Criminal Evidence and Courtroom Procedures

Questions and Answers

Who is responsible for determining the admissibility of evidence in court?

The prosecution

The judge (correct)

The jury

The defense attorney

What is the correct term for evidence based on a witness directly observing an event?

Hearsay evidence

Circumstantial evidence

Direct testimony (correct)

Expert testimony

What happens to evidence if the defense objects and the judge sustains the objection?

The judge reviews the evidence

The jury hears the evidence

The evidence is available for rebuttal

The evidence is excluded (correct)

Which type of documentation is acceptable when the original evidence is not available?

An accurate copy

What do the rules of evidence generally apply to?

At trial

What is the primary objective of the cross-examiner when questioning a witness?

Impeach the witness

What does Chain of Custody confirm regarding the evidence?

The authenticity and possession history of the evidence

Which type of documents requires a witness to testify in court?

Un-certified documents

What is the optimal number of people recommended to take measurements?

Two or more people

Which of the following is NOT a basic type of measurement used in evidence collection?

Linear progression

What is the first type of evidence you should collect?

Fragile evidence

Which of the following steps is NOT required when packaging evidence?

Place evidence in a larger container

In the context of latent prints, where can they be found?

On nearly any surface

What should you avoid when handling a Questioned document?

Marking the document if possible

Which marking procedure is recommended if it's necessary to mark a document?

Use a marking medium different from that on the document

Which of the following best describes the chain of custody?

Life history of item for legal purposes

What should a letter of transmittal include?

A brief synopsis of the case

How can the age of a questioned document be best determined?

Through ink and paper analysis

Which factor does NOT affect handwriting?

Personality traits

What should be included when sending documents to the lab?

Registered, return receipt

Which identifier is part of the CDMA technology?

MEID

What type of exemplars are considered free from disguise?

Non-request exemplars

Which method is NOT recommended when collecting electronic evidence at a crime scene?

Power off the device

In identity theft fraud, which is NOT a common way to obtain Personally Identifiable Information (PII)?

Purchasing from legitimate vendors

Which of the following constitutes physical damage to electronic evidence?

Water exposure

Which of the following is NOT considered critical trace evidence in computer forensics?

Network configurations

What is the purpose of the Unique Identifier on a SIM card?

To authenticate the device and connect it to the network

Which extraction method is most widely supported for mobile device forensics?

Logical Extraction

When seizing a mobile device, what is a crucial best practice?

Ensure the device is off

In the context of mobile device forensics, what is the main function of a Faraday bag?

To prevent wireless signal from reaching the device

What should external storage devices be treated as in forensic investigations?

Digital evidence

What is the function of 'Trust' in iOS during data extraction?

To establish a connection between the device and computer

Which of the following is NOT a part of the proper documentation for mobile device seizure and data extraction?

Personal notes from investigators

Which of the following is a key feature of analytical software used in mobile device forensics?

Generating extraction reports

What is the primary purpose of changing the SSID and default router name in a wireless network?

To enhance security by reducing the chance of unauthorized access

Which of the following is NOT a recommended action to mitigate danger when identifying a security threat?

Ignore the threat

What is the goal of a digital officer's safety?

To reduce personal and professional operational risks associated with online activity

What should you do when receiving unsolicited emails as part of common operational security?

Do not respond at all

Which encryption method is recommended for securing wireless networks?

WPA2-PSK

Which activity is commonly associated with online gaming and social networks for criminal activity?

Creating secure communication environments for child exploitation

What aspect of internet usage significantly reduces physical risk for criminals?

Anonymity

SCADA systems are primarily targeted because they control critical infrastructure. Which of the following is an example of such infrastructure?

Electric grids

Study Notes

Courtroom Evidence

• Evidence admissibility is decided by the judge.
• Witness honesty/lying is decided by the jury.
• Rules of Evidence apply at trial, except for privileges.
• If the defense objects to evidence, and the judge sustains, the jury does not see the evidence.
• Defense can file a motion to suppress evidence if they don't want it presented.
• No requirement for a defendant to provide evidence at trial.
• Direct evidence is when a witness saw Person X do something to Person Y.
• Circumstantial evidence is when fingerprints are found on a weapon.
• Direct evidence is not always better than circumstantial evidence.
• Cross-examination aims to impeach the witness.
• Chain of Custody demonstrates the evidence's authenticity and condition at trial.
• Chain of Custody shows who possessed the evidence and that it is authentic, not that it's in the same condition.
• Expert testimony is still needed to prove the evidence's condition, even if Chain of Custody is followed.
• Witnesses' notes can be reviewed by the defense, not the jury.
• An accurate copy of a document is acceptable when the original is not presented.
• Uncertified documents can stand alone.

Investigative Information Sources & Financial Sources

• Cryptocurrency is a type of virtual currency.
• Bitcoin addresses have 26-36 characters and begin with 1, 3, or bc1.
• Examples of hardware wallets include Trezor and Ledger.
• Seed phrases are 12 or 24 words entered in the correct order to recover a wallet.
• Conversion of fiat currency to cryptocurrency (or vice versa) is called on-ramping or off-ramping.

Controlled Substance Identification

• Tablets and capsules have imprints with numeric or alpha-numeric codes.
• Information about illicit drugs includes history, manufacturing, street names, street prices, CSA scheduling, and effects.
• The Drug Identification Bible contains active ingredients, color, shape, dosage and control level of medically used drugs.
• Asian White Heroin is white/tan/gray, smells of vinegar, and resembles talcum powder.
• Cocaine Base is not water-soluble, so it's smoked.

Physical Evidence

• Three types of evidence: physical/real, testimonial, and documentary.
• Physical evidence is tangible and has form or mass (visible or invisible).
• Locard's Theory of Interchange states that someone entering an environment will leave something of themselves and/or take something from that environment.
• Evidence can be classified as class or individual.
• Class evidence has shared characteristics, while individual characteristics are unique.

Fragile

• Fragile items should be handled with care; document the order of packaging.
• Place the item inside a sealed container and mark the container.
• Chain of custody: record details of every person who handles the item from discovery to court.

Questioned Documents

• Ink and paper characteristics help determine the age of a document.
• Writing instruments (e.g., typewriters, copiers), can be traced back to their source based on the unique characteristics.

Mobile Device Investigations

• Cellular devices have unique identifiers (e.g., IMEI, MEID).
• SIM cards connect devices to cellular networks.
• Logical extraction uses device backup features.
• Treat external storage devices (e.g., SD cards) as digital evidence.
• Software interaction (cables, USB ports, Bluetooth) is used to extract data.

Conducting Investigations in the Cyber Environment

• Computer systems, files, and data flow can be targets of digital crimes.
• Wireless networks need security measures (SSID, router name, password, encryption).
• Common sense is important in cyber safety.
• Digital devices can be seized and examined for evidence.
• Identify devices used in committing an illegal scheme.

First Responders to Digital Evidence

• Devices can be targeted for illegal schemes, used as tools to facilitate schemes, or contain repositories of criminal activity.
• Digital devices should be seized without touching them if possible.
• Proper procedures are in place to prevent any data alteration and loss.
• Secure evidence at the scene, preserving evidence before transporting and analyzing.

Description

Test your knowledge on the principles of criminal evidence and courtroom procedures. This quiz covers essential topics such as admissibility, types of evidence, documentation, and the responsibilities of legal professionals in a trial. Perfect for students of criminal justice and law enforcement.