The landscape of potential seizure environments is complicated and variations are nearly infinite. The level of knowledge of the on-scene responders includes a wide range of skills and abilities. Because the seizure process will be greatly impacted by the particular hardware and software arrangements and knowledge of the on-scene responder, it is not possible to present one correct way to seize digital evidence, unfortunately. What does exist is a continuum of methods mapped against the complexity of the scene versus the skill of the responders.

There are, however, basic threads that tie any seizure process together. The first thread is that you must be able to explain what steps you took to arrive at a particular destination. It does not matter if you come out of a building with a floppy disk or an entire network, you should be able to replicate each step in the process. If you were presented with an exact replica of the scene, you should be able to refer to your notes and do everything exactly the same from arriving on-scene, to collecting the evidence, to walking out the door. In order to achieve this level of enlightenment, there are two sub-threads: (1) Document everything and I mean everything. Have one person process the scene while the other one writes down every single, mind-numbing step. The documentation should be as complete as practically possible. If one is working alone in the seizure process, consider using a voice recorder and...