Printouts containing phone numbers, credit card numbers, or any string of numbers which may be access codes. Also look for names of bulletin boards (BBSs) which may reveal data caches.

Pads of paper. In addition to strings of numbers and BBSs, look for passwords.

Evidence identifying the user of the computer (i.e., your intruder). Look for names inside manuals, or on labels affixed to floppy disks.

Evidence of confederates.

Magazines relating to cracking (e.g., 2600).

Computer manuals for the computer used by your victim.

7. Subject to Miranda, interview the suspect.

Ask him whether the computer you find on the premises is rigged.

If you are going to use your suspect to cooperate in investigating his friends, secure his cooperation immediately. A long delay (more than a day) before your "turned" suspect returns "online" may warn confederates that he is no longer their ally.

Kenneth S. Rosenblatt is a prosecutor in the Office of the Santa Clara County, Calif., District Attorney, and this checklist is excerpted from his book, High-Technology Crime: Investigating Cases Involving Computers (KSK Publications, 1995, 603 pp. plus diskette, $69.95; call 408/296-7072 for more information). The book offers step-by-step instruction in investigating crimes involving computers and searching, seizing and analyzing evidence stored within computers.

Here's a

law-enforcement

checklist for

investigating

unauthorized

access to a

computer system.