Courtroom Evidence Quiz

Questions and Answers

What are the roles of a computer in an illegal scheme?

• Legal investigation tool, communication device, public utility
• Backup device, personal computer, digital artifact
• Target, Instrument, Acting as storage (correct)
• Secure data storage, outsourced application, monitoring device

Which method is NOT recommended for collecting electronic evidence from a crime scene?

• Seize any computer or digital drive that can access the device
• Touch the items to check responsiveness (correct)
• Move the mouse to wake a dark screen
• Disconnect the ethernet cable but keep the power on

What type of damage can external factors cause to electronic evidence?

• Data modification by remote access
• File deletion via user error
• Software corruption through updates
• Magnetic media destruction from magnetic fields (correct)

Which of the following is NOT a common way personal identifiable information (PII) is obtained through identity theft?

Invoice manipulation (A)

When collecting electronic evidence, what is the first step to take?

Secure the crime scene (C)

What is the primary purpose of the Tablet & Capsule Imprints Section?

Provide numeric or alpha-numeric codes for controlled drugs (B)

Which of the following characteristics describes physical evidence?

Must be visible and tangible (D)

What are class characteristics?

Common features shared by a group of objects (C)

What defines an individual characteristic?

Unique traits from accidental occurrences or use (D)

Which type of evidence is NOT one of the three basic types listed?

Digital evidence (B)

Why is proper crime scene documentation crucial?

It provides a clear and accurate record for investigations (C)

What would be an example of an illicit drug as mentioned?

Asian White Heroin (D)

What is NOT a recommended practice for making notes at a crime scene?

Keeping notes in a separate ledger (A)

Who is responsible for determining whether a witness is honest or lying in court?

The jury (B)

What is the status of evidence during a trial if the judge sustains the defense's objection?

It is completely excluded from the trial (A)

What must a defendant provide as evidence if they choose not to testify?

No evidence at all (C)

What type of evidence is described as direct testimony?

A witness confirming they saw the event happen (C)

Which of the following statements about Chain of Custody is true?

It only shows who possessed the evidence (A)

Which of these options is necessary for un-certified documents to be admissible in court?

A witness must testify regarding them (D)

What is a characteristic of a Bitcoin address?

It is always between 26 and 36 characters long (B)

What is the primary purpose of a seed phrase in cryptocurrency?

To reconstruct a hardware wallet (C)

Flashcards

Off-ramping

The process of exchanging cryptocurrencies for fiat money.

Physical Evidence

Any object or substance that can be used as evidence in a criminal investigation. It is tangible, has form or mass, and can be visible or invisible.

Locard's Theory of Interchange

A theory that states that any interaction between two objects will result in an exchange of material, meaning that evidence can be transferred from one location to another.

Class Characteristics

Characteristics that are shared by all members of a certain class of objects or substances.

Individual Characteristics

Characteristics that are unique to a specific object or substance, making it distinguishable from others in the same class.

Drug Identification Bible

The primary source of information for controlled substances identification.

Crime Scene Documentation

The type of documentation that includes written notes, photographs, and sketches of a crime scene.

Crime Scene Notes

A type of documentation utilized in a crime scene investigation that includes notes that are to be chronologically ordered, written in ink, legible, and accurate.

Who decides if evidence is admissible?

The person responsible for deciding if evidence is allowed in court proceedings.

Who determines witness credibility?

The group responsible for determining the credibility of a witness, assessing their honesty and trustworthiness.

Chain of Custody

The process of transferring custody of evidence, carefully documenting each step to maintain the chain of evidence integrity.

Direct Testimony

Evidence that is presented directly, like a witness's firsthand testimony.

Circumstantial Evidence

Evidence that provides an indirect link to a crime, such as fingerprints found at the crime scene.

Impeach a Witness

The process of questioning a witness to challenge their testimony and expose inconsistencies or weaknesses.

Hardware Wallet

A type of digital wallet used to store cryptocurrencies offline, physically securing the private keys with a device.

Seed Phrase

A unique phrase made up of 12 or 24 words used to recover access to a cryptocurrency wallet.

Spearphishing

An attack that targets specific individuals or organizations using personalized messages and tailored lures to gain access to sensitive information, with the aim of exploiting vulnerabilities or gaining unauthorized access to resources.

Identity Theft

A type of cybercrime that involves stealing personal information (PII) to gain access to financial assets or other personal resources. It often focuses on obtaining PII like social security numbers, credit card details, and banking information.

First Responders to Digital Evidence

The very first responders to digital evidence at a crime scene play a crucial role in preserving the integrity and value of evidence. They secure the scene, prevent contamination, and ensure that evidence isn't compromised.

