Highfill - 392 - Policies and Procedures - Investigative Procedures Flashcards

1
Q

If an officer/detective comes into contact with any digital media device which meets ___________ standards or the device may contain evidence, they should first seek
____________ by completing a ___________, and have the form signed by the owner or the authorized agent of the device.

A

probable cause
consent to search
Consent to Search Computer(s), Computer Peripherals, & Related Audiovisual or Digital Media/Devices Form (P-0527)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Form P-0527 should be _______________ and stored in the ___________.

Note that consent to search ______ valid if the PIN or password to the device is not provided.

A

retained as evidence
Property and Evidence Facility
is not

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Regardless of computer knowledge or technical aptitude, an officer/detective __________ search through any digital device or request a complainant, victim, or suspect to search any device acting as an agent of the Jacksonville Sheriff’s Office (JSO). Any search done in this manner could render the evidence ________ in court.

A

should not

inadmissible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Any ___________ who searches through a digital device (scrolling through cell phone image gallery, searching computer internet history, etc.) will __________ in an Incident or Supplement Report.

A

officer/detective

document the actions taken

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

If Consent to Search Form (P-0527) cannot be obtained, and there exists exigency
and/or facts are known to indicate a crime has been committed using the digital device, __________. A _________ can be obtained later to conduct an examination of the device.

A

seize the device

search warrant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An officer/detective attempting to obtain a search warrant should consult with a ________________ to ensure that a properly structured and worded search warrant is drafted.

A

Digital Forensic Examiner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An officer/detective should ________ inform the owner/agent of a digital device to remove or delete any item(s) from a digital device.

A

NOT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

If data, image, or digital evidence is ___________ on a computer or mobile device
screen, the officer/detective should if possible _____________ of what is in plain
view, without manipulating the digital device and consult a digital forensic examiner.

A

in plain view

take a photograph

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An officer/detective not assigned to the Computer Forensic Investigations Unit ________
guess or otherwise make __________ to enter the unknown password of a locked
device.

A

will not

blind attempts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Blindly attempting to enter a device may ________ or ________ the device, without warning, and cause permanent evidence destruction that could have been otherwise obtained during
a forensic analysis.

A

permanently disable

wipe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

If the digital device is OFF, ____________.

A

leave it OFF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

If the digital device is ON, document _________, _______, and _______, without imputing
data into the device.

A

open screens,
time,
and dates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

If the digital device is ON, _______ or _________ into the device.
Exception:
There may be times when this cannot be avoided. If this happens, document ________
used and document ______ this step was necessary.

A

do NOT type
input anything
every step
why

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An officer/detective should NOT ______ or _______ any type of software or hardware (i.e., flash/thumb drives, external hard drives, etc.).

A

remove

install

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When collecting a desktop computer: if it is ON, _________ and simply unplug the power cord from the back of the computer.

*** However, if the computer is on and there is an articulable belief that hard drive(s) are encrypted, ____________ the computer.

Instead, consult with the on-call digital forensic examiner. Encryption may be an issue if the subject of the investigation displays computer knowledge that exceeds that of an average user.

A

leave it ON

do NOT unplug or power off

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When collecting a laptop computer: if it is ON, __________ and ____________ first,
then the power cord. Upon removal, do NOT reinsert the battery to prevent accidental
start-up. The same policy concerning encryption applies.

A

leave it ON

remove the battery

17
Q

Cellular phones and mobile devices (eReaders, tablets, GPS, etc.) should be collected in
the same manner as laptops. Remove the _________ from the device and do ____ reinsert
it. This will prevent remote wipe and GPS tracking by the device owner.

A

battery

NOT

18
Q

Cellular phones and mobile devices considering that powering off the device
may require __________ when powered back on, it is imperative to obtain the password
before turning the device off.

A

a password

19
Q

Cell phone and mobile devices: If removing the battery is ________; turn off the device and wrap it in at least ____ layers of aluminum foil. Note, however, that doing so while the device is powered on will quickly drain the battery and could cause damage due to overheating.

A

not possible

four

20
Q

To prevent evidence tampering and destruction of digital evidence, _________ search through it. Scrolling through __________, __________, and _________ can modify metadata that is vital to the investigation and cannot be unchanged.

A

do not

messages, images and other files

21
Q

If a seized/obtained device may need a password to gain entry, the _______ receiving the device shall ask the possessor/owner of the device for the ____________.

A

officer/detective

password

22
Q

An officer/detective should document the name of the individual who provided the information about a seized device even if the password is ________.

A

unknown or refused

23
Q

If a device’s password is a ________, document the pattern and have it confirmed by the possessor/owner of the device.

A

swipe pattern

24
Q

Investigations involving computers or any other related device where individuals have user profiles (user accounts), require the investigating officer/detective to obtain all of the user _______ and ________ used on the device.

A

profile names

passwords

25
Q

When computers are submitted for analysis, the case agent or detective must submit a searchable _________ to the digital forensic examiner conducting the analysis.

A

keyword list

26
Q

Forensic examinations can have extensive processing times that are subject to change without notice, and owners/agents of electronic devices should NOT be given __________ on the completion of the examination.

A

specific time frames