Alibi
Processing the Digital Crime Scene
When processing the crime scene, the investigator should collect all possible evidence the investigator is authorized to collect.
Considerations at a Digital Crime Scene
· Authorization
· Preparation: Make a Plan, Follow the Plan
· Crime Scene Survey and Documentation
· Enterprise Networks as Evidence
Authorization
· Mincey warrants refer to the case Mincey v. Arizona (1978) 437 US 385).
· Mincey murdered an undercover narcotics officer
· Police collected ~300 pieces of evidence over a four-day search.
· SCOTUS found no exigent circumstances and no indication that evidence would be lost, destroyed, or removed during the time required to obtain a search warrant.
Preparation: Make a Plan, Follow the Plan
· Net: Exigent circumstances do not exist solely because the crime was violent.
· Every investigator should have a SOP (Standard Operating Procedures) for how to conduct an investigation.
· The plan must be flexible enough to cover unforeseen situations.
· The basics for each kind of situation should be documented.
Crime Scene Survey and Documentation
· Digital pictures are very useful in capturing all the details of a crime scene, but diagrams and hand-drawings can often capture the overall “picture” better than a photograph.
· Photographs may be useful in identifying things that out of the ordinary and could suggest that a new warrant be issued.
· Evidence found at the scene may be useful for both the prosecution and the defense. Both sides must have access to the evidence to evaluate the contents and draw conclusions.
Enterprise Networks as Evidence
· Employee use computers all the time in today’s business world.
· Employers often authorize some “incidental” personal computer use.
· Many employers maintain logs other computer evidence that may also be evidence in a criminal case.
· You may not want to rely on the employer’s analysis of the evidence:
· They may not have a forensic background, leading to lost or tainted evidence.
· They have interest in protecting the organization from liability or negative press.
· They could be a friend of the victim and try to protect the victim’s data.
· They may be the offender.
Investigative Reconstruction
We’ve discussed the investigative reconstruction aspects We’ll take a look at this again from a violent crime perspective.
Reconstruction Topics
· Victimology
· Offender Behavior
· Crime Scene Characteristics
Victimology
· Reviewing the victim’s digital footprint is not blaming the victim.
· People often have a different public personae than their private one.
· Some personal decisions may provide clues regarding the crime.
· Digital evidence can help reveal secrets that placed the victim at higher risk.
· Take a big picture approach to the collection and analysis of digital evidence. Individual pieces of evidence may only appear significant when combined to show a pattern of behavior.
Offender Behavior
· Criminals may go through great effort to hide digital evidence of their crimes. They may:
· hide and destroy evidence,
· enlist others to destroy evidence,
· stage the crime scene to misdirect investigators, or
· stage activities to cover their tracks or establish an alibi
· Do not limit the digital investigation to the residence of the suspect.
· Examine the digital evidence from public sites the suspect frequented
· Look for unprotect Wi-Fi in the area
Crime Scene Characteristics
· There are often more than one crime scene:
· Where the victim is encountered
· Where the crime takes place
· Where the crime is discovered
· Look at the MO and try to determine why those places were chosen.
· Easy access to victims
· Low chance of discovery
· Emotional/psychological reasons
· Not too close to the suspect’s home
Summary
· Digital evidence may reveal
· investigative leads,
· previously unknown crimes, and
· online secrets that put the victim at higher risk.
· Digital investigators may be able to use digital evidence to
· assess alibis,
· confirm witness statements, and
· disprove offender statements.