Powered-off devices should never be turned on unless done so by the forensic investigator. Special steps must be taken to ensure that existing data is not erased and that new data is not written.

Devices can often seem as if they are off, but they can be in a sleep or hibernate state. As a simple test, the mouse can be moved and monitors (if any) can be switched on to determine if they are in fact in either of those states. Even if they are in an off state, one should still photograph the screen and ports.

When investigating portable and mobile devices in an already off state, it is suggested that the battery is removed (if possible) and placed in an evidence bag to ensure that there will be no accidental way to turn the device on once unplugged. According to the NIST.SP.800-101r1—Guidelines on Mobile Forensics, it should be noted that removing the battery can alter contents in volatile memory, even when in an off state.