Written by Steve Watson
collected on crime scenes be biohazardous to the teams processing the evidence?
CRIME SCENES come in a variety
of flavors. The scenes may reveal conditions as varied as breaking and entering
with grand larceny, to complex homicides with multiple victims identified
postmortem. We are all familiar with the crime scene collection protocols
requiring personal protective equipment (PPE) to protect the crime scene from
any unintended alteration during the investigation. The PPE serves a beneficial
dual purpose of protecting crime scene personnel from biohazardous conditions
they may encounter on-scene.
But what happens when this
evidence is taken back to the laboratory for processing?
Evidence collected from crime
scenes may have been exposed to conditions that are biohazardous to the teams
processing the evidence items. Potential biohazards include bacteria, viruses,
bloodborne pathogens, hazardous chemicals, drug residue, and, in some instances,
chemical or biological weapons. These devices may be handled by various teams
in a criminal investigation laboratory without adequate warning of the
biohazardous contaminants that exist on the device.
In traditional wet forensic
laboratories, we observe the adherence to PPE protocols to prevent
contamination of the trace evidence that may exist on the evidence items. This
precaution serves the additional benefit of protecting lab personnel that may
be handling items contaminated with blood, DNA, decomposing human remains, and
other biological material that could be potentially biohazardous.
We can also observe strict
adherence to PPE in laboratories conducting drug analysis. These teams are
well-versed in the exposure risks of different natural and synthetic opioids.
Their discipline for PPE extends beyond simply introducing contamination into
evidence samples but very real risks to the laboratory personnel if proper
protocols are not observed.
There is a team in many forensic
laboratories that exists as a risk outlier alongside the other practicing
forensic scientists. After the wet and trace forensics have been conducted and
evidence is finally passed to the digital forensic teams, the risk of evidence
contamination exists but the nature of this risk changes.
Digital forensic scientists risk
the contamination of data inside of the devices rather than the physical and
trace characteristics to which the evidence has been exposed. Digital forensic
science goes to exceptional lengths to ensure the data is not altered during
examination, but historically it has been presumed that the biohazard risks to
the digital forensic personnel is minimal. A review of the processes employed
in most laboratories reveals that this presumption is likely inaccurate.
Digital forensics personnel may
receive computers and other electronic devices that have been exposed to
biohazardous conditions without the warning that these devices may be
contaminated. Additionally, many digital forensics labs have little more than
gloves for handling devices. Crime scene investigators as well as wet forensics
teams recognize other types of PPE may be required—including eye protection, masks
or respirators for inhalation risk, and protective coverings to prevent
dangerous material from landing on skin or clothing.
Why does this discrepancy exist?
Dr. Edmond Locard (1877–1966)
formulated a guiding principle of forensic science that “Every contact leaves a
trace.” This principle has guided evidence handling and crime scene
investigation for generations.
As we look to the traditional
forensic sciences, including crime scene investigation and wet and trace
forensics, we readily see the influence of this principle on the handling of
evidence and proximity to a crime scene. In this context, PPE historically
prevents the investigators from introducing trace evidence at a crime scene. As
a matter of example, hair, DNA samples, or trace fibers from clothing may alter
the unadulterated crime scene.
This same principle shifts to
the laboratory where PPE is primarily used to protect the evidence from any
unintended alteration during the evidence processing and testing. Images of wet
and trace forensic teams in a laboratory frequently display them wearing full-coverage
PPE, including protective clothing, masks, gloves, and eye protection.
When we look to the digital
forensic scientists, the mechanisms to protect against data alteration are not
PPE. These mechanisms include write blockers to prevent the unintended data
from being introduced, faraday containers to prevent radio frequencies from
interacting with the devices, as well as defined processes and methodologies to
investigate the data without the risk of data alteration.
All three categories of forensic
scientists recognize and employ methods to prevent risk of evidence alteration,
yet digital forensic scientists exist as an outlier as the data at risk for
them is 1s and 0s inside the electronic device.
Is there a risk that evidence
might not be processed because of the biohazard risks?
While investigating the risk
associated with biohazard exposure to digital forensic science personnel, we
learned that some laboratories working in the digital forensic space may deem
evidence “too risky” to touch because of the biohazard risks. We have found
some laboratories with strict policies of exclusion regarding touching devices
exposed to bloodborne pathogens. Some laboratories may simply process the trace
and wet forensics yet leave the digital evidence investigation in a long-term
hold pattern because they do not know how to safely clean or interact with the
This possibility expands further
when we include devices exposed to extremely life-threatening substances like fentanyl.
While narcotics teams and illicit drug chemists or investigators know how to
safely interact with these devices, digital forensics teams are woefully
unprepared for the risk to life if they touch devices exposed to fentanyl
without the requisite PPE to safely protect themselves.
If biohazard contaminated
devices reach a dead end in the investigation because of the risk of device
handling, is there data on these devices that could help solve investigations?
