It occurs to me that, in order for a computer thats used in a crime to be used as evidence, it must first be seized for evidence.  Yet, there are all too many ways to dodge a search warrant.

Typically, whenever there's a computer crime, it is tracked back to the physical location of the broadband or telephone subscriber.  Then a search warrant is secretly processed and a home invasion thus proceeds.  But what happens when the computer containing forensics evidence isn't present at that location?

I can envision a dozen methods to dodge a search warrant, buying me time to have "my buddies" bury the evidence, by simply routing traffic through internet or intranet proxies.  Assuming one doesn't cover their tracks online, and their physical location is discovered, what's to prevent them from housing their forensics laden machine(s) at the neighbor's house, or their data on an off-site server (over the internet)?

Let me give you an example:

Say I'm into massive pirating of music/movies or even KP.  My apartment neighbor is into it too.  I own the internet connection, and he has the 4 Terabyte file server, and we're both connected wirelessly (or even via wire through the wall).  I'm smart enough to make sure that the only thing installed on my desktop/laptop is Windows XP, Solitaire, and Putty.

So when the door is bashed in, there I am pulling up Solitaire while closing Putty, and my neighbor who sees all the black vans out front quickly trashes his server (or sneaks it away after the feds leave).

So what if they discover that my neighbor is linked wirelessly or via wire?  They still need a search warrant before they can enter.  But it's too late, there's no evidence left to collect.


Without extensive research into a hacker's personal life or relationship with their neighbors, how is something like this normally prevented?

Hmm.  Well, I appreciate that you're not a lawyer.  But are you even familiar with hacking?

Home networks do not maintain "traffic logs", nor do laptops or putty.  In fact, my scenario specifically stated that the only thing on the laptop was a plain Windows install including Solitaire and Putty.  There is nothing between these two applications that can implicate someone in a crime.

Naturally, presence of the illicit material they deal in would be enough to implicate them, but this guy is quite aware of what he's doing, and him and his neighbor thought it through quite well, so he only uses his laptop to remotely monitor his server via putty.  Doesn't even keep a desktop machine in his own apartment.

True, a wireless connection _may_ set up a red flag, so lets focus on the ethernet connection he has running through the vent/outlet plate to his neighbor.  This can only be discovered upon entry on the first warrant, and nothing can be done about it until a second warrant is issued.

Or does our criminal law permit searches based on probable cause, much like a search of one's vehicle after being pulled over for speeding... or a search of an area that results in a foot pursuit where evidence is believed to have been stashed?

The scenario you laid is typical of the amateur hacker-cracker and might seem fine in theory but will more than likely get you busted in real life.  First of all if you were engaged in an activity worthy of the FBIs attention,they are going to not just rush in to your apartment. They will have been observing you for some time in order to build evidence. This has been my experience when working with law enforcement.

Your neighbor is not going to be looking out the window for black vans 24/7. What do you do if they kick down your door the one time your friend ran down to the corner store and left his box on because he had a huge download going on and didnt want to interrupt it..  Its also not difficult for me to locate a wireless network and see how many boxes are part of the network. Same is true of an ethernet connection.  Unless you really have incredible security, I will see  exactly what your network consists of.  If the law enforcement arrested your friend, they might cut him a deal to implicate you. I hope he is really a good friend. I can go on and on, the problem is you cant think of everything.  The point is a real high level hacker-cracker doesn't get caught in the first place and spends a lot of time making sure he is invisible.

Ah well, you guys shot up that scenario.  I thought it might make a novel script where FBI agents or RIAA goons obtain a warrant to search a home, only to find that it's the neighbors who are utilizing the internet connection for illicit ends.  So all they could do is stand around and frown at the door until an emergency warrant comes in, by which time there's nothing left to search.

It would certainly be more practical if a wireless internet connection were used, but right away it would be obvious where the packets are coming from.  I consider an ethernet connection to another dwelling more secure and something an investigator wouldn't expect to find, thus limiting the scope of the warrant to a single residence.  It would add an "oh sht" factor when the wire is discovered.

