components and the digital evidence they may contain can render any data inadmissible in court. That means there must be proper handling, documentation and transporting of these components following an orderly process. Human error may also cause evidence to be unintentionally damaged when it is being analyzed.


Think about all of the data present on your mobile phone alone. From an investigator's standpoint, it presents a labyrinth of potential evidence to sort through. Failure to properly work through all possible file systems and storage components could leave certain data untapped. Huge repositories of data stored on cloud applications may also present a problem in simply identifying its existence.

Hiding Evidence

You may not consider it a risk, but savvy cyber criminals have learned the art of camouflaging digital evidence in a way that it may go completely undetected or require resources not available to the investigating entity.

Mitigating Those Risks

Any or all of these challenges have presented themselves to investigators throughout the past few years, as the volume of digital evidence increases with the proliferation of electronic devices. Steps must be taken to protect evidence from these risks. Consider the following:

Proper Handling

Investigators should adhere to a set of procedures for properly handling digital evidence at the time it is collected, including documenting assets gathered, transporting it in proper fashion (such as not leaving it in a hot vehicle), and knowing key rules for handling it during the investigation phase.

Turning Off (or On)

It's critical for investigators to understand the importance of the ''on/off'' position of an electronic device. A mobile phone that is in the ''on'' position should be turned off and batteries removed to preserve evidence it contains. If that's not possible, all connections, such as wireless, Bluetooth and cellular service should be disabled to isolate the device and prevent data from being changed or erased. Similarly, a device that is powered off should remain off to preserve its data.

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 160 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create An Account