DF347 Networks Forensics Quiz

Questions and Answers

What is a key measure to minimize accidental contamination during evidence handling?

• Using standard envelopes for evidence packaging
• Isolating bulk and trace evidence (correct)
• Storing evidence in open containers
• Assigning multiple people to handle evidence

Which of the following is essential for maintaining the integrity of evidence?

• Keeping evidence in closed boxes until needed
• Mixing samples to verify testing
• Assiduous use of logging systems (correct)
• Omitting note-taking for efficiency

How can the accidental mislabeling of evidence be minimized?

• Relying on verbal descriptions instead of written labels
• Incorporating specific SOPs designed for labeling (correct)
• Allowing anyone to label their own evidence
• Using disposable labeling materials

What is an effective way to prevent cross-contamination between samples?

Employing decontamination procedures for surfaces and people (B)

What role does contemporaneous note taking play in evidence handling?

It serves to demonstrate compliance with SOPs (C)

What role can a dedicated exhibits officer play in the evidence chain?

What is the primary objective of forensic science in the context of a criminal investigation?

To establish guilt or innocence of suspected individuals (D)

Which phase in evidence processing involves the examination and laboratory work on recovered evidence?

Examination and laboratory analysis (A)

What is critical to maintaining the integrity of physical evidence collected from a crime scene?

Properly documenting and securing the evidence (C)

What does the term 'chain of custody' refer to in forensic investigations?

The chronological documentation of evidence handling (B)

Which type of evidence may be collected during a forensic investigation at a crime scene?

Various types including DNA, fingerprints, and digital evidence (D)

What is the first step in processing physical evidence from a crime scene?

Recovery and continuity of evidence (D)

Which of the following processes ensures that forensic evidence is trustworthy and relevant to law enforcement?

Quality standards and ethical oversight in forensic practice (D)

What is an essential consideration when packaging evidence from a crime scene?

Ensure the packaging prevents contamination or damage (D)

What is the primary responsibility of Scenes of Crime Officers (SOCOs)?

To identify and recover items of physical evidence (B)

What is a critical aspect of maintaining evidence integrity?

Documenting the chain of custody accurately (B)

Which component is NOT necessary for ensuring continuity of evidence?

Signatures not required on evidence seals (D)

What does the term 'chain of custody' primarily ensure?

The legal admissibility of evidence in court (D)

What procedure can help prevent evidence tampering?

Implementing tamper-evident seals on packaging (A)

What must be done whenever evidence is handled to maintain its integrity?

Document who handled it and when (A)

Why is it important to guard against evidence contamination?

It may lead to evidence being declared inadmissible (B)

What procedure helps maintain security during evidence handling?

Securing packaging while documenting the handling process (B)

Flashcards

Chain of Custody

A system for tracking evidence from the time it's collected to when it's presented in court. It documents who had the evidence and when.

Anti-contamination SOPs

Specific procedures to prevent contamination of evidence, including isolation and protective equipment.

Evidence Integrity

Maintaining the accuracy, reliability, and completeness of evidence.

Loss of Integrity (Deterioration)

Damage or change to evidence due to improper storage, causing it to lose its original state.

Mislabeling of Evidence

Incorrect labeling of evidence, leading to confusion and a potential false outcome in testing.

Crime Scene Evidence Recovery

Properly identifying and collecting physical evidence from a crime scene.

Evidence Tampering

Altering or changing evidence intentionally.

Accidental Contamination

Unintentional mixture of evidence with something else.

Evidence Mislabeling

Incorrectly labeling evidence.

Evidence Continuity

Showing the uninterrupted history of evidence.

Inadmissible Evidence

Evidence that cannot be used in court due to a lack of proper handling or documentation.

Forensic Science

The application of scientific methods to investigate crimes and legal proceedings.

Forensic Science Scope

Forensic science encompasses a wide range of disciplines, including DNA analysis, fingerprint identification, ballistics, toxicology, and digital forensics.

Evidence Processing Stages

Evidence processing involves three key stages: recovery, examination, and interpretation.

Evidence Recovery

The safe and thorough collection of evidence from a crime scene, ensuring proper chain of custody.

Evidence Examination

Performing laboratory tests and analysis on collected evidence to identify its nature and relevance.

Evidence Interpretation

Assessing the meaning and significance of scientific evidence in the context of a case.

Crime Scene

Any location, including a building, outdoor area, or person, where evidence related to a criminal activity might be found.

Forensic Science in Justice

Forensic science plays a crucial role in the criminal justice system by providing objective and scientifically sound evidence to assist in investigations and court proceedings.

Study Notes

DF347 Networks Forensics

• Course: DF347 Networks Forensics
• Semester: 1
• Academic Year: 2024/2025
• Dates: October 13th - 17th, 2024
• Instructor: Dr. Basil Elmasri
• Email: [email protected]

Computer Networks Layers

• TCP/IP protocol suite and OSI 7-layer model are presented.
• The TCP/IP model is a hybrid model combining the layers.

Encapsulation and Decapsulation

• Data is encapsulated with headers at each layer of the model.
• Headers are added at each layer (application, transport, network, data link, physical).
• Each layer adds its header to the data before sending it to the next layer.
• The process of unpacking the headers is known as decapsulation.
• The process of packaging the data with headers at each layer is called encapsulation.

Encapsulation and Decapsulation Example

• Server A sends a webpage to B.
• The webpage is broken into chunks.
• Headers are added to each chunk—HTTP, TCP, IP, MAC—along with a trailer.
• The frame is converted to bits (0s and 1s).
• The bits are sent through the network.
• PC B receives the bits and unpacks the headers (decapsulation).
• The webpage is assembled by removing the headers.

Forensic Science

• Forensic science is the application of science to the justice system.
• It aims to resolve both civil and criminal cases.
• Forensic science commonly involves criminal case investigations.
• It is used to associate people, places, and things to criminal activities.
• The discipline divides into distinct parts, like the definition itself.

Evidence Processing

• Crime scene investigation starts with evidence processing.
• Three phases are typically involved: recovery, examination, and interpretation.
• The recovery involves gathering evidence.
• Examination involves detailed analysis in a lab.
• Interpretation is the process of determining the meaning of the evidence found.

Recovery and Continuity of Evidence

• Integrity of evidence is crucial.
• Documentation of each evidence step is required.
• The chain of custody records who handled the evidence, when, and how.
• Records must track who handled the evidence, keeping track of contamination, deterioration, and mislabeling.
• Courts require a documented and uninterrupted chain of custody.

Loss of Integrity

• Includes tampering, accidental contamination, deterioration, and accidental mislabeling.
• Proper packaging and storage are crucial.
• Use of tamper-evident seals and secure evidence storage is important.
• Documentation needs to be preserved throughout the process.