Presentation is loading. Please wait.

Presentation is loading. Please wait.

Handwriting Analysis Computer, Mobile device Analysis

Published byStanley Moore Modified over 7 years ago

Similar presentations

Presentation on theme: "Handwriting Analysis Computer, Mobile device Analysis"— Presentation transcript:

1 Handwriting Analysis Computer, Mobile device Analysis
FORENSIC SCIENCE: An Introduction by Richard Saferstein 1

2 SFS2 Students will use various scientific techniques to analyze physical and trace evidence.
d. Identify methods used for the evaluation of handwriting and document evidence.

3 Introduction Any object with handwriting or print whose source or authenticity is in doubt may be referred to as a questioned document. Document examiners apply knowledge gathered through years of training and experience to recognize and compare the individual characteristics of questioned and known authentic writings. FORENSIC SCIENCE: An Introduction by Richard Saferstein 3

4 Introduction For this purpose, the gathering of documents of known authorship or origin is critical to the outcome of the examination. The uniqueness of handwriting makes this type of physical evidence one of the few definitive individual characteristics available. FORENSIC SCIENCE: An Introduction by Richard Saferstein 4

5 Character of Handwriting
Document experts continually testify to the fact that no two individuals write exactly alike. Many factors comprise the total character of a person’s writing. The early stages of learning handwriting are characterized by a conscious effort to copy standard letter forms. FORENSIC SCIENCE: An Introduction by Richard Saferstein 5

6 Character of Handwriting
As writing skills improve, nerve and motor responses associated with the act of writing become subconscious. The unconscious handwriting of two different individuals can never be identical. FORENSIC SCIENCE: An Introduction by Richard Saferstein 6

7 Character of Handwriting
Variations are expected in angularity, slope, speed, pressure, letter and word spacing, relative dimensions of letters, connections, pen movement, writing skill, and finger dexterity. Other factors to consider include the arