Electronic Search Warrants

Identify at least two considerations that must be addressed when developing a search warrant application during an investigation of computer-related crime. How does a single crime scene or multiple crime scenes affect cyber investigations?

Considerations that have to be addressed when developing a search warrant for the investigation of a computer related crime are; evidence that a crime has occurred, a description of the evidence to the crime that will be seized and the location of the evidence (Taylor, Fritsch, Liederbach & Holt, 2011, pg. 247). These considerations might not be problematic to most people who have watched a few crime shows on television, but when they are required for a computer based crimes they tend to multiply the level of difficulty dramatically. In the physical realm there is always some visible or measurable evidence that a crime happened. However, this is not always the case in the digital realm. Well, at least not immediately. An example of this would be the OPM data breach, the wholesale theft of thousands of current and former federal employees’ personal information. In this instance it took at least four months from the time malicious cyber actors penetrated the OPM system for them to be discovered (Sternstein & Moore, 2015, para. 4). This delay from the time that a crime is perpetrated to the point that it is discovered only increases the chance that the perpetrator will get away with it. In a computer based crime how do you show the existence and describe the evidence of a crime? In an incident such as the spread of child pornography on the internet there may be evidence, but in a case of stolen personal information where an individual’s weak personal security practices lead to the loss it will be much more difficult to pinpoint the evidence. Finally and probably the most difficult proposition in computer crime search warrants is the location of the evidence (Taylor, Fritsch, Liederbach & Holt, 2011, p. 247). If your credit card information was stolen from you through your connection to an open wireless router at a coffee shop, where is that evidence, on a phone, a tablet, a laptop, a piece of paper? This was obviously a sensationalist question meant to prove a point however computer related crimes leave different trace evidence and primarily the crimes of this type committed using original code will attribute an incident to a person or group.

When discussing single location versus multiple location or network-based crimes it is important to understand that the jump from single to multiple locations increases the complexity on a massive scale (Taylor, Fritsch, Liederbach & Holt, 2011, pg. 247). Single location crime scene search and seizure is more fundamental to a law enforcement officer, being similar to a traditional crime investigation, differing in procedure primarily with regard to evidence collection and storage (Taylor, Fritsch, Liederbach & Holt, 2011, pg. 247). Multiple location and network crime scenes can contain evidence on multiple platforms (computer, tablet, removable media) and on multiple parts of networks (Taylor, Fritsch, Liederbach & Holt, 2011, pg. 255). To make matters worse, the law enforcement practice of minimization requires minimal intrusion to the operation of the network being searched (Taylor, Fritsch, Liederbach & Holt, 2011, pg. 255).


Sternstein, A. & Moore, J. (2015). Timeline: What We Know About the OPM Breach (updated). Retrieved from

Taylor, R. W., Fritsch, E. J., Liederbach, J., & Holt, T. J. (2011). Digital crime and digital terrorism (2nd ed.). Upper Saddle River, NJ: Pearson.