Networking 978-0123742681 Chapter 3 Quiz

Unlock access to all the studying documents.

View Full Document

Chapter 3

Digital Evidence in the Courtroom

Objectives

On completing this chapter, the student will:

– Be aware of the difference between concerns of the law and scientific knowledge.

– Be aware of the concerns of the court in regard to forensic examination of digital

evidence

The integrity of the digital investigator

Authenticity of the digital evidence they present

– Be aware of the US Federal Rules of Evidence and how they relate to the authenticity

of evidence.

– Be aware that in the courts, theories based on scientific truth are subordinate to the

legal judgment.

– Be aware of the connection between proper evidence handling and admissibility.

– Be aware of the connection between authorization to search and admissibility.

– Be aware of four considerations when searching and seizing digital evidence:

Does the Fourth Amendment and/or Electronic Communications Privacy Act

Multiple Choice Questions

1. Having a member of the search team trained to handle digital evidence:

2. An attorney asking a digital investigator to find evidence supporting a particular line of

inquiry is an example of:

3. A digital investigator pursuing a line of investigation in a case because that line of

investigation proved successful in two previous cases is an example of:

5. Regarding the admissibility of evidence, which of the following is not a consideration:

6. According to the text, the most common mistake that prevents evidence seized from

being admitted is:

7. In obtaining a warrant, an investigator must convince the judge on all of the following

points except:

8. If, while searching a computer for evidence of a specific crime, evidence of a new,

unrelated crime is discovered, the best course of action is:

9. The process of documenting the seizure of digital evidence and, in particular, when that

evidence changes hands, is known as:

10. When assessing the reliability of digital evidence, the investigator is concerned with

whether the computer that generated the evidence was functioning normally, and:

11. The fact that with modern technology, a photocopy of a document has become acceptable

in place of the original is known as:

12. Evidence contained in a document provided to prove that statements made in court are

13. Business records are considered to be an exception to:

14. Which of the following is not one of the levels of certainty associated with a particular

finding?

15. Direct evidence establishes a:

True or False Questions

1. There is no need for any specialized training in the collection of digital evidence.

2. It is the duty of a digital investigator to ignore influences from any source.

3. The application of preconceived theories to a particular case is a good method of

reducing caseload.

4. In the United States, the prosecution must prove guilt beyond a reasonable doubt.

5. Chain of custody is the process of documenting who has handled evidence, where and

when, as it travels from the crime scene to the courts.

6. Typically, a photocopy of a document is considered hearsay evidence and is not

admissible in court.

7. Direct evidence establishes a fact.

8. Coerced testimony is the most common mistake that prevents evidence seized from being

admitted.

9. Determining whether digital evidence has been tampered with is a major concern of the

digital examiner.

10. Exceeding the scope of a warrant is not likely to affect the admissibility of the evidence

collected.

11. Digital evidence cannot be direct evidence because of its separation from the events it

represents.

12. When creating an expert report, digital investigators should support assertions in their

reports with multiple independent sources of evidence.

13. Voir dire is the process of becoming accepted as an expert by the court.

14. During testimony, when a lawyer appears not to be tech savvy, it is a good practice to

guess what the attorney is trying to ask.

15. A proper response to a question that you do not

Essay Questions

Develop a procedure for systematically examining a crime scene for digital evidence.

Develop a format for a digital examination report.

Hold a mock court, with the instructor acting as opposing counsel, and testify under cross-

examination.

Scenario

You are accompanying a raid on a suspected software pirate. What would you be looking for?

What precautions would you be taking? What evidence collection considerations would you be

considering?