Are there cleaning and handling processes that could be employed to make the
devices safe for data retrieval?
How is ‘biohazard’ defined in
relation to crime scenes or contaminated evidence?
A quick review of known safety
guidelines makes it clear that forensic science personnel supporting law
enforcement investigations may easily come in contact with contaminated
evidence exposed to a variety of biohazards.
The U.S. Occupational Safety and
Health Administration (OSHA) defines “Contaminated” as “the presence or the
reasonably anticipated presence of blood or other potentially infectious
materials on an item or surface.” Bloodborne pathogens are defined as “pathogenic
microorganisms that are present in human blood and can cause disease in
humans.” OPIM or “Other Potentially Infectious Materials” includes a variety of
human body fluids, “any unfixed tissue or organ (other than intact skin) from a
human (living or dead) or HIV- or HBV-containing cells, tissue cultures, organ
cultures, culture medium, blood, organs, or other tissues from humans or
animals infected with HIV and HBV.
The National Institute for Occupational
Safety and Health (NIOSH) outlines extensive recommendations for the safe
operating procedures, personal protective equipment, and job categories which
may be exposed to illicit drugs, including cocaine, methamphetamines,
cannabinoids, cathinones, and opioids such as fentanyl and heroin. The guidelines
explicitly call out the risks to law enforcement personnel conducting routine
duties, as well as investigation and evidence collection.
These previous two descriptions
do not even introduce the expansive list of toxic and hazardous substances
including hazardous chemicals, toxics, and reactives outlined in OSHA standards
(OSHA 1910.119 App A) that may exist in outlier investigations conducted by
large law enforcement investigative organizations.
If bloodborne pathogens, OPIM,
and illicit drug residue may reasonably exist on contaminated evidence, should
we not ensure that all personnel interacting with these risks be eligible to
receive the same disclosure and access to PPE to protect themselves, their
colleagues, and their families?
Can biohazard contaminated
evidence be decontaminated?
Robust protocols exist for the
cleanup of biohazard waste. These methodologies have been employed in a variety
of situations, including crime scene cleanup, decontamination after an exposure,
and even rigorous protocols employed in healthcare to clean environments to
protect patients and staff. Could these same protocols be applied to evidence
after the requisite wet and trace forensics are completed?
During our investigation of this
topic, we sought to clean electronic devices exposed to biohazardous substances
to render them safe for handling by digital forensic personnel. Our testing
included bloodborne pathogens, OPIM from post-mortem embedded electronic
devices, as well as toxic chemicals frequently found in meth laboratory
environments. We utilized chemicals and methodologies known to decontaminate
the pathogens and chemicals, but the techniques had never been applied to
Do the chemicals and processes used to clean bloodborne pathogens, OPIM, and drug residue damage electronic
The short answer is no. We don’t
have to reinvent the wheel of “how to decontaminate”. The scientific question
in this proposition is whether known decontamination solutions affect digital
devices in a manner that would damage the data inside.
The chemicals and processes
known to clean these biohazardous materials did not damage the electronic
devices to the point where digital investigation was prevented. We were able to
conduct routine digital forensic data acquisition from these devices including
computers, tablets, USB drives, drones, and hard drives.
Chemicals and processes known to
decontaminate biohazardous risks can be tested on non-evidentiary devices to
determine the viability of data recovery.
How else can this discovery aid
in the investigative process?
We readily see that crime scene
investigators, as well as wet and trace forensic scientists, employ the
requisite PPE to keep themselves safe while not introducing risk to the
integrity of the evidence. Digital forensic scientists can benefit from access
to and appropriate training for PPE, as well as the relevant detail on whether
the evidence may have been exposed to biohazardous conditions.
Are there other personnel in the
investigative process who may also benefit from PPE availability and training?
Should notification that evidence may have been exposed to biohazardous
conditions be mandatory for evidence intake? Should labs be trained that a
possibility of decontamination of this evidence exists?
Additional personnel could include
evidence storage technicians or firearm and toolmark scientists. For these
personnel, the wet and trace evidence tasks may have been completed—yet
additional handling and testing may be required that could put them in contact
with the potentially risky evidence.
If evidence could be decontaminated
for safe handling after the initial wet and trace forensics are completed,
perhaps risk could be reduced throughout the investigative organization.
Techniques, best practices, and
decontamination solutions exist that can safely decontaminate physical and
digital evidence from bloodborne pathogens, other potentially infectious
material, and illicit drug residue. We no longer need to risk the health and
safety of our personnel or exclude potentially risky evidence that may be vital
for our investigations. Decontamination of biohazard-exposed digital (and
physical) evidence is now a possibility.
About the Author
Watson is the founder and CEO of VTO Labs. His research and
specialization is embedded device hardware forensics. Watson is the chair of
Forensics Committee for the Scientific Working Group on Digital Evidence
(SWGDE). Watson and VTO Labs spend their time getting data off of new
technology and extremely damaged devices.