When seizing a computer that is operational, what should the seizing party generally avoid doing?

In the context of seizing an operational computer, the primary objective is to preserve the integrity of the data and ensure that any potential evidence is not compromised. When the seizing party avoids searching for evidence on the computer before proper procedures are followed, it helps maintain a clear chain of custody and ensures that all evidence is preserved in its original state. Searching through files and programs may inadvertently alter or damage data, making it more challenging to use as evidence later in an investigation.

Taking screenshots is often a best practice to document the state of the computer and its contents without altering any data, and disconnecting or turning off the computer may lead to data loss or changes in volatile memory, which can contain relevant information. Therefore, refraining from immediate searches is crucial for a thorough and legally sound investigation.