Electronic Law and Evidence PDF

Electronic Law and Evidence EPO 1: Identify the federal requirements governing the use of electronic devices that intercept wire, oral, and electronic communications. - When do you need a T-III wiretap? When you want to collect information that: - Real time (live) - Content of communication (what is said) - With a device (anything except human ear) - Without consent (no party consents) - No T-III order needed for: - Anything in subpoena, oral convo w/o REP, any convo overheard with human ear, any convo w/ 1 party consent - What do you need to obtain a T-III? - On officer to apply - Authorization to apply from AUSA - PC to believe a felony has been committed - PC that a crime is on-going (location, actors, comms to be intercepted) - Necessity statement - ^ what investigative steps have been taken and how they went, what steps haven’t been taken and why you haven’t tried those first. Does not mean one must try every investigative technique - Who can you get a T-III from? - District Court and above only - Not Magistrate judge EPO 2: Identify the federal requirements governing the use of electronic devices that track the movements of suspects. - Search under Jones: - Physical intrusion with intent of obtaining information - Search under Katz: - Physical or non Physical intrusion into subjective REP that society deems reasonable - Carpenter outcomes: - A person has REP in their continuous movements - Tracking becomes a search when continues for over 7 days - Tracking people for 7 days worth need a search warrant - Contents - Search warrant - Stored Data- Apply where data is stored - Stored Content of Comms- Apply where data is stored OR where crime will be charged - Preservation Letter - Guard against ISP from deleting online data - Agency can request on letterhead - Letter requires ISP hold records for a period of 90 days - Can be extended EPO 6: Describe when computers may be searched and/or seized without a search warrant. - Consent - Can have set parameters (“don’t look in my email”) - Can be given by someone with actual authority (they own phone, are a legal borrower) or by someone w/ apparent authority (cop thinks they own it, but they actually don’t) - Exigent circumstances - Destruction of evidence - Put in faraday bag - Plain view - Can seize based on plain view but not search! - Can’t expand scope of warrant based on what you find during plain view - Search Incident to arrest - CAN’T look through phone during SIA - Can remove case/ physically examine phone EPO 7: Describe special considerations in preparing a search warrant to search and/or seize computers. - List all possible devices you may want to collect in warrant EPO 8: Describe special considerations in executing a search warrant to search and/or seize computers. - Call the experts - Must be executed w/in 14 days of warrant authorization (started within 14 days) EPO 9: Describe special issues involving authentication of information contained on computers. - Ask these questions: - Whose data is this? - Who/what created it? - Who had access? - Trace evidence? - Things people say are hearsay, computer generated items are not hearsay Conducting Investigations in the Cyber Environment EPO: Identify necessary precautions to protect personal and agency identifying information during investigative activity - Digital Officer Safety- Reduce the personal/professional operational risks associated with online investigative activity - General rules: - Don’t respond to unsolicited emails - Don’t work from home - Use reputable anti-virus - Three areas of computer vulnerability - Computer system - Computer files - How data flows in/out EPO: Identify how social networks and online gaming are being used for criminal activity - Criminals like cyber environment - Removes necessity for criminals to be physically present - Low physical risk - Access to many more people - Service set ID, Password, Router name - SCADA Systems- Supervisory Control and Data Acquisition Systems - Control most major public/private systems - Cyber terrorists with high degree of skill can hijack Introduction to Mobile Device Investigations EPO: Determine types of technology and the unique identifiers associated with a mobile device. - User perspective- Integrated, fluent in operation of, instant gratification - Investigative perspective- Disciplined, proper handling (important in court) - IMEI- International Mobile Equipment ID- number used to specify device, used by GSM - GSM- Global network - MIED- Mobile Equipment ID- number used to specify device, used by CDMA - CDMS- Merica network, founded here, less common - ICCID- serial number of a SIM card, specific to the card - Logical extraction- Most widely supported extraction, uses software to extract data - Important steps- - Legal authority (warrant or consent) (seize doesn't mean search) - Document device, faraday bag, get passcode - When to use airplane mode- field extractions only First Responders to Digital Evidence EPO: Define the uses and roles of electronic devices in criminal activity. - Computers as the TARGET: - Criminals focus activity on the electronic or network itself - Hacking- Network penetration or unauthorized access - Doxxing- Publishing stolen/private info - PII- personally identifiable information - Computers as the INSTRUMENT - Facilitates the criminal activity - Phishing (spear or regular), credit card scams, criminal corresponding - Computers as a REPOSITORY - Holds evidence of a crime - Email accounts, archives/log files, browser history EPO: Identify electronic devices that may be or may contain evidence. - Cell phones or handhelds have higher REP than bigger computers - Lots of things hold memory (DSLR camera, kindle, MP3) - Removable media (thumb drive, floppy disk) - Optical media- Anything that uses a laser to read it (CD, DVD, Blu-Ray) - Cloud storage: - Allows criminals to access illegal material without storing it on their computer - A search warrant does not automatically cover contents of online accounts/cloud storage for the residence/business - May need to apply for an independent search warrant EPO: Describe how electronic evidence may be altered or destroyed. - Physical or external - Magnet, high temps, water - Use disc sleeves, anti-static bags, faraday bags - Software or internal - Overwriting data EPO: Identify non-electronic items that may be important in investigating an electronic crime. - Traditional forensics - Latent prints, DNA samples, trace evidence - Paper copies - Password list, computer-generated paper reports - Items that indicate ownership of the computer - Mail w/ name next on desk EPO: Identify the proper procedures in collecting, preserving, and transporting computers and electronic items seized as evidence. - Officer safety is #1, seizing electronics is #2 - Document everything! Photos of on screens, serial numbers - Look for removable media - Disconnect ethernet cable from router- leave power on - Call the experts - Never touch networks - Bottom line- physically separate people then electronically separate them - Don’t turn off computers on, or on computers off - If you need to turn computers off remove Battery then cut Power - Maintain chain of custody at all times EPO: N/a- other things discussed - We capture RAM to crack passwords - Pagefile is overflow when RAM is full - Protected systems files (basically settings of computers) used to crack password Investigative Information Sources and Financial Analysis EPO: Identify the fundamental principles and operation of bitcoin. - “Crypto is a type of virtual currency” - “#’s are always between 26 and 36 characters long, start with 1,3, or bc1” - Hardware wallets - Trezor - Ledger - Seed phrases- a list of 12- 24 words that can unlock an account when entered in the exact order - Conversions of fiat currency (government currency, like USD) to crypto is referred to as the on-/ off- ramps for crypto Courtroom Evidence EPO: Describe how evidence should be collected so a foundation can be laid in court. - Laying a foundation - Usually in the form of testimony by individual with personal knowledge - Can’t just say “this gun was found at the scene” - Mark/tag evidence - COC - Preserving trace evidence (need to prove it was done correctly) - Condition of the evidence at time of trial EPO: Describe how statements and reports are used to aid witnesses in courtroom testimony and in preparation for testimony. - Counsel can use anything to refresh a witness’s memory - The item used to refresh memory are made available to opposing counsel and can be used in cross examination EPO: Describe how to establish a foundation for business records and public documents so that the contents will be admissible in court. - The best evidence rule- need to have the closest to original document possible - An “original” or a “duplicate” - Self Authenticated documents - Don’t need testimonial to authenticate/lay a foundation - Official transcript, something with a seal - Public Records and documents - Can be self authenticating if a custodian place a seal of the public entity on the record to certify it - Business records - Can be self-authenticating if document was - Made at or near the time to which the record pertains - Made by a person with knowledge of the subject - Made in the regular course of business/not specially for the trial - Generated by an electronic process or system - Copied from an electronic device and certified EPO: Describe relevant, direct, and circumstantial evidence. - Relevant evidence- - Proves or disproves an element of charged crime - Prove or rebut a defense - Concerns the credibility (believability) of a witness - Direct evidence- - Prove a fact directly and without need to draw inference - What a witness sees, hears, smells, tastes, touches - Circumstantial evidence- - Also known as indirect evidence - Tends to prove a fact indirectly through an inference, deduction or conclusion - Most physical evidence is circumstantial because it proves something indirectly EPO: Identify factors that can affect witness credibility and the need to collect information regarding a witness's credibility. - Bias- - Related by blood or marriage, or members of a similar group - Or other relationships like both LEOs or Doctors - Motive to fabricate testimony, contradiction, inability to observe - Prior Convictions to show untruthfulness - The opposing party can’t use a prior arrest that did not result in a conviction to impeach a witness - May use any felony conviction to impeach - Can use a misdemeanor conviction for crimes involving dishonesty - Conviction must be less than 10 years old from the date of conviction EPO: Identify the procedural stages of a criminal prosecution. - Pre-Trial Suppression Hearing - Suppression/admittance of evidence - No jury just judge - Voir Dire - Jury selection - Opening Statements by Counsel - Jury is present - Overview of evidence - The Case-In-Chief - Government's case - Defense cross examines - The defense case - Defense does not need to say/do anything (no burden of proof) - May introduce witnesses and introduce exhibits - The Rebuttal Case - Government may offer rebuttal evidence that disputes defense’s evidence - Closing argument - The Charge to the Jury - Sentencing Controlled Substance Identification EPO: IOD-00290 Identify pharmaceutical drugs using the Drug Identification Bible, and various controlled substances through physical characteristics. - Drug Identification Bible - A book where you can find active ingredients, color, shape, dosage, & level of control of drugs with medical use in the US. - The Tablet and Capsule Imprint section - Lists RX (prescription), OTC, and controlled drugs that have medical use in the US, as well as other alpha-numeric marking codes - The Illicit Drug Text Library Section - Has information about the history, manufacturing methods, street names, street prices, schedule, and effects of abused drugs - Heroin - Can be white/tan/gray - Strong vinegar smell - Talcum powder texture - Cocaine base/Crack - Is not water soluble - Can only be smoked to get high Physical Evidence EPO: Identify and/or demonstrate the proper methods for locating, documenting, collecting, and packaging evidence. - Physical evidence (one of 3 types- testimonial, documentary) - Tangible- form/mass - Can be invisible (DNA) or visible (blood, gun) - Can’t be impeached - Locard’s principle- people can’t leave a scene without taking something with them and leaving something behind (trace evidence) - Class characteristic - Qualities shared by all items of a certain group - A screwdriver, a handgun - Individual characteristic - Items with the capability to show a link to a specific source - A screwdriver with a bent handle, a handgun with a fingerprint - Notes: - Need photos, sketches, notes for all scenes - Should be in chronological order, legible, accurate - Include any changes you made to the scene - Remember prints are everywhere! - Sketches must have: - North arrow - “Not to scale” - And a key/ title block (case #, time/date, 5w’s) - Measuring: - Use 2 people - 3 types - Baseline- used for items against a wall - Rectangular- two measurements taken at right angles to creat a grid - Triangulation- Most accurate, two fixed points, measure to multiple points on the item EPO: Identify the components of a document and methods of obtaining request and non-request exemplars. - How does the lab determine the age of the document? - Ink and paper analysis - USSS has the worlds largest ink library! - Paper usually has watermarks imbedded during production USSS also tracks this - How to tell where a printed doc came from? - Laser printers often leave marks on paper from improper maintence - Glass copiers leave “trash marks” or little defects that can help trace - Big copier companies imprint each copy with a matrix of yellow dots - How to ID handwriting? - Ink, paper, writing instrument - Age, health, and drugs/alcohol impact handwriting - Compelled/requested handwriting exemplars - Pros: Can control conditions, amount of sample, and what is written - Cons: Elapsed time, subject can disguise handwriting - Procedures: - Get exemplars early in interview - Duplicate text exactly when possible - Have subject complete personal history form - Non request handwriting exemplars - Pros: free from disguise, can be obtained w/o subjects knowlege - Cons: time consuming, difficult to authenticate EPO: Identify the process for establishing and maintaining a chain of custody and submitting evidence for laboratory analysis. - Chain of Custody - A life history of a piece of evidence - Necessary for item to stand up in court - Letter of Transmittal - Submission of evidence to lab for analysis - Agency specific - Describe case, investigator, request what analysis, contact information ect. Law Enforcement response to a Mental Health Crisis EPO: Recognize behaviors associated with a mental health crisis. - Mental illness= thoughts/emotions/regulation that are dysfunctional or maladaptive - Extreme emotion in response to a life event is not mental illness - Loss of a loved one - Mental Health Crisis= behavioral/emotional/psychiatric situation resulting in significantly reduced levels of functioning - Signs- Visible effect, physical indicator (what you see when you interact with someone) - Symptoms- What the person is experiencing (feelings or hallucinations) - A person with in mental health crisis can assume many roles - Offender, complainant, victim, missing person, disorderly person EPO: Identify and/or demonstrate techniques to de-escalate a situation involving a subject believed to be in a mental health crisis. - Officer safety is #1 (public safety too ig) - Obtain as much information as possible - Develop a plan of approach - Asses scene/person- Mental health crisis? - Secure the scene - AFTER scene is secure develop rapport - Move slowly - Introduce yourself, get their name - Calm voice - Keep communication simple - Don’t argue - Don’t confirm any of their delusions - Use of force considerations don’t necessarily change because of a mental health crisis

Electronic Law and Evidence PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue