Term
What 7 things must search warrants include?
1.
2
3.
4.
5.
6.
7. |
|
Definition
*Court Authority
*Crime being investigated
*Locations to be searched
*Property to be searched and seized
*Statement of Probable Cuase
*Chronology of events
*Exhibits |
|
|
Term
| To obtain a search warrant law enforcements officers must go before a………….. They must present them with _______ that deomstrates what level of proof? |
|
Definition
*Judge/ magistrate
*Affidavit
*demonstrating probable cause. |
|
|
Term
| Search warrants specify the type of evidence that ____________ and the ___________that my be searched. |
|
Definition
| *May be gathered *locations |
|
|
Term
| When executing search warrants officer must____________? Unless a _______? |
|
Definition
| Knock and Announce unless circustance |
|
|
Term
| What does the Plain View doctrine allow? |
|
Definition
| evidence to be seized without warrant ( Officer legally searching area comes upon evidence inadvertently) |
|
|
Term
| Terry Vs. Ohio deals with ___________amendment? |
|
Definition
| 4th amendment search and seizure->terry stop |
|
|
Term
| An officer has to have ___________ to do a terry stop? |
|
Definition
|
|
Term
| Does an officer need probable cause to do a terry stop? |
|
Definition
| No, they need reasonable suspciosn |
|
|
Term
| TSA searches fall under what Act? |
|
Definition
| Aviation and Transportation Security Act |
|
|
Term
| Border Searches "The Border Search Exception" applies as long as ___________________? |
|
Definition
| International boundaries have been crossed |
|
|
Term
| Do private investigators have to follow 4th amendment laws? |
|
Definition
|
|
Term
| What is the body of law that determines the admissibility of evidence into court? (FRED) |
|
Definition
| Federal Rules of Evidence |
|
|
Term
| Electronic evidence must be ____________ or may be __________ in court. |
|
Definition
| *Authenticated *inadmissible |
|
|
Term
| The Uniform Rule of Evidence Act (1995-2005) is |
|
Definition
| similar to fred but for states to adopt (38) |
|
|
Term
| If you relinquish control of files to a third party like a computer repair shop you have? What guide lists these circumstances? |
|
Definition
| *No reasonable expectation of privacy *DoJ Search and Seizure Guide |
|
|
Term
| What is Locards Exchange Principle? |
|
Definition
| "…anyone, or anything, entering a crime scene takes something of the scene with them, and leaves something of themselves behind when they leave." |
|
|
Term
| What is the role of the First Responder? |
|
Definition
| *Identify the crime scene *Protect the crime scene *Preserve temporary & fragile evidence *Collect all information about the incident *Document all findings *Package & transport electranic evidence |
|
|
Term
| Any attempt to recover data by __________ personnel could ________________the integrity of the evidence & make it __________ |
|
Definition
*untrained personnel
*compromise
*inadmissible |
|
|
Term
| What is the order of volatility when collecting evidence? |
|
Definition
| Most volatile to least volatile |
|
|
Term
| The role of the forensic examiner is to ________? |
|
Definition
|
|
Term
| What are some ways of securing computer related evidence? |
|
Definition
*Some cases all PC periphs/ media must be bagged and tagged
*Other cases the HD must be imaged on site. |
|
|
Term
| What are 4 methods of preserving evidence? |
|
Definition
*Videotape/photograph scene
*Diagram layout/label connections
*If file is unsaved in Ram copy to external
*If machine off, Leave off
*Catalog all evidence |
|
|
Term
| How many people should be assigned to gather evidence? Why? |
|
Definition
*One
* Avoid contaminating evidence |
|
|
Term
|
Definition
| The international Association of Computer Investigative Specialists |
|
|
Term
| Do forensic examiners determine guilt or innocence? |
|
Definition
| No they just get the facts. |
|
|
Term
| What are 3 things that may be in a basic evidence kit? |
|
Definition
| evidence bags, cables/adapters, forensic boot disk |
|
|
Term
| Before surveying the scene the examiner should? |
|
Definition
|
|
Term
| Who many people should be assigned to gathering evidence? Why? |
|
Definition
| 1 person, Do not want to contaminate evidence |
|
|
Term
| What are some ways of preserving evidence? |
|
Definition
| *Videotape/photpgraph *Diagram layout -connections *Machine off= leave off *catalog evidence |
|
|
Term
| To preserve evidence you generally want to shut down computer? Except if ? |
|
Definition
| Yes. *If there is unsaved file on the screen (In Ram).-> save to external |
|
|
Term
| To be used as evidence, a forensic copy has to be an ? |
|
Definition
| Exact duplicated(bit by bit) |
|
|
Term
| Forensic examiners use _______________ logs to document everything? |
|
Definition
|
|
Term
| What 4 things should the examiner beaware of when making a forensic copy/image? |
|
Definition
*write block the evidence
*drive being copied is forensically clean
*Doin bit by bit copy
*record hash-shows nothin changed. |
|
|
Term
| What is the systematic approach to an investigation? |
|
Definition
| Includes having checklist |
|
|
Term
|
Definition
| Hiding information in a file |
|
|
Term
| What is an example of legal steganopgraphy and what is can example of illegal steganography? |
|
Definition
| *digital watermarking * hiding illegal documents |
|
|
Term
| What are 3 possible evidence for child abuse or exploitation? |
|
Definition
| *computers *videotapes *removable media |
|
|
Term
| What is 3 pieces of potetnial evidence that can be used for computer intrusion? |
|
Definition
| *usernames passwords *web cameras *handheld mobile devices |
|
|
Term
| Should documentation be saved for last? |
|
Definition
|
|
Term
| What should examiner beaware of when making a forensic copy/image? |
|
Definition
|
|
Term
| What shuld be the first step be in an investigation? |
|
Definition
|
|
