Published on May 12, 2014 by David Acton’s Cyber Militia
• records of Internet Protocol addresses used; records of Internet activity, including firewall logs, caches, browser history and cookies, “bookmarked” or “favorite” Web pages, search terms that the user entered into any Internet search engine, and records of user-typed Web addresses;
• records evidencing the use of the Internet Protocol addresses to communicate with the [victim’s bank’s] e-mail servers;
• evidence of who used, owned, or controlled the TARGET COMPUTER at the time the things described in this warrant were created, edited, or deleted, such as logs registry entries, configuration file, saved user names and passwords, documents, browsing history, user profiles, e-mail contents, e-mail contacts, “chat,” messaging logs, photographs, and correspondence;
• evidence of software that would allow others to control the TARGET COMPUTER;
• evidence of times the TARGET COMPUTER was used; and
• records of applications run.