Edit This Page

Devices Seized

Seized devices

Learn what to do if your digital devices are taken.

Learn how to

A missing laptop...

Brenda returns to her office, only to find her laptop missing. She worries that her laptop contains information that could put her sources at risk.
She needs to know what was on the device before it went missing and what security protections were in place. Brenda worries that if she doesn't have a clear view of the damage done, she will not be able to start recovering.

Assess the situation

Appropriate response

How did you lose your device? Was it stolen by another person, taken by a state authority, or did you simply lose track of it? If this is an adversary you need to develop an appropriate response.

Security protections

Were there any strong security protections in place, such as full disk encryption or password protections? This will help you to learn if files on your computer containing sensitive information are secure or not.

Content and contacts

What information was on your device, and what might harm your networks and sources if it gets into the wrong hands? Securely Communicate with your networks to let them know.

Device missing or returned

Is the device still missing) or has it been returned? Be careful as you do not know who has had access to your device. Possibly treat it as if it is now untrusted or compromised.

Think about your content and contacts

Content and documents

What's missing?

Make an inventory of what information was on your seized device. Examples may include files, location data, credit card data and more. This will help you learn about what may have been exposed or stolen.

Is your missing information encrypted?

If you had some of your information encrypted, think about where your encryption keys are and what content you encrypted. This will help you know more about who potentially could read the content of your files and documents.

Did you use encrypted communication?

Did you use encryption tools for email or chat (such as PGP and OTR)? This will help you learn if the content of your communications are secure or not.

Reviewing your passwords

Do your accounts have saved passwords or automatically log in when you turn your device on? Are your passwords saved in your web browser instead of a password manager like KeePassX? If you do, be sure to change you passwords immediately and refer to the Passwords lesson.

What files and other sensitive information was on your device?

Contacts and linked accounts

Who is at risk?

Make an inventory of who was mentioned in the documents on your missing device. Was your address book encrypted? This will help you learn what contacts or networks may be at risk.

Removing linked accounts

What accounts does your device have access to? Examples include email, social media, and messaging services that the device can access. Was your device used for secondary authentication? This will help you determine which accounts you need to change account settings for.

Hidden stories of metadata

Even if you use encryption tools for email or chat, the metadata of who and when you were communicating exposed. Securely Communicate with your networks to let them know.

Remove accounts that were linked to your device

If your device is still missing

Step 1

Remove authorization

When your device has access to accounts (email, social media or web account) remove the authorization for this device for all accounts. This can be done by going to your accounts online and changing the account permissions.

Step 2

Change passwords

Change the passwords for all accounts that are accessible by this device. To learn more about doing this, refer to the Account Hijacked and the Passwords lessons.

Step 3

Turn on 2-factor authentication

Turn on 2-factor authentication for all accounts that were accessible by this device. Please note that not all accounts support 2-factor authentication.

Step 4

Erase data from device

If you have a tool installed on your lost devices that allows you to erase the data and the history of your device, use it.

Change your passwords

If you get the device back

Ask yourself the following 4 questions and assess the risk that your device has been compromised:

1. Time device was gone

How long was the device out of your sight? If you have lost contact with your device for a long time and you feel there is a chance that something has been installed on it, consider the following:


Reinstall the OS from scratch and recover all documents from the last backup and scan all your documents and files with antivirus software. For more guidance on this, see the the malware section.

Phones and tablets:

Depending on your level of risk and how your device was taken, you may not want to use it again. If possible, move all of the data off of your phone or tables and purchase a new one.

Compromised device?

If you cannot change devices but suspect it might be compromised, do not use your phone or tablet for sensitive communication or opening sensitive files. Do not take it to sensitive meetings or have it with you when discussing sensitive topics.

2. Who had it?

Who potentially could have had access to your device? This will help you know whether it was simply lost or if it was taken by an adversary the appropriate response. to take.

3. What did they want?

Why would they want access to it? This will help you know whether the information on your device and your networks might be at risk.

4. Was it tampered?

Are there signs that the device has been physically tampered with? This will help you know whether malware might have been installed on the device and whether or not you should us it again.

Beware of malware!


What is gitbook used for?

To read books To book hotel named git To write and publish beautiful books GitBook.com lets you write, publish and manage your books online as a service.

Is it quiz?

Yes No