Digital

Question 1

Give the 4 principles from the ACPO guide for computer based evidence?

Answer 1

1. Data Preservation
2. Competence
3. Audit Trail
4. Responsibility

Question 2

Explain Principle 1 of the ACPO guide?

Answer 2

Data preservation: no action by law enforcement agents (or agencies) should change data on a computer (or storage media) that is later relied on in court

Question 3

Explain Principle 2 of the ACPO guide?

Answer 3

Competence: If a person finds it essential to access original data on a computer (or storage media), this person must be competent to do so and be able to give evidence explaining relevance and implications

Question 4

Explain Principle 3 of the ACPO guide?

Answer 4

Audit Trail: an audit trial or other record of all processes applied to computer based systems should be created and preserved. An independent 3rd party should be able to examine these processes and achieve the same result

Question 5

Explain Principle 4 of the ACPO guide?

Answer 5

Responsibility: The person in charge of the case (case officer) has overall responsibility for ensuring that the law and these principles are adhered to.

Question 6

What should be done to remove a computer from a scene?

Answer 6

power cables should be removed from the equipment, not unplugged or switched at the wall. The equipment should not be turned on.

Question 7

what are the 4 steps of the ‘forensic process’

Answer 7

Acquisition: Consent, legal documentation, pic/vid/notes of item location
Identification: digital equipment type, origin (e.g. directory), evidence type (e.g. file)
Evaluation: who, how, when was the evidence produced (relevance, foul play? (virus/trojan)
Presentation: Interpretation, readability, technically correct

Question 8

Name the 4 most important parts of legislation

Answer 8

Computer Misuse Act (1990)
Protection of Children Act (1978)
Criminal Justice and Public Order Act (1994)
Sexual Offences Act (2003)

Question 9

Give the parts of the Computer Misuse Act (1990) that are relevant to Digital Forensics?

Answer 9

Section 1: Unauthorised access to computer material
Section 2: Unauthorised access with intent to commit or facilitate the commission of a further offence
Section 3: Unauthorised modification of computer material

Question 10

Give the parts of the Protection of Children Act (1978) (POCA) that are relevant to Digital Forensics?

Answer 10

Section 1; 
a) Taking, Making or Possessing... 
b) Distributing.... 
c) Possessing with intent to distribute... 
....an indecent photo of a child

Question 11

What did the Criminal Justice and Public Order Act (1994) do to POCA (1990)?

Answer 11

Amended S1 to include ‘psuedo-photographs’

Question 12

What did the Sexual Offences Act (2003) do to POCA (1990)?

Answer 12

Amended S1 to include;

a) Increased the age of a child 16 -> 18
b) Added the defence where an indecent photo of a child over the age of 16 was created by the child’s long time partner (marriage/’enduring relationship’
c) Added the defence where it is required to create an indecent image for a criminal investigation

Question 13

How could you prove the ‘Actus Reus’ for the POCA?

Answer 13

Finding Images

Question 14

How could you prove the ‘Mens Rea’ for the POCA?

Answer 14

evidence of browsing, saved pictures, renaming of pictures, searching for pictures

Question 15

What is the main difference between E-FIT and E-FIT V/6?

Answer 15

E-FITV/6 is a holistic based system, meaning whole face as one and not truely focused on individual features (E-FIT)
E-FITv/6 has a evolutionary progressive algorithm, meaning it can identify features by number and apply similar ones based on choices

Question 16

Explain how E-FIT works?

Answer 16

It is a method of facial reconstruction that is feature-based database, whereas the officer searches for features based on descriptions and puts them all together

Question 17

What are the advantages of a holistic based facial reconstruction system?

Answer 17

A whole face increases the witnesses ability to recognise , they are better suited to cognitive processes in facial recognition

Question 18

Name the 5 main methods of facial identification

Answer 18

Computerised facial reconstruction (2d/3d)
Artist Composite
Computerised / Artist impression (no witnesses)
Post - Mortem impression
Age progression

Question 19

Explain when a post-mortem impression might be used

Answer 19

When there is injury or damage to the face, i.e. physical assault, fire, water. But the damage hasn’t cause severe disfigurement

Question 20

What is the benefit of using an artist composite?

Answer 20

It can include distinguishable features of the whole body, tattoos, clothing, used when photography cannot be used