In the vast majority of computer related investigations, magistrates allow their seizure. Normally no forensic examination or imaging is performed on-site or via remote access. The computer is seized, packed appropriately, and submitted for forensic analysis at a later date. Investigators are taught and instructed that if they are the first responders, there are certain steps to take to ensure the integrity of potential digital evidence. Their primary goal is to document the scene, locate the evidence to be seized per the warrant, and to search for or identify other potential evidence that may be relevant to the investigation. Investigators that have received basic electronic crime scene training know that if the computer is not on, they do not turn it on. Likewise, if the computer is on, they know not to use it, but rather to photograph or document what is being displayed on the monitor and then unplug the power cord from the computer. For a desktop or laptop computer, this involves removing the power cord from the back of the computer itself. For a laptop computer, the additional step of removing the battery(ies) is commonplace.

From: Before You Pull the Plug by John J. Barbara