If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?

Preserving volatile data is crucial when a PDA is seized while it is still powered. RAM holds live information—open documents, running processes, login sessions, encryption keys, and network connections—that can disappear within moments if power is removed. Leaving the device on ensures these ephemeral data stay intact so a memory capture or live analysis can be performed, and the overall state of the device remains as close as possible to what it was at the moment of seizure. Powering down or removing power would risk destroying this volatile evidence and altering the device’s state, which could compromise the investigation. Keeping the device powered on also aligns with careful documentation and chain-of-custody practices to maintain integrity. Removing the battery or memory cards would further change the device’s state and potentially destroy data.