Scope, legality, warrants and common practice in LE
I am a student of cybercrime forensics and trying to wrap my head around issues of legal nature and common practice within LE labs. More specifically we have a key issue that has been raised with regards to scope and legal operations and how it differs between regions. I would like to get advice from people who have worked/work in LE forensics labs.
There is a vast amount of information with regards to court rulings in US with regards to what investigators can search for when investigating personal computers. What I’m trying to understand is whether same judgement can be inferred in legal decisions in Europe (Ireland) and common practices within labs. Supreme courts in Ireland suggest that entire email accounts cannot be seized to sift through later.
An example of a case to discuss. We have warrant to search for a username and CP, all storage media, phones, laptops were seized and submitted for forensics. One of the laptops X (Running windows, unencrypted, with a single user) and another laptop Y (running Mac, FV encrypted, with single user). RESULTS Laptop X is searched comes out clean. Laptop Y cannot be imaged or searched as none of passwords provided open the container and user ‘forgot the password’ as it’s been 2 year the case has been in backlog.
Following common practice and noting legal issues what are the next steps. What are the legal ramifications of this next step? Under EU Law Enforcement Directive is it ok to go through personal data (passwords) even though it is clean?