Electronic Law and Evidence Overview

Questions and Answers

What is the primary requirement when executing a search warrant for computer-related evidence?

It must be executed within 30 days of issuance.

It must be accompanied by a digital forensics expert.

It must occur during business hours.

It must be executed within 14 days of warrant authorization. (correct)

During a search incident to arrest, what can law enforcement legally do with a mobile device?

Access cloud data linked to the phone.

Review all contents of the phone.

Remove the case and physically examine the phone. (correct)

Seize the phone without examination.

Which of the following best describes exigent circumstances?

Instances where evidence is at risk of being destroyed. (correct)

Scenarios where a warrant must be obtained beforehand.

Conditions that allow for a search without probable cause.

Situations where consent is not needed.

Which of the following is NOT a consideration when evaluating the authentication of computer information?

What is the file size of the data?

What should NOT be done to ensure digital officer safety during online investigative activities?

Respond to unsolicited emails.

Why do criminals prefer engaging in activities within the cyber environment?

It offers them greater physical safety.

What should be the first priority when seizing electronics during an investigation?

Maintaining officer safety

Which of the following is essential when transporting computers as evidence?

Maintaining the chain of custody

What aspect of a plain view seizure is crucial to understand?

Evidence must be readily observable from a legal vantage point.

Which type of system can be critically impacted by skilled cyber terrorists?

SCADA systems.

What is a characteristic feature of a bitcoin address?

Starts with 1, 3, or bc1

Which action is NOT recommended when handling a computer that contains potential evidence?

Turning the computer off immediately

Which type of evidence must be preserved in a way that can be validated in court?

All forms of evidence including digital

When collecting RAM for password cracking, what is the purpose of the pagefile?

To hold overflow information when RAM is full

What is a seed phrase in the context of cryptocurrency wallets?

A list of 12-24 words that unlock an account

Which method enhances the credibility of evidence presented in court?

Having multiple witnesses with personal knowledge

What is required to obtain a T-III wiretap for electronic communications?

Probable cause to believe a felony has been committed

Under what condition is a T-III wiretap not necessary?

Recording conversations with two-party consent

What defines 'reasonable expectation of privacy' (REP) under Katz?

Subjective belief that privacy is maintained

What is a key factor from the Carpenter decision regarding tracking movements?

Tracking for more than 7 days requires a search warrant

Which types of prior convictions can be used to impeach a witness?

Any felony conviction

What must the defense prove during their case in a criminal prosecution?

Nothing, they have no burden of proof

Which type of judge is authorized to grant a T-III wiretap?

District court judge or above

What is the purpose of a Preservation Letter?

To request online data retention by ISPs

In the context of drug identification, what information can the Drug Identification Bible provide?

Active ingredients, color, shape, dosage, and control level

What is a distinctive physical characteristic of heroin?

White, tan, or gray powder with a strong vinegar smell

What criteria must be demonstrated to justify a search of stored data?

Probable cause related to the crime being investigated

During which stage of criminal prosecution does jury selection occur?

Voir Dire

What does Locard's principle state about evidence left at a crime scene?

People cannot leave a scene without taking something with them and leaving something behind.

What does the 'necessity statement' in a T-III application require?

Documentation of all investigative techniques exhausted

How can the government respond to evidence presented by the defense?

Through the Rebuttal Case

Which characteristic type describes items that can uniquely link to a specific source?

Individual characteristic

What is a characteristic of cocaine base/crack?

Can only be smoked to achieve a high

In measuring for crime scene documentation, which method is considered the most accurate?

Triangulation measurement

What is essential to include in sketches of crime scenes?

A North arrow and key/title block

Which of the following is NOT a stage in criminal prosecution?

Witness Cross Examination

What unique feature can help identify the source of a printed document from laser printers?

Marks left from improper maintenance

Which type of physical evidence is considered tangible?

A bullet

Which aspect is NOT required for effective crime scene documentation?

Witness statements

What is a typical use for the largest ink library maintained by the USSS?

Identifying ink types in questioned documents

What advantage is associated with compelled handwriting exemplars?

Can control conditions of the sample

Which of the following correctly defines a mental health crisis?

A state of severely reduced behavioral and emotional functioning

What is a primary disadvantage of obtaining non-request handwriting exemplars?

They are more likely to be disguised

What key component is essential for the chain of custody to be valid in court?

A narrative of the evidence's history

What role can an individual in a mental health crisis assume?

Disorderly person

Which of the following is NOT a sign of mental illness?

