Digital Forensics Chapter 7

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What are some exceptions to the search warrant requirements?

1. Search Incident to Lawful Arrest 2. Plain View Exception 3. Consent 4. Stop & Frisk 5. Automobile Exception 6. Emergencies/Hot Pursuit

Riley v. California (2014)

A landmark United States Supreme Court case in which the Court unanimously held that the warrantless search and seizure of digital contents of a cell phone during an arrest is unconstitutional.

Search Incident to Lawful Arrest Exception

A search incident to lawful arrest does not require issuance of a warrant. In other words, if someone is lawfully arrested, the police may search her person and any area surrounding the person that is within reach (within his or her "wingspan"). See Chimel v. California, 395 U.S. 752 (1969). The rationale is that the search is permissible as a protective measure for police safety and to secure evidence that might be destroyed. A search incident to lawful arrest also applies to the search of a vehicle, specifically when officers arrest the occupants of a vehicle.

What is a "witness"?

A witness is someone who is knowledgeable towards the facts of the case through observation or perhaps they were involved in some way. For example, in a murder case, this type of witness may have observed the actual murder or may be an acquaintance of the individual involved in the case. This type of "witness" can deliver truthful statements of what they saw took place, or statements regarding the character of those involved in the case. But they can't give their 'opinion'.

This Act bans a third party from intercepting and/or disclosing electronic communication without prior authorization. A. Electronic Communication Privacy Act (ECPA) B. The Patriot Act C. The Fourth Amendment D. Stored Communication Act (SCA)

A. Electronic Communication Privacy Act (ECPA)

Failure of parties in a lawsuit in their duty to preserve evidence can lead to this. A. Spoilage B. Large federal fines C. Data destruction D. eDiscovery

A. Spoilage

What is an "expert witness"?

An expert witness can give their opinion; it is someone who holds a specialized knowledge in a particular field concerning the case, i.e. a forensic practitioner, medical doctor, accountant, etc. The court can decide if an individual is an expert or not, but an expert is someone "who by virtue of special knowledge, skill, training, or experience is qualified to provide testimony to aid the factfinder in matters that exceed the common knowledge of ordinary people" ((FindLaw) Sammons). An expert witness can also have the skills to communicate to a judge and jury in a way they can understand or relate to. They are also trained to perform their duties without any bias or any preconceived ideas or opinions - they base their conclusions on data and facts in their presentation.

This is a way to test a large collection of ESI for the existence or frequency of relevant information. A. Data governance B. Data sampling C. eDiscover D. Data exporting

B. Data sampling

Automobile Exception

Because vehicles are obviously highly mobile, a warrant is not required to search vehicles if police have probable cause to believe the vehicle contains evidence of a crime, the instrumentalities of crime, contraband, or the fruits of a crime. Although commonly referred to as the "automobile exception," this rule applies to any vehicle, including boats. While in some ways, it is quite a broad exception, this rule limits the ability to search those areas that might contain evidence of the type suspected to be present. In other words, if police suspect that the occupant of a boat is smuggling people across the border, searching a small tackle box on board would not be permissible. However, if they were looking for drugs, they could search the tackle box. The rationale is that, if an officer has to take the time to obtain a warrant, the vehicle might be out of reach before the warrant can be issued and executed. See Carroll v. United States, 267 US. 132 (1925)

United States v. Slanina (2002)

Case regarding "close container" subject; the Fifth Circuit ruled that when a proper search is conducted on a portion of a disk, defendants no longer have a reasonable expectation of privacy in regard to other files.

What is an example of probable cause?

Common examples of probable cause include the sight or smell of contraband in plain view or plain smell, or an admission of guilt for a specific crime. It might also include a police officer's suspicion that an individual is in possession of drugs, if that person smells strongly of marijuana.

According to the Stored Communication Act (SCA), this is "any service which provides to users thereof the ability to send or receive wire or electronic communication." A. Internet Service Provider (ISP) B. Electronically Stored Information (ESI) C. Remote Computing Service (RCS) D. Electronic Communication Service (ECS)

D. Electronic Communication Service (ECS)

Which of the following is NOT considered an exigent circumstance? A. The evidence is under immanent threat of distruction B. A threat put law enforcement or the public in danger C. The suspect may escape before a search warrant can be issued D. The suspect is not at or near his/her computer system

D. The suspect is not at or near his/her computer system

The process of collecting, preparing, reviewing, and producing electronically stored information (ESI) in the context of the legal process is known as: A. duty to preserve B. Search & Seizure C. iDiscovery D. eDiscovery

D. eDiscovery

Explain differences between digital evidence and physical evidence. How does it relate to the "duty to preserve"?

Digital evidence refers to the actual files or media such as a word doc, a jpeg, and/or video file. basically this goes as far as to the ones and zeros of the digital file. Physical evidence refers to the hardware that the digital files are on such as a hard disk, CD, and/or USB. Both types of evidence must be preserved and protected from destruction or deletion. digital must be preserved from the state it was identified.

What is ECS?

Electronic Communication Service (ECS)

What is ESI?

Electronically Stored Information (ESI)

All employees in the US possess a reasonable expectation of privacy on their work computers. True or False?

False

Private organizations must obtain a search warrant prior to seizing their employees work computers as evidence. True or False?

False

An individual maintains his/her Fourth Amendment protections when an e-mail reaches its final destination. True or False

False - only when being transmitted.

Whats an example of the plain view doctrine?

If a cop pulls someone over for a broken tail light or speeding and there is a joint sitting openly on the dash board. The cop can cite you for the original infraction and then also arrest you for drug possession. If there's a folder on the desktop labeled "Identity Theft Folder" then plain view would apply. If child pornography is embedded within a Football related image and could only be found with in depth examination then plain view would not apply.

Consent Exception

If consent is given by a person reasonably believed by an officer to have authority to give such consent, no warrant is required for a search or seizure. So, if a suspect's "significant other" provides police with a key to the suspect's apartment, and police reasonably believe that she lives there, the search will not violate suspect's Fourth Amendment rights even if she did not live there and even if she, in fact, lacked authority to consent. See Illinois v. Rodriguez, 497 U.S. 177 (1990).

United States v. Megahed (2009)

In this case, consent can be revoked at any time, therefore, defendants do not have a reasonable expectation of privacy with a forensic clone. For this reason, cloning a drive sooner rather than later is a wise move.

United States v. Walser (2001)

In this case, the Tenth Circuit took the stance "because computer can hold so much information touching on many different areas of a person's life, there is greater potential for the 'intermingling' of documents and a consequent invasion of privacy when police execute a search for evidence on a computer".

What is the purpose of the Electronic Communications Privacy Act (ECPA)?

It's purpose was to ban a third party from intercepting and/or disclosing electronic communications without prior authorization.

Plain View Exception

No warrant is required to seize evidence in plain view if the police are legitimately in the location from which the evidence can be viewed. For example, an officer cannot illegally enter a suspect's back yard and then use the plain view exception to seize an illegally kept alligator living in the pool. But, if on the premises to serve a warrant duly issued to search for marijuana plants, the alligator, if in plain view, can rightly (though by no means easily) be seized.

Stop and Frisk Exception

Police may stop a suspect so long as there is a reasonable suspicion of a criminal act and the officer can articulate facts leading to that suspicion. The evidence necessary for "reasonable suspicion" here is something beyond mere suspicion, but is less than the level required for probable cause. If there is reason to believe that the person may be armed and dangerous, the police can also frisk the suspect. See Terry v. Ohio, 392 U.S. 1 (1968).

What is probable cause?

Probable cause is a requirement found in the Fourth Amendment that must usually be met before police make an arrest, conduct a search, or receive a warrant. Courts usually find probable cause when there is a reasonable basis for believing that a crime may have been committed (for an arrest) or when evidence of the crime is present in the place to be searched (for a search). Under exigent circumstances, probable cause can also justify a warrantless search or seizure. Persons arrested without a warrant are required to be brought before a competent authority shortly after the arrest for a prompt judicial determination of probable cause.

What is "search and seizure"?

Search and Seizure is a procedure used in many civil law and common law legal systems by which police or other authorities and their agents, who, suspecting that a crime has been committed, commence a search of a person's property and confiscate any relevant evidence found in connection to the crime.

What is ECPA?

The Electronic Communications Privacy Act (ECPA). Its purpose was to ban a third party from intercepting and/or disclosing electronic communications without prior authorization.

The Frye Test

The Frye standard, Frye test, or general acceptance test is a test to determine the admissibility of scientific evidence. It provides that expert opinion based on a scientific technique is admissible only where the technique is generally accepted as reliable in the relevant scientific community.

What is SCA?

The Stored Communication Act (SCA). In 1986, it provided statutory privacy protection for customers of network service providers. The SCA controls how the government can access stored account information from entities such as Internet Service Providers.

Illinois v. Gates (1983)

The Supreme Court said that probably cause is established when there is "a fair probability that contraband or evidence of a crime will be found in a particular place".

What is plain view doctrine?

The plain view doctrine allows a police officer to seize objects not described in a warrant when executing a lawful search or seizure if he observes the object in plain view and has probable cause to believe that it is connected with criminal activities. The incriminating character of the object should be immediately identifiable. Evidence in a container can not possibly be identified by plain observation or touch and therefore should not be seized unless it is listed in the warrant.

Emergencies/Hot Pursuit

The rationale here is similar to the automobile exception. Evidence that can be easily moved, destroyed or otherwise made to disappear before a warrant can be issued may be seized without a warrant. Furthermore, if a suspect enters private property while being pursued by officers, no warrant is required to enter that property in order to continue pursuit, even if the suspect is in no way connected with the property owner.

What is "reasonable expectation of privacy"?

There is no clear-cut test that helps define it, but a rule of thumb, you can consider the computer as a closed container. If an officer lacks the authority to open a desk or box, the same would be true with a computer. A reasonable expectation of privacy, the government must first obtain a search warrant.

Daubert v. Merrell Dow Pharmaceuticals, Inc (1923)

This is a United States Supreme Court case determining the standard for admitting expert testimony in federal courts. The Daubert Court held that the enactment of the Federal Rules of Evidence implicitly overturned the Frye standard; the standard that the Court articulated is referred to as the Daubert standard.

The Wiretap Act, Title III of the Omnibus Crime Control and Safe Streets Act of 1968

This prohibits unauthorized monitoring and lists the procedures needed to obtain a warrant for wiretapping (DOJ, Office of Justice Programs, 2010)

United States v. Frye (1923)

This standard comes from Frye v. United States, 293 F. 1013 (D.C. Cir. 1923), a case discussing the admissibility of systolic blood pressure deception test as evidence. The Court in Frye held that expert testimony must be based on scientific methods that are sufficiently established and accepted.[2]

An individual maintains his/her Fourth Amendment protections when an e-mail is being transmitted. True or False?

True

Data sampling is one of the best ways to save time and reduce costs during the eDiscovery process. True or False?

True

Information that an individual knowingly exposes to others is not protected by the Fourth Amendment. True or False?

True

What were 2 cases that formed the foundation of the admissibility of expert testimony?

United States v. Frye (1923) and Daubert v. Merrell Dow Pharmaceuticals, Inc. 509 U.S. 579 (1993).

What is "duty to preserve"?

Whenever it can be "reasonably anticipated" that an action will be filed, all parties have a duty to preserve potentially relevant evidence. And "evidence" includes all information, including not just hard copy documents, but all electronically stored information. If you fail in this obligation, the sanctions can be devastating.

Zubulake v USB Warburg

Zubulake v. UBS Warburg is a case heard between 2003 and 2005 in the United States District Court for the Southern District of New York. Judge Shira Scheindlin, presiding over the case, issued a series of groundbreaking opinions in the field of electronic discovery. Plaintiff Laura Zubulake filed suit against her former employer UBS, alleging gender discrimination, failure to promote, and retaliation.[1] Judge Shira Scheindlin's rulings comprise some of the most often cited in the area of electronic discovery, and were made prior to the 2006 amendments to the Federal Rules of Civil Procedure.[2] The relevant opinions in the field are known as Zubulake I,[3] Zubulake III,[4] Zubulake IV,[5] and Zubulake V.[6] In 2012, the plaintiff published a book about her e-discovery experiences titled Zubulake's e-Discovery: The Untold Story of my Quest for Justice.[7]


Ensembles d'études connexes

Chapter 16: Trauma, Stressor-Related, and Dissociative Disorders 30Qw/exp

View Set

Chapter 6: Business Strategy: Differentiation, Cost Leadership, and Blue Oceans

View Set

Chapter 13: Fluid and Electrolytes: Balance and Disturbance

View Set

Exam AI-900: Microsoft Azure AI Fundamentals

View Set