There is a very simple procedure when it comes to serving a warrant to take a computer. You follow the industry established guidelines and your departments Standard Operating Procedures. As far as what tools I take, that is my little secret. I don't like suprises and I am very careful to make sure I don't get suprised.
I am going to Hijack this thread since I have the same questions... I am a Penetration Tester for my State's Audit Department. We have an allegation that a system needs to be Confiscated. So of course they are looking at my team for action. Like I said I am a penetration tester I am trained in messing with computers to gain information. I am worried about going in and messing something up to ruin the investigation.
cybercop: I understand what you said about following the industry established guidelines and the departments Standard Operating Procedures... But the department has no Standards in a case like this so I am asked to come up with them.
I guess my thing is I am knowledgable enough to know that I could really screw something up but I am not knowledgable to know how not to screw it up...
You'll need some procedures (and rehearse them) pdq. I'd look for the ACPO guide on Digital Evidence, the NIJ guide for First responders, and CERTs (Carnage Mellon) guide to computer forensics. I'm in a rush right now, but if you can't locate them, let me know. I'll get the URLs for you.