Courtroom Evidence Quiz

Questions and Answers

What are the roles of a computer in an illegal scheme?

Legal investigation tool, communication device, public utility

Backup device, personal computer, digital artifact

Target, Instrument, Acting as storage (correct)

Secure data storage, outsourced application, monitoring device

Which method is NOT recommended for collecting electronic evidence from a crime scene?

Seize any computer or digital drive that can access the device

Touch the items to check responsiveness (correct)

Move the mouse to wake a dark screen

Disconnect the ethernet cable but keep the power on

What type of damage can external factors cause to electronic evidence?

Data modification by remote access

File deletion via user error

Software corruption through updates

Magnetic media destruction from magnetic fields (correct)

Which of the following is NOT a common way personal identifiable information (PII) is obtained through identity theft?

Invoice manipulation

When collecting electronic evidence, what is the first step to take?

Secure the crime scene

What is the primary purpose of the Tablet & Capsule Imprints Section?

Provide numeric or alpha-numeric codes for controlled drugs

Which of the following characteristics describes physical evidence?

Must be visible and tangible

What are class characteristics?

Common features shared by a group of objects

What defines an individual characteristic?

Unique traits from accidental occurrences or use

Which type of evidence is NOT one of the three basic types listed?

Digital evidence

Why is proper crime scene documentation crucial?

It provides a clear and accurate record for investigations

What would be an example of an illicit drug as mentioned?

Asian White Heroin

What is NOT a recommended practice for making notes at a crime scene?

Keeping notes in a separate ledger

Who is responsible for determining whether a witness is honest or lying in court?

The jury

What is the status of evidence during a trial if the judge sustains the defense's objection?

It is completely excluded from the trial

What must a defendant provide as evidence if they choose not to testify?

No evidence at all

What type of evidence is described as direct testimony?

A witness confirming they saw the event happen

Which of the following statements about Chain of Custody is true?

It only shows who possessed the evidence

Which of these options is necessary for un-certified documents to be admissible in court?

A witness must testify regarding them

What is a characteristic of a Bitcoin address?

It is always between 26 and 36 characters long

What is the primary purpose of a seed phrase in cryptocurrency?

To reconstruct a hardware wallet

Study Notes

Courtroom Evidence

• Admissibility: The judge decides if evidence is admissible in court.
• Witness Honesty: The jury decides if a witness is honest or lying.
• Rules of Evidence Application: The rules of evidence apply at trial, except for privileges.
• Defense Objections: If the defense objects to evidence and the judge sustains the objection, the jury does not see the evidence.
• Suppressing Evidence: The defense can file a motion to suppress evidence if they do not want it admitted.
• Defendant's Evidence Requirement: The defendant does not need to provide any evidence at trial.
• Direct vs. Circumstantial Evidence: Direct evidence is when a witness saw an event. Circumstantial evidence uses other evidence to infer an event, such as fingerprints on a weapon.
• Goal of Cross-Examination: The goal of a cross-examiner is to weaken or impeach the witness's credibility.
• Chain of Custody: This demonstrates evidence's authenticity and condition throughout the trial. It does not, however, guarantee the evidence is still in the same condition. Chain of Custody shows who had the item and that it is authentic, NOT that the evidence is in the same condition.
• Acceptable Documentation Without Original: An accurate copy of a document.
• Required Testimony: Un-certified documents require a witness's testimony.

Investigative Information Sources & Financial Sources

• Cryptocurrency: A virtual type of currency.
• Bitcoin Addresses: Bitcoin addresses are 26-36 characters long.
• Hardware Wallets: Trezor and Ledger are examples.
• Seed Phrases: Used to reconstitute a crypto wallet.
• Conversion: Converting fiat currency to or from crypto is called an on-ramp or off-ramp, respectively.

Physical Evidence

• Three Types of Evidence: Physical, Testimonial, and Documentary.
• Physical Evidence Characteristics: Tangible and has mass, potentially visible or invisible.
• Locard's Theory: It is improbable that someone enters an environment without leaving or taking something.
• Class vs. Individual Characteristics: Class characteristics are shared by objects of a certain type. Individual characteristics are unique to a particular object.
• Crime Scene Documentation: Notes (chronological order, in ink), photographs (overall, mid-range, close-up), and sketches (rough sketches, notes on the sketch).

Fragile

• Packaging Order: Document evidence, mark the container, place the container inside and seal it; if it's not critical to the case do not mark the item.
• Chain of Custody: Details the history of evidence; everyone who handles the evidence signs off.
• Letter of Transmittal: Includes a list of items submitted.

Questioned Documents

• Document Components: Paper, ink, and writing instruments (e.g., copier).
• Tracing Documents: Typewriters, copiers, and printers often produce unique characteristics that can be used to trace the document's source.

Mobile Device Investigations

• Unique identifiers: Device identifiers like IMEI and MEID.
• SIM Cards: Used to connect a device to a cellular network.
• Logical Extraction: Extracting data using the device's backup features.
• External Storage: Treat external storage (SD cards, USB drives) as evidence.
• Software Interaction: Using cables, USB, or Bluetooth to extract data.

Conducting Investigations in the Cyber Environment

• Wireless Networks: Changing service set identifiers (SSID), default router names, and passwords to increase security.
• Cybersecurity: Reduce risks associated with online activity (e.g., inappropriate responses to emails).
• Social Networks & Online Gaming: Using social media and online gaming for criminal activity, like spreading malware or cyberbullying.

Phishing Attacks

• Phishing: Attacks that involve sending emails to trick people into giving away their personal information.
• Spearfishing: Attacks directed at specific groups.
• Online Auction Fraud: A type of fraud that targets online auctions.
• Identity Theft: Stealing someone's identity.
• PII: Personally identifiable information (e.g., credit card numbers, passwords).

First Responders to Digital Evidence

• Categorization of Devices: Devices can be victims, instruments, or repositories of criminal activity.
• Device Collection and Seizure: Document the process, and do not touch the device until appropriate procedures are followed
• Data Destruction: How to avoid destroying data or evidence.
• Non-Electronic Evidence: Items like documentation, critical trace evidence, reports etc.

Additional Notes

• Specifics: This is generally summarized information. Each subject area requires additional detail for an effective investigation.

Description

Test your knowledge on courtroom evidence and its admissibility. Understand the roles of the judge, jury, and defense in evaluating evidence during trials. This quiz covers essential concepts like direct vs. circumstantial evidence and witness examination.