Certainly high profile criminals wouldn't be taken so lightly, but then again, they probably wouldn't be doing it out of their own home.

Thanks for all the comments!

isnt that what the wifi at starbucks is for?...hacking.

LOL, any hacker worth a damn is getting into that free. If you don't know how, by me a cup of coffee at the next Defcon and I will show you!

I've served my share of warrants, and I think there are some problems with your scenario:
1)Assume that everything is just the way you've laid it out.  You are still in trouble.  If you've done something on the level that would cause me to come kick in your door, that means I've probably been monitoring your traffic for awhile.  When then traffic goes dead the second I come through your door, we tend to cal that a “clue”.  Even if your server isn't right there with you, it will take 15 minutes to call the judge and get an expanded warrant.  In the mean time I'll be reminding you that destroying evidence is a felony, you're buddy is probably going to screw up the whipe, I'll pull everything off with EnCase, but by then I'll be tired and pissed off.
2)To be a bit more realistic, your above scenario isn't going to happen.  If I'm interested enough in you to kick in your door that means I'll be monitoring you, not just your traffic.  If you are working with someone else then you are probably going to meet with them at some point, which means I start watching them.  Trust me, it won't take more than a couple of days to figure out that when you, him, or both of you are at home then the naughty traffic is occurring.  That means I get two search warrants, and when your door is being kicked down, so is his.
3)To be even more realistic, the above scenario is also a bit unlikely.  If I think there is a chance that you'll destroy the evidence, why am I going to give you a chance?  There is this place called “outside” that people go to in order to get food/alcohol/smokes/paychecks/transvestite hookers/etc.  It is usually a lot easier and a lot more fun to wait for you to go get a slurpee, arrest you in the parking lot, and then watch you piss your pants when I tell you that we just served a search warrant on your place 15 minutes ago.  I'll probably even drink your slurpee for you.
4)If you've really done something bad then the above scenario isn't going to happen either.  Almost every agency that would be doing this kind of investigation is going to have access to their own keyloggers, trojans, backdoors, etc.  (Read up on the FBI's Magic Lantern)  Again, if you are doing something that is going to get your door kicked in then you are probably worth having someone install one of these little toys on your system.  That means I've captures all of the keystrokes for your putty sessions which negates your “but its a remote system and you can't see me” argument.
5) Unless you are doing this hacking just for shits and giggles, at some point you probably expect to make a profit off of it.  Most hackers get busted by investigators following their money trail rather than their network trail. 
6) Once all of this goes to trial then your remote setup is going to work against you.  It just goes to show the judge and jury that you were very aware that you were involved in something illegal.  It will probably add an extra year or so onto your sentence in Federal Pound-Me-In-The-Ass prison where your only joy will be reading my smart ass forum submissions.

That will always be a catch for investigators, but it is offset a bit if those parts of your hard drive are still mounted when the system is taken into custody.  If you can secure the suspect before they unmount those areas or power off the system, then the encryption is worthless.  If they do manage to get it locked you can often make your case based on the network traffic you've been monitoring and the bits and pieces left over in the host OS that will indicate what they've been doing.  Remember, if the feds are kicking down your door they've probably already got a pretty good load of evidence against you. If you get a court order allowing you to rootkit their system before you take them into custody, you'll probably already have the password plus a log of the activities.  That naughty traffic also has to go somewhere and do something, which they probably already have observed and recorded.  Unless you are just hacking stuff for fun you are going to have to do something with the data you've collected. (use the credit card numbers, sell the data, control your bots, etc)  All of that activity leaves evidence scattered all over other networks, not just your home systems. If all else fails, I've seen situations where the suspect is subpoenaed and order to produce the password.  If they don't, they are held in contempt until they do.  That puts some heat on them to comply since they can sit in jail as long as the judge can allow.