COEN 252 Computer Forensics Writing Computer Forensics Reports.

Slides:



Advertisements
Similar presentations
Psychology of Homicide Unit III Lecture
Advertisements

Identification and Individualization
LEGAL CONSIDERATIONS OF FORENSIC SCIENCE CHAPTER 2.
ADMISSIBILITY OF TRACE EVIDENCE: A WHOLELISTIC APPROACH-- DESPITE DAUBERT Kenneth E. Melson.
When will the P300-CTP be admissible in U.S. Courts? J.Peter Rosenfeld & John Meixner Northwestern University.
COEN 252 Computer Forensics
August 12,  Crime-scene investigators (police) arrive to find, collect, protect, and transport evidence. (More on this later!)
Q UINCY COLLEGE Paralegal Studies Program Paralegal Studies Program Litigation and Procedure Discovery: Overview and Interrogatories Litigation and Procedure.
Evidence Collection & Admissibility Computer Forensics BACS 371.
Expert Testimony. What’s the expert’s role FOC Proffered Evidence Evidentiary Hypothesis P thumb numb Thumb numbness makes it SML that spine was injured.
OPINION EVIDENCE. OPINION EVIDENCE FRE Evid. Code §§
CAREFUL, I AM AN EXPERT. Rule 702 of the Federal Rules of Evidence provides that expert opinion evidence is admissible if: 1. the witness is sufficiently.
Forensic Science and the Law
INTRODUCTION TO FORENSICS Science, Technology, & Society MR. CANOVA PERIOD 11.
SCIENCE AND LAW The case of the Italian Supreme Court ruling Paolo Vecchia Former Chairman of ICNIRP 1.
Panel Presentation Accuracy : A Trial Judge’s Perspective Hon. Elizabeth A. Jenkins September 13, 2005 Any views expressed in this presentation are solely.
Expert Witnesses Texas Rules of Evidence Article VII. Opinions and Expert Testimony Judge Sharen Wilson.
1 What Is Scientific Evidence? Scientific evidence is most often presented in court by an expert witness testifying on expert opinions. It also includes.
1. Evidence Professor Cioffi 2/22/2011 – 2/23/
The Nature of Evidence A Guide to Legal Evidence & the Courts.
 Forensic science is the application of science to criminal and civil laws.  Forensic science owes its origins to individuals such as:  Bertillon 
Unit 3 Seminar! K. Austin Zimmer Any question from Unit 2! Please make sure you have completed your Unit 1 & 2 Papers!
Forensic Science and the Law. Federal Labs  FBI: Federal Bureau of Investigation  DEA: Drug Enforcement Agency  ATF: Alcohol, Tobacco, and Firearms.
Litigating a DNA Case.
FORENSIC SCIENTISTS, EXPERT TESTIMONY Notes 1.3. Objectives 1. Explain the role and responsibilities of the expert witness. 2. Compare and contrast the.
Class Name, Instructor Name Date, Semester Chapter 1: The Crime Lab.
Skills of a Forensic Scientist & Frye vs. Daubert Standards
The Fraud Report, Litigation, and the Recovery Process McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights.
Criminalistics An Introduction to Forensic Science CHAPTER Criminalistics: An Introduction to Forensic Science, 11e Richard Saferstein Copyright © 2015.
What is Forensic Science? the study and application of science to matters of law… it examines the associations among people, places, things and events.
Cross examination Is the DNA a mixture of two or more people? How did you calculate the match statistic? What is the scientific basis of that calculation?
1-1 ©2011, 2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE: An Introduction, 2 nd ed. By Richard Saferstein INTRODUCTION Chapter.
1 What Is Scientific Evidence? Scientific evidence is most often presented in court by an expert witness testifying on expert opinions. It also includes.
Joshua Potter, JD Karen Fukutaki, MD.  This presentation will be an attempt to explore the persistent problem of medical expert testimony and reports.
Evidence and Expert Testimony. Expert Testimony  Two Types of Witnesses: Fact and Expert  Fact -- have personal knowledge of facts of case  Cannot.
Professor Guy Wellborn
Evidence 9/9/13. Evidence: What is it? Direct evidence in the form of a statement made under oath-also known as testimonial evidence. Physical evidence-any.
Introduction to Forensics What it encompasses. Forensics application of science to law.
September 10, 2012 Warm-up: Use pg. 13 in your text book to answer the following question: 1.What was the most significant modern advance in forensic science?
Admissibility. The Frye Standard  1923 – became the standard guideline for determining the judicial admissibility of scientific examinations. To meet.
The Law & Forensics Chapters 1-3 (Some information not found in textbook)
“ Copyright © Allyn & Bacon 2008 Criminal Evidence Chapter Nine: Examination of Witnesses This multimedia product and its contents are protected under.
Forensic Science 9/1/15. Drill Pick up papers in front of classroom. Staple them to make a packet: Ch 1 Review Questions (2 sheets) Ch 1 Fill-in-the-blank.
What A Forensic Scientists Does Ch 1 Notes Pages
Why do I need a Chain of Custody (COC)? Presentation to: KWWOA Department for Environmental Protection Energy & Environment Cabinet To Protect and Enhance.
Who’s Daubert?.
Family Law Forum Idaho Law and Parenting Time Evaluations
Chapter 1 INTRODUCTION.
Chapter 1: The Crime Lab 1.
Introduction Forensic science begins at the crime scene.
Laying the Foundation: Expert Witnesses
What Is Scientific Evidence?
Class Name, Instructor Name
Lauren A. Warner, Counsel, CCLB Leanne Gould, CPA/ABV/CFF/ASA, Aprio
1 Introduction.
Causation Analysis in Occupational and Environmental Medicine
EVIDENCE—BASES OF OPINION TESTIMONY BY EXPERTS
Class Name, Instructor Name
Chapter 1 INTRODUCTION FORENSIC SCIENCE: An Introduction by Richard Saferstein.
FIDO Program: Legal Considerations
Opinion Testimony, In General
Growth in Recent years is due to:
EVIDENCE—BASES OF OPINION TESTIMONY BY EXPERTS
Important court decisions
Get Started Immediately!
Class Name, Instructor Name
Types of Evidence.
1-3 Functions of a Forensic Scientist
Introduction to Forensic Science and the Law
Chapter 1 INTRODUCTION Go to thomashonorsforensic.weebly.com
Presentation transcript:

COEN 252 Computer Forensics Writing Computer Forensics Reports

Forensics Reports Forensics reports only state findings. If they draw conclusions, than they are expert testimony.

Expert Report A report that offers an opinion is an expert report. Writer of the report needs to qualify as an expert. An expert report used in court has additional requirements. Expert’s expertise and trustworthiness are on trial, too.

Expert Report Fundamental Decision: Daubert DAUBERT et ux., individually and as guardians and litem for DAUBERT, et al. v. MERRELL DOW PHARMACEUTICALS, INC. Juries decides on “matters of fact”, not on “matters of law” What is placed before a jury is tightly regulated Rules of Evidence. Most testimony is limited to relaying sensory experiences, interpreted by the jury according to common sense. Experts provide insight that common sense does not offer.

Expert Report An expert offers an opinion by applying the expert’s specific knowledge to the specific circumstances of the case. An export can also testify to general scientific or technical principles and leave their application to the jury.

Expert Report engineers' opinions on whether a product's poor design renders it needlessly unsafe; accountants' opinions on whether someone has followed prudent accounting practices; physicians' opinions on whether some particular bodily insult was the cause of someone's medical condition; economists' opinions on whether a firm possesses monopoly power; statisticians' opinions on whether a firm's employment decisions correlate closely with race or gender; forensic opinions on matches between samples of DNA, blood, hair, etc.; appraisers' estimates of the value of specific property.

Expert Report Expert testimony potentially misleading. Frye test (1929): scientific evidence is admissible only if the principles on which it is based have gained “general acceptance” in the scientific community. Federal Rules of Evidence (1973): If scientific, technical, or other specialized knowledge will assist the trier of fact to understand the evidence or to determine a fact in issue, a witness qualified as an expert by knowledge, skill, experience, training, or education, may testify thereto in the form of an opinion or otherwise. Does not mention general acceptance.

Expert Report Daubert (1993): Rule 702 does not supplant Frye No definite checklist or test Pertinent factors: whether the theories and techniques employed by the scientific expert have been tested; whether they have been subjected to peer review and publication; whether the techniques employed by the expert have a known error rate; whether they are subject to standards governing their application; whether the theories and techniques employed by the expert enjoy widespread acceptance

Testifying as a Forensic Expert Title helps. Experience helps. Reputation is essential. Never get caught lying. If you inhale, admit it, or refuse to tell.

Forensic Reports Used for legal proceedings and for incidence response. Findings. Why was the evidence reviewed? How was the evidence reviewed? How did the forensic examiner arrive at conclusions? Conclusions are Clearly explained. Supported. Possibly lead to recommendations.

Computer Forensics Report Accurately describe the details of an incident. Be understandable to decision makers. Be able to withstand legal scrutiny. Be unambiguous and not open to misinterpretation. Be easily referenced (Bates numbering) Contains all information required to explain the conclusions Offer valid conclusions, opinions, or recommendations when needed. Be created in a timely manner.

Computer Forensics Report Document investigative steps immediately and clearly. Written notes during an investigation might be discoverable. Notes need to be clear. Missteps in the investigation need to be documented. Keep the goals of your analysis in mind.

Computer Forensics Report Organization of Report Macro to Micro Template Good style: Use consistent identifiers Attachments and Appendices Proofread by others

Computer Forensics Report Organization of Report Use crypt. secure hash to verify all files. Include metadata in report.

Computer Forensics Report Template Executive Summary Author, investigators, examiners Why was the investigation undertaken? List significant findings. Include signatures of examiners Objectives Tasks of the investigation

Computer Forensics Report Template Computer Evidence Analyzed Detailed description of evidence Linked with evidence tags. If possible, with digital imagery of evidence Relevant Findings Supporting Details Investigative Leads Additional Report Sections

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.