Devices Holding Digital Evidence

Digital evidence can be found on a wide range of devices that store information in a binary (1 & 0) format. This includes not only computers but also devices like music players, storage media, and even e-readers.

Destruction of Digital Evidence

The intentional destruction of evidence or the alteration of data can severely impair an investigation. It can be done through physical means, software-based attacks, or even accidental damage.

Study Notes

Courtroom Evidence

• Admissibility: The judge decides if evidence is admissible in court.
• Witness Honesty: The jury decides if a witness is honest or lying.
• Rules of Evidence Application: The rules of evidence apply at trial, except for privileges.
• Defense Objections: If the defense objects to evidence and the judge sustains the objection, the jury does not see the evidence.
• Suppressing Evidence: The defense can file a motion to suppress evidence if they do not want it admitted.
• Defendant's Evidence Requirement: The defendant does not need to provide any evidence at trial.
• Direct vs. Circumstantial Evidence: Direct evidence is when a witness saw an event. Circumstantial evidence uses other evidence to infer an event, such as fingerprints on a weapon.
• Goal of Cross-Examination: The goal of a cross-examiner is to weaken or impeach the witness's credibility.
• Chain of Custody: This demonstrates evidence's authenticity and condition throughout the trial. It does not, however, guarantee the evidence is still in the same condition. Chain of Custody shows who had the item and that it is authentic, NOT that the evidence is in the same condition.
• Acceptable Documentation Without Original: An accurate copy of a document.
• Required Testimony: Un-certified documents require a witness's testimony.

Investigative Information Sources & Financial Sources

• Cryptocurrency: A virtual type of currency.
• Bitcoin Addresses: Bitcoin addresses are 26-36 characters long.
• Hardware Wallets: Trezor and Ledger are examples.
• Seed Phrases: Used to reconstitute a crypto wallet.
• Conversion: Converting fiat currency to or from crypto is called an on-ramp or off-ramp, respectively.

Physical Evidence

• Three Types of Evidence: Physical, Testimonial, and Documentary.
• Physical Evidence Characteristics: Tangible and has mass, potentially visible or invisible.
• Locard's Theory: It is improbable that someone enters an environment without leaving or taking something.
• Class vs. Individual Characteristics: Class characteristics are shared by objects of a certain type. Individual characteristics are unique to a particular object.
• Crime Scene Documentation: Notes (chronological order, in ink), photographs (overall, mid-range, close-up), and sketches (rough sketches, notes on the sketch).

Fragile

• Packaging Order: Document evidence, mark the container, place the container inside and seal it; if it's not critical to the case do not mark the item.
• Chain of Custody: Details the history of evidence; everyone who handles the evidence signs off.
• Letter of Transmittal: Includes a list of items submitted.

Questioned Documents

• Document Components: Paper, ink, and writing instruments (e.g., copier).
• Tracing Documents: Typewriters, copiers, and printers often produce unique characteristics that can be used to trace the document's source.

Mobile Device Investigations

• Unique identifiers: Device identifiers like IMEI and MEID.
• SIM Cards: Used to connect a device to a cellular network.
• Logical Extraction: Extracting data using the device's backup features.
• External Storage: Treat external storage (SD cards, USB drives) as evidence.
• Software Interaction: Using cables, USB, or Bluetooth to extract data.

Conducting Investigations in the Cyber Environment

• Wireless Networks: Changing service set identifiers (SSID), default router names, and passwords to increase security.
• Cybersecurity: Reduce risks associated with online activity (e.g., inappropriate responses to emails).
• Social Networks & Online Gaming: Using social media and online gaming for criminal activity, like spreading malware or cyberbullying.

Phishing Attacks

• Phishing: Attacks that involve sending emails to trick people into giving away their personal information.
• Spearfishing: Attacks directed at specific groups.
• Online Auction Fraud: A type of fraud that targets online auctions.
• Identity Theft: Stealing someone's identity.
• PII: Personally identifiable information (e.g., credit card numbers, passwords).

First Responders to Digital Evidence

• Categorization of Devices: Devices can be victims, instruments, or repositories of criminal activity.
• Device Collection and Seizure: Document the process, and do not touch the device until appropriate procedures are followed
• Data Destruction: How to avoid destroying data or evidence.
• Non-Electronic Evidence: Items like documentation, critical trace evidence, reports etc.

Additional Notes

• Specifics: This is generally summarized information. Each subject area requires additional detail for an effective investigation.

Description

Test your knowledge on courtroom evidence and its admissibility. Understand the roles of the judge, jury, and defense in evaluating evidence during trials. This quiz covers essential concepts like direct vs. circumstantial evidence and witness examination.