Coping well with loss

What is the main purpose of a Letter of Transmittal in evidence submission?

To describe the case and request analysis

What is an important initial step in dealing with a situation involving a mental health crisis?

Obtain comprehensive information about the situation

Study Notes

Electronic Law and Evidence

• EPO 1: Federal requirements for wiretaps.
  • Wiretaps needed for real-time communications content with no party consent.
  • Authorization from an Assistant U.S. Attorney (AUSA) is needed given probable cause of a felony committed.
  • Includes necessary steps and what has/hasn't been attempted.
  • District Court or higher is required to issue a T-III order.
• EPO 2: Federal requirements for tracking suspects.
  • Physical intrusion with intent of gaining information is considered a search under Jones.
  • Physical or non-physical intrusion affecting a reasonable person's subjective expectation of privacy is considered a search under Katz.
  • Tracking for longer than 7 days established a search.
  • Tracking for less than 7 days may not be a search under Katz or could be considered under Jones only.
  • A warrant from a Magistrate Judge is required for tracking.
• EPO 3: Federal requirements for tracing communications.
  • Pen registers capture dialed-out numbers.
  • Trap and traces capture incoming numbers.
• EPO 4: Video surveillance in private locations.
  • Warrant needed for video surveillance within someone's reasonable expectation of privacy.
  • Includes curtilage of a home.
• EPO 5: Stored electronic communications.
  • Stored Communications Act controls access to stored comms by Internet service providers.
  • Gathering information includes basic subscriber info (name, address, phone number, service details, and timestamps).
  • Transactional records (website visits, calls made/received).
  • Email addresses received and sent.
    • Specifics the content and process to obtain.
• EPO 6: Searching/Seizing computers without warrants.
  • Search without warrant needs consent or exigent circumstances.
  • Consent can be limited (do not look at emails).
    • Apparent authority also serves as consent.
  • Plain view allows seizing if already in view.
• EPO 7: Special considerations for searching computers.
  • Consider all devices in warrant to search/seize.
• EPO 8: Special considerations for executing computer warrants.
  • Warrant execution must be within 14 days of authorization.
• EPO 9: Authenticating computer information.
  • Identify whose data is on the computer.
  • Know who/what created the information.
  • Determine who had access.
  • Trace evidence must exist.
• EPO 10: Investigating crimes with electronic evidence.
  • Procedures for collecting and preserving physical/electronic evidence.
  • Identifying non-electronic items pertaining to electronic crimes.
  • Proper documentation of all evidence is essential for admissibility in court.
• EPO 11: Law Enforcement Response to a Mental Health Crisis.
  • Behaviors associated with crisis situations.
  • Techniques to de-escalate.
  • Steps to take after securing a scene.

Conducting Investigations in the Cyber Environment

• EPO 12: Identify precautions to prevent leaks to personal/agency identifying information.
  • General rules, areas of vulnerability for computer systems and files.
  • Handling data flow.
• EPO 13: Identifying how social networks and online gaming facilitate criminal activity.
  • Online-criminals take advantage of the virtual aspect.
  • Gaining access to many people, minimizing physical risk.
• EPO 14: Introduction to Mobile Device Investigations.
  • Determining types/identifiers associated with mobile devices.
  • User vs. Investigative perspectives.
• EPO 15: Identifies the federal requirements to control the use of video surveillance.
• Discusses situations in which surveillance is allowed without a warrant.
• EPO 16: Understands various stages of a criminal prosecution.
• Procedures from initial stages to the final stages (e.g., Pre-Trial Suppression Hearing, Jury Trial, etc.).
• EPO 17: Controlled substance identification.
  • Various methods for identifying drugs.
• EPO 18: Understanding physical evidence.
  • Methods for identifying and gathering evidence (physical, documented, testimonials).
• EPO 19: Identification, request, and non-request exemplars.
  • Document and note component details.
  • Information about ink and paper analysis.
• EPO 20: Information regarding chain of custody as it pertains to evidence for analysis in a lab.
  • Detailed processes and forms specific to legal submissions to labs.
• EPO 21: Legal requirements to obtain properly admissible evidence for trials in court.
  • Detailed procedures and steps involved in procuring usable evidence in court.

Description

This quiz covers the federal requirements for wiretaps and tracking suspects under electronic law. It details necessary authorizations, definitions of searches, and the criteria for obtaining warrants. Test your knowledge on these critical legal topics related to electronic evidence.