Laws governing electronic evidence in criminal investigations have two primary sources: The Fourth Amendment and privacy laws. Why is familiarity with these laws important to the forensic examiner?
The relevant laws require proper warrants before electronic evidence can be seized and processed. Legislation at both the state and federal levels criminalizes hacking systems directly and via telecommunication infrastructure, wiretapping/sniffing both voice and data, using a computer for child exploitation, etc. In addition, organizations may have their own proper use policies that provide a basis for an internal investigation of electronic evidence from one or more employees.
It is important at every phase of the digital forensics investigation process for digital forensics examiners to consider their search authority and any limitations imposed by the courts or by law on their ability to search mobile devices, including various applications of state criminal and civil statutes.
References
Office of Justice Programs, National Institute of Justice, US Department of Justice. (2007). Investigative uses of technology: Devices, tools, and techniques. National Institute of Justice. Retrieved from https://www.ncjrs.gov/pdffiles1/nij/213030.pdf
Resources
See the section "Legal Considerations" on page 9 of Forensic Examination of Digital Evidence: A Guide for Law Enforcement.
If evidence is located that was not authorized in the original search authority, determine what additional legal process may be necessary to continue the search (e.g., warrant, amended consent form). Contact legal advisors for assistance if needed.