First Responders to Digital Evidence

Question 1

What is Electronic Evidence?

Answer 1

Any probative information stored or transmitted in digital format that can be of evidentiary value in a criminal or civil court proceeding.

Question 2

What are some examples of how a computer can be used as a target of a crime?

Answer 2

Embezzlement, theft of service, system intrusion, espionage, Terrorism, Cellular Phone Cloning, Software piracy and theft, theft of computer and computer/technology components.

Question 3

How can computers can used as the Instrument or tool of criminal activity?

Answer 3

Solicitation of minors, e-stalking, Identity theft, credit card scams, internet fraud and variety of e-commerce scams, counterfeiting

Question 4

What are some examples of how computers and other electronic devices can used as repositories of evidence and other information?

Answer 4

Financial Records, Address Books, Correspondence, Photographs, Historical records, recorded messages and other audio files, call records and other personal logs, Temp internet files

Question 5

Computers can also be the ________ of _________ _______, or the results of computer operations can be ________ of a _______.

Answer 5

Fruit of Criminal Activity, Fruit of a crime

EX. Computer-generated reports and records, counterfeited cellphones, counterfeit currency or credit cards.

Question 6

How can electronic evidence be altered or destroyed?

Answer 6

• Tainted or removed either accidentally or intentionally.
• Magnetic flux can hard computers
• Electro-Static Discharge (ESD) or static electricity can be particularly damaging to smaller media devices such as thumb drives.

Question 7

You should avoid direct sunlight for extended periods and temperatures above 100 for what devices?

Answer 7

Computers, disk, tapes, and other storage devices.

Question 8

What should you do if a computer has been exposed to sub-freezing temperatures?

Answer 8

Allow the machine and media to return to ambient temperature before attempting access.

Question 9

How can Optical media disks be easily tainted?

Answer 9

Through willful scratching or mutilation and also susceptible to extreme temps and environmental degradation.

Question 10

What non-electronic items may be important in the investigation of electronic crime?

Answer 10

-All Software documentation
–Computer-generated paper reports
Documentary evidence such as magazines and letters that can tie the suspect to computer workstation
-Photographs
-Address books
-List of password or access codes
-All notes and paper scraps at the computer workstation

Question 11

What is the first and foremost proper procedure in collecting, preserving, and transporting computers and electronic items sized as evidence?

Answer 11

Officer Safety

Question 12

What is the proper procedure in collecting, preserving, and transporting computers sized as evidence?

Answer 12

• Immediately isolate the computer from any user or potential user.
• Remove smart phones from user and keep it away from network access

Question 13

If a computer is running when you go to seize it what should you do?

Answer 13

Unplug it from the back

Question 14

If a computer is off when you go to seize it what should you do?

Answer 14

Leave it off

Question 15

What should you make record off when seizing a computer?

Answer 15

Record anything on the computer screen

Record the configuration of wires and cables if the system will be taken.

Question 16

What should you do if you seizing a cell phone that is on?

Answer 16

Leave the phone on
Place it in an electromagnetically shielded device (Faraday Device)
Photograph home screen if on.
Photograph serial # on back

Question 17

What should you do if you seizing a cell phone that is off?

Answer 17

Leave it off!

Question 18

When the computer itself is the focus of criminal activity, it is considered to be the what of a crime?

Answer 18

Target.