>I’d say there’s no municipal police force in the country that has a sufficiently technically sophisticated regular law enforcement to try to attack a running machine. So if you are suspected of having information relevant to a murder or drug deal—the seize and examine one month later scenario is extremely likely.
I wouldnt assume that this is still the case, at least in Germany. I think the days of police shutting down the devices they have a search warrant for are pretty much over until they are confident enough that there isnt a disc encryption in place. If there is, they keep the device from going to sleep and call for an expert. If they are actually targeting server infrastructure, there will be people with technical expertise involved.
The US can have some small police forces. Like, a handful of people independently serving a city.
If they were the first to respond to a tech crime, they could probably create a mess. But in theory, they could do their own search warrants, searches, recommending prosecutions, etc.
Even big police forces, e.g. NYPD, have lots of divisions. I don't think there's any standard operating procedure in place that would lead a random detective in a random precinct to call in one of the two or three experts across the entire NYPD on a case he is working that happens to involve seizure order for servers. If someone in the special city-wide child pornography unit was involved in a server seizure, that's when the computer expert might be involved (because he or she would be attached to the computer crimes division the child porn unit is a part of).
I wouldnt assume that this is still the case, at least in Germany. I think the days of police shutting down the devices they have a search warrant for are pretty much over until they are confident enough that there isnt a disc encryption in place. If there is, they keep the device from going to sleep and call for an expert. If they are actually targeting server infrastructure, there will be people with technical expertise involved.