Often an examiner will analyze all the digital media only to determine that the probative data was limited to a browser’s history file, an e-mail, a document, the mobile devices’ logs, or an inappropriate graphic video or picture. Finding the critical probative data faster in a cost effective manner while reducing or eliminating case backlogs is going to require a more efficient methodology.
Recently I was training a group of investigators at a large law enforcement agency on wet-vacuum forensic DNA collection. Over the course of our conversation, I learned there were a couple of people who were not overly enthusiastic about introducing a new collection method to the cases. This hesitancy from some didn’t surprise me, but it did get me thinking about how to address it.
Due to the chemicals used to make the drugs and the wastes generated during the “cooking,” clandestine laboratories present significant safety and health risks to law enforcement, forensic scientists, and the public. When a clandestine drug lab is discovered there is a basic three stage approach to move from seizure to a fully restored site.
It goes without saying that the expert will understand the scientific basis of the testing that was done. However, even the most educated and experienced persons have gaps in their knowledge and experience. In most cases, what you don’t know will have no effect on the outcome of a trial.
You can make your job more manageable by paying attention to the fundamentals. One of the most important things you can do is determine the equipment that is essential to your job. As you gain experience and expertise, the list of equipment will certainly grow and include more specialized items.
Most of us know you should attempt to develop latent prints as soon as possible. When latent prints are deposited on a surface, nearly 99% of the print is composed of water. The water begins to evaporate and the print dries out. For this reason, it is essential to have first responding officers trained in the development of latent prints when no one else is available.
Hazards of UV do not distinguish between work and home, and in addition to sunlight, UV light sources are found in the workplace including labs, mechanical rooms, and shops. Sources include some biosafety cabinets, certain types of hand-held light sources, transilluminators, crosslinkers, and some laboratory instruments such as spectrophotometers.
Because of the newness of network forensic activity, network examiners are often left to use existing and emerging tools that have not yet faced the challenge of being proven valid in court. In some respects, the presentation phase of a digital investigation is the most critical; regardless of what has been found, it is worthless if the information cannot be convincingly conveyed to a judge and jury.
About a week before this issue went to press, we were treated to a veritable media frenzy surrounding the alleged hacking of iCloud and the news of hundreds of celebrity nude photos leaked. Every news outlet, it seemed, was ready to put forth its own “digital forensics expert”. Now as we prepare to send this page to the printer we are beginning to see the results of the real investigations into the incident.
When it comes to metadata as part of a litigation strategy, we mostly see it used as supporting information about the data. It is unusual, but not unheard of, to see metadata used directly as evidence. That is likely to change as more people understand the role metadata can have in developing legal strategy. With proper forensic analysis, metadata can help highlight patterns, establish timelines, and point to gaps in the data.
Clearly, finding and collecting as much evidence as possible is key. But in doing so, it’s all too easy to contaminate the results. How can we avoid contamination?
One should not expect to find all user information sitting in the default folder or default location for a given type of file (e.g. Application Data or similar folder). Searching the entire hard disk is required in order to locate all unencrypted log and history files.
Determination of Blood Alcohol Content has been a standard analytical method in criminal labs for many years. Recently, however, additional compound identification provided by matching the ethanol mass spectrum to a library spectrum, in addition to RT, has proven to offer an additional level of confirmation. This article describes BAC analysis using a GC-FID in parallel with a mass spectrometer for positive compound identification.
Typically, managers dread having to perform employee assessments and experience high anxiety anticipating them. For the employee, too, who is about to undergo a formal performance assessment, the procedure is a high-anxiety producer. So what typically happens is that two very nervous people get together, try to act calm, and just “get through it.”