1. What set of rules states the General Provisions Governing Discovery and Duty of Disclosure?
Answer: Federal Rule of Civil Procedure 26 contains the General Provisions Governing Discovery and the Duty of Disclosure.
2. What are some of the items of information that a forensic examiner might be asked to provide under Federal Rule of Civil Procedure 30(b)(6)?
Answer: Under Federal Rule of Civil Procedure 30(b)(6), a forensic investigator may be asked to provide information on such things as: quality and locations of computers in use, operating systems and application software installed and dates of use, file-naming conventions and what directories data is saved to, backup disk or tape inventories and schedules, computer use policies, identities of current and former employees responsible for systems operations, e-mail with dates, times, and attachments, Word documents, tables, graphs, and database files, and Internet bookmarks, cookies, and history logs.
3. Why is a template recommended for reports?
Answer: Templates help you to organize forensic investigation results in a way that is clear, logical, consistent, and easily understood by others. Templates also aid forensic investigators in recalling facts at the actual time of trial (which may be months or even years after the initial investigation was conducted).
4. Where can you find out how to properly document and sample log sheets?
Answer: Guidelines for how to document evidence, along with sample log sheets, may be found in Appendix C of Forensic Examination of Digital Evidence: A Guide for Law Enforcement produced by The National Institute of Justice.
5. When should you consider using diagrams as a method of documentation?
Answer: Diagrams are useful to help explain forensic procedures in such a way that jurors better understand them.
6. Why should you videotape the entry of all persons into the crime scene?
Answer: Videotaping the entrance of a forensic team into the crime scene helps you refute claims that evidence was planted at the scene.
7. Why is it important to be cautious when you are transporting evidence from the crime scene to the lab for analysis?
Answer: Various conditions (such as moisture, high humidity, or excessive heat and cold) can cause electrostatic discharge (ESD) which can kill your computer components. Exposure to radio transmitters or magnets can create electromagnetic fields which can alter or destroy data as well.
8. When formulating a concise report, what are some items you should consider?
Answer: When formulating a concise report, it is important to: understand the importance of the reports, limit the report to specifics, use a layout and presentation that is easy to understand, understand the difference between litigation-support reports and technical reports, write clearly, provide supporting material, explain methods used in data collection, and explain results.
9. Why are timelines of computer usage and file accesses important when processing computer evidence?
Answer: Timelines for computer usage and file access are essential when processing computer evidence because they show the order in which events occurred. Also by cross-correlating the times at which events took place, the duration of a login session, and the identity used to log in, investigators can establish who is responsible for the actions that took place on the timeline. This is important to making the case that a specific individual is involved in certain activities to establish culpability.
10. What are some items that your report should contain?
Answer: Reports should contain information such as: the name of the reporting agency and case investigator, case number, date of the report, list of the items examined, description of the examination process, and the investigation results and/or conclusion.