Forensic Science Test 4

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Conflagration

A large destructive fire. Uncontrolled burning.

Software

A set of instructions compiled into a program that performs a particular task; software consists of programs and applications that carry out a set of instructions on the hardware

Cache

Browser cache is a visited web page stored on HDD.

Swap file

Data from RAM that is stored on HDD.

Imaging

Process that does not alter the original, but makes an exact copy of the digital evidence.

Arson

The conflagration, or uncontrolled burning, of any real property without consent or with unlawful intent.

SIM card

The little card used in phones that connects the phone to the wireless cell phone network

Deflagration

The oxidation reaction of a subsonic shock wave.

Relate various areas found on the computer where a user's internet activities can be investigated.

There are several sources including the browser cache, cookies, internet history, bookmarks, etc.

Slack space

Unused storage capacity in HDD.

Video Spectral Comparison

Used by immigration authorities, government agencies and forensic science labs. Detects forgeries in passports, visas, ID's, immigrtation documents, etc.

Requested writing

Written in the presence of an investigator/examiner. Writer may be nervous or try to disguise their writing, easily authenticated.

Understand the components of the ACE approach to handwriting analysis.

"ACE" A- analysis of the "knows" with a determination of the characteristics found in the known. A- analysis of the questioned or unknown writing and determination of its characteristics C- comparison of the questioned writing with the known writing. E- evaluation of the evidence, including the similarities and dissimilarities between the "questioned" and "known" writing.

Exemplar

(Specimen) A known sample that is used for comparison. Known writings that should contain some of the same words or combinations of letters that are present in the questioned document(s).

Incendiary

(adj.) deliberately setting or causing fires; designed to start fires; tending to stir up strife or rebellion; (n.) one who deliberately sets fires, arsonist; one who causes strife.

Know the guidelines for collection of requested writing samples.

- The subject should not be shown the questioned document - The subject is not told how to spell words or use punctuation. - The subject should use materials similar to those of the document - The dictated text should match some parts of the document. - The subject should be asked to sign the text - Always have a witness

Know the 12 handwriting characteristics that a document examiner may use to determine the authenticity of a document.

1. Average amount of space between words and letters. 2. Relative height, width, and size of letters 3. Line quality -smooth, free-flowing, or shaky and wavering. 4. Connecting strokes -strokes between upper and lower case letters and between the letters and the words. 5. Beginning and ending strokes -how the writer begins and ends words, numbers, and letters 6. Pen lifts and separations -how the writer stops to form new letters and begin words. 7. Shading and pen pressure -makes lines light or dark, narrow or wide. 8. Baseline habits -if the writer's letters stay straight or move up and down compared to a baseline. 9. Slant -analyzing the writing slant: left, right, or straight. 10. Unusual letter formation -letters with tails, written backwards, etc. 11. Flourishes or embellishments -fancy letters, curls, loops, circles, etc. 12. Letter characteristics -such as completeness of closed characters such as o, e, and a, the dotting of I and j, and the crossing of t.

Cybercrime

A crime committed entirely through digital means, such as computer hacking, economic fraud or identity theft.

Obliteration

A document may have parts that are blotted or smeared, making the original unreadable. Usually done with strong oxidizing agents to make the ink become colorless.

Identify the types of computing devices categorized as "mobile devices"

A mobile device is made up of a computer and one or more radios.

Understand the differences between documents altered by addition, erasure, obliteration and charring, as well as methods a document examine would use to determine such alterations.

Additions: Adding content to an already prepared document. Found using infrared luminescence. Erasures: An India rubber eraser, sandpaper, razor blade, or knife is used to scratch the paper's surface in an attempt to remove writing or type. Found using a microscope. Obliteration: Smears or bloats on parts of a document that make the original unreadable. Found using strong oxidizing agents that make the ink become colorless, however it is not visible to the naked eye so a microscope, ultraviolet, or infrared lighting is used. Charring: Documents can accidentally or purposely be charred in a fire. Found using infrared photography or reflecting light at different angles to reveal the document's contents.

Hash (or hashing)

An algorithm which uses the original information as input and uses an algorithm to create an output string that is unique to the original at the bit level of detail.

Forgery

An item prepared with the intent to deceive. Blind forgery, simulated forgery, traced forgery.

Accelerant

Any material used to start or sustain a fire. Most commonly a liquid.

Questioned document

Any object that contains handwritten or typewritten markings whose source or authenticity is in doubt.

Explain how devices fit into a digital investigation.

Chain of evidence which describes the events and concomitant evidence that make up the events of teh crime. Temporal chains show events in the order in time in which they occured. Causal chains of evidence describe the events of a crime in terms of cause and effect.

Understand which aspects of questioned document analysis produce class-characteristic evidence and which produce individual characteristic evidence.

Class characteristics include the type of ink as it can link suspects or victims to the crime scene. Handwriting as well. Individual characteristics include typewriter or printer specific marks. This is difficult to come by.

Understand the common motivations for arson and common clues that a fire may be arson.

Common motives for arson: Vandalism- Both mischievous and malicious Excitement- A thrill seeker who wants attention Revenge- Retaliation for a personal societal injustice Crime Concealment- To cover up a primary crime such as murder Profit- Insurance money Extremist- Beliefs on social issues such as abortion clinics or churches Common clues: Multiple points of origin Strange odors Accelerant soaked rags Extensive regions of low burn Faster and hotter fire than would be expected Empty containers of accelerant

IP address

Computers that participate on the Internet, therefore, are provided with an Internet protocol address from the internet service provider to which they connect.

Understand the difference between conduction, convection and radiation as modes of heat transfer.

Conduction: The movement of heat through a solid object. Electrons and atoms within the heated object collide with one another. Convection: The transfer of heat energy by movement of molecules within a liquid or gas. Radiation: The transfer of heat energy from a heated surface to a cooler surface by electromagnetic radiation.

Explain how data is stored and retrieved from a hard disk drive.

Data is allocated into individual sectors and clusters, and information is mapped using a file system table (FAT, MFT). Data is retrieved using the Operating System (OS).

Charred document

Documents that have purposely or accidentaly been charred in a fire. Infrared photography or reflecting light at different angles can sometimes reveal the document's contents.

Understand the role that the Electrostatic Detection Apparatus plays in the analysis of indented writing.

ESDA uses a static charge that is waved over document covered with cellophane and heavier static charge remains within impressions. Then black toner is misted over the page and deposited in the indentations.

Electrostatic detection apparatus

ESDA. Works by applying an electrostatic charge to a document suspected of containing indented writings. The indentations are then visualized by the appliocation of charge-sensitive toner.

Understand the necessity for the collection of handwriting samples, why many exemplars should be compared and the differences between requested writing and non-requested writing samples.

Exemplars: A known sample that is used for comparison. Non-request writing: spontaneous/ un-dictated writing, less likely to be altered, difficult to authenticate for court. Requested sample: done in the presence of an investigator, writer may be nervous or try to alter their own handwriting, but it is easily authenticated in court. Many samples are needed because of the number of variables that come into play. Duplication is needed as much as possible such as the writing instrument, writing position, and type of paper.

Understand how fire evidence is collected and analyzed.

Fire Debris sample collection involves the use of paint cans to preserve vapors. Materials that may contain excess accelerant at the point of origin should be collected and stored in airtight containers leaving an airspace to remove samples. As well, a sample of similar but uncontaminated control specimens must be collected. Debris containing suspected volatiles use ASTM E1412 most commonly. Analysis: Fire debris analysis- GC/MS } Headspace vapor sample: The headspace technique is when the container is heated, and any volatile residue in the debris is driven off and trapped in the container's enclosed airspace. Chromatogram: Retention time and intensity Pattern matching to standards: Weathering

Understand the role and scope of activities of a forensic document examiner.

Forensic document examiners examine handwriting to originate its source or its authenticity. Also examine typed writings, computer printings, photocopies, inks, papers, and forgeries as well as decode altered and charred documents.

Know the difference between simulated, traced and normal hand forgeries and some of the characteristics a document examiner might look for to identify each type of forgery.

Freehand simulations: Attempt to draw the signature or writing based on a model signature. Characteristics to look for include a patched or retouched line, blunt starts and stops, pen lifts, line quality, and connecting strokes. Tracings: Uses an original signature or writing as a guide to produce a fraudulent document. Characteristics to look for are the presence of guidelines around signature, indented impressions, poor line quality, uneven or wavy, drawn slowly, and differences in shading. Normal hand forgeries: Writes document in own writing style or attempts to distort it. Characteristics include altering slants, upper/lower case changes, print, cursive, additional strokes.

Describe the types of evidence that can be found on mobile devices.

Geolocation: Assessment of the actual geographical location of a mobile device. GPS: A system for determining position by comparing radio signals from several satellites. SD (Secure Digital) card: storage expansion card for a mobile device.

Cluster

Hard Disk Drives (HDD) store information into clusters or sectors.

Describe the hardware and software components of a computer that are most pertinent to digital forensics.

Hardware: Visible data that os recognized by the operating system. - data/ work files - swap files - data from RAM stored on HDD - temporary files. Software: Internet data from several sources including: - browser cache (Visible web pages stored on HDD) - cookies (track visits and usage of specific sites - bookmarks, etc. IP address

Describe the proper procedure for preserving computer evidence at a crime scene.

Imaging which is the process that does not alter the original but makes an exact copy. Hashing algorithms are put in place which use the original information as input and uses an algorithm to create an output string that is unique to the original at the bit level of detail. This hash verifies that a copy is an exact copy in order to be admissible in court. Write blockers then prevent modification to the device.

Internet of Things

IoT. Network of physical objects that are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet.

Understand that handwriting analysis involves examination not only of the writing characteristics, but of the components of the document as well.

It involves two phases, the hardware phase which is the ink, paper, pens, pencils, typewriter, printer analysis. And the visual examination phase.

Explain the forensic challenges in examining mobile devices in comparison with personal computers.

It is difficult to understand what is running on the mobile device, as well it is difficult to figure out what the app is doing on the device and how it is interacting with the user. Its combination of Cellular and WiFi communication.

Understand why handwriting analysis can be useful in narrowing a suspect pool.

It is habitual and individualized therefore two individuals cannot have the same handwriting. It can almost be as individual as a person's fingerprint.

Understand the difference between low and high explosives in terms of their properties and explosive behavior. Know the differences between primary, secondary, and tertiary high explosives. Unde

Low Explosives: Deflagration (subsonic shock wave). Most widely used are black powder and smokeless powder. Black powder is a mixture of potassium or sodium nitrate, charcoal, and sulfur. It burns more slowly than high explosives. Smokeless powder consists of nitrocellulose. More stable than BP. High explosives: Detonation (supersonic shock wave). Sensitive to impact, heat, and friction. Primary: Highly sensitive. Provide the major ingredients found in blasting caps or primers used to detonate other explosives. Nitroglycerin and TATP. Secondary: Fairly sensitive. Burn rather than detonate if ignited in small quantities in air. Dynamite, TNT, C-4, PETN. Tertiary: least sensitive and also called blasting agents. Insensitive to shock that ignition by both primary and secondary explosives is required. Used in large-scale mining and construction. ANFO.

Counterfeit

Made in exact imitation of something important or valuable within the intention of deceit. Typically currency.

RAM

Memory storage for a computer. "Volatile". Store on HDD.

Understand how explosive debris may be examined and analyzed for forensic evidence.

Microscopic examination of debris: Look for unconsumed explosive particles. Unexploded materials may be characterized with infrared spectrophotometry or X-ray diffraction. Chemical analysis: Chemical composition of ingredients used in the device. This may require rinsing, extraction, etc. Uses spot tests and chromatography. Other evidence examples include fingerprints, DNA, and reassembling the bomb from the fragments gathered.

Understand the application of optical microscopy, microspectrophotometry, and chemical analysis in the analysis of paint.

Microscopic examination of paint allows for the investigator to look at any sample of evidence to determine the layers in that paint sample. This narrows down the possible matches of evidence, and when combined with the chemical compound of the paint a more individualistic evidence sample is found.

ASTM

Most commonly used volatile, easy, low cost, non-destructive, wide dynamic range.

Conduction

Movement of heat through a solid object in which electrons and atoms within the heated object collide with one another.

Erasure

One of the most common alterations to a document. An india rubber eraser, sandpaper, razor blade, or knife may be scratched against the paper's surface in an attempt to remove writing or type. This irritates the top fibers of the paper which are visible under a microscope.

Understand how properties of the paper and ink can be characterized.

Paper: - Color - Density - Watermarks - Dyes or bleaches - Flourescence under UV light - Raw material - Thinkness Ink: - Typically characterized using HPLC/ Paper chromatography to separate components. Microspectroscopy to monitor the colors

Understand how components of the printing/ photocopying process may lead to useful forensic information.

Photocopy Characteristics: Grabber marks, paper edge depressions, designs, paper tone, toner type. "Trash Marks": Dirt, scratches, and other marks on the surfaces of the drum, cover, glass plate, or camera lens. This can help lead to the make and model of the printer or photocopier that make the document.

Explain the two procedures used to extract useful data from mobile devices.

Physical Extraction: A duplicate of data located on a mobile device. These are bit-by-bit copies of the file system including deleted information. Logical Extraction: A snapshot of the file system of a mobile device. This means the examiner gets the same view the user does.

ROM

Read Only Memory. "Permanent"

Non-request writing

Spontaneous/un-dictated writing which is less likely to be altered and difficult to authenticate in court.

Watermark

Text or a picture that appears in the background of a document; it is similar to a sheet background in Excel.

Explain the role of IP in forensic investigation of internet communications.

The IP address in a numerical label assigned to each device connected to a computer network (static or dynamic) that is provided by the internet provider to the used. This address is appended to things like email and IM messages. This gives forensic scientists individual evidence to a specific computer.

Understand the features used to prevent counterfeiting of US currency.

The U.S. Bureau of Engraving and Printing's anti-counterfeiting features include: - Watermarks - Color-shifting inks - Fine-line printing and microprinting - Enlarged, off-center portraits - Poor vision feature - Denomination-specific security thread

Understand the role of the forensic scientist in fire investigation for the determination of whether a fire is accidental, natural, incendiary, or undetermined.

The forensic scientist must first find the point of origin for the fire and evaluate the fire patterns and physical evidence at this point. From here the investigator will determine the cause from potential ignition sources such as electrical equipment and heating sources.

Discuss the techniques used to investigate unauthorized computer intrusion.

The investigators would most likely use IoT which connects everything in the internet to physical objects allowing them to trace where the suspect is at.

Explain the architecture of mobile devices.

The key components of mobile devices are: - SIM card to pair the phone with its network - SD card - "file system": potential tremendous data (call history, texts, photos, etc. geolocation and GPS)

Detonation

The oxidation reaction of a supersonic shock wave.

Indented writing

The partially visible depressions appearing on a sheet of paper underneath the one on which the visible writing appears.

Hardware

The physical components of a computer: case, keyboard, monitor, motherboard, RAM, HDD, mouse, and so on; If you can touch it it is hardware.

Sector

The smallest addressable unit of data by a hard disk drive; generally consists of 512 bytes.

High explosive

The source explosive materials of a supersonic detonation.

Flashpoint

The temperature at which a liquid gives off sufficient vapors to form an ignitable mixture.

Fire point

The temperature at which a liquid produces vapors that will sustain combustion; generally higher than flashpoint.

Understand the requirements for fire as described by the fire triangle or fire tetrahedron and how an arsonist may influence these requirements.

The three requirements for a fire are included in the fire triangle which are oxygen, heat, and fuel. The fire tetrahedron includes oxygen, heat, fuel, and chemical reaction chain. An arsonist may influence these requirements by manipulating one or more of the components of the fire triangle. For example they could increase the fuel load or introduce more oxygen by opening windows or punching holes in walls or the ceiling.

Convection

The transfer of heat energy by movement of molecules within a liquid or gas.

Radiation

The transfer of heat energy from a heated surface to a cooler surface by electromagnetic radiation.

Flammable range

The upper and lower flammability limits for an air/fuel mixture.

Flashover

This occurs when exposed surfaces in a space are heated to their autognition temperature.

Backdraft

This occurs when oxygen is reintroduced to an area and reignites the fire.

Understand what Video Spectral Analysis is and how it is utilized in the examination of questioned documents.

VSC allows exposure and imaging across UV - Vis - IR: Chemical properties: the ink may be luminescent, transparent, unchanged. It is utilized by detecting forgeries in passports, IDs, immigration documents, etc. because security documents have holograms/ watermarks and embedded information encoded in them.

Explain the analysis of visible and latent data.

Visible: Stored in data/work files, swap files (Data from RAM stored on HDD) and temporary files. Latent: found in the slack space due to how the HDD operates or unallocated space. fragmented/defragmented files and deleted files.

Know the factors that influence handwriting samples (both questioned samples and known samples)

Writing instrument: Pens, pencils, crayon, etc. Writing surface: paper, wall, napkin, etc. Underlining surface: smooth or rough Mood of the writer: happy, sad, angry, etc. Age of the writer: undeveloped or shave depending on age Writing speed: slow or rushed Position of the writer: standing or sitting Position of the document: flat, vertical, or horizontal surface Environmental exposure: temperature, humidity, etc. Other: Alcohol/ drugs/ injuries/ illness

Shock wave

a cone shaped wave produced by an object moving at supersonic speed through a fluid

Identify the different features of mobile devices that provide forensically valuable artifacts.

same as above answer

Low explosive

source explosive material of a subsonic deflagration.


Set pelajaran terkait

Legal Environment brief hypotheticals

View Set

1.2 The Building Blocks of Accounting

View Set

Pediatrics Saunders: Oncological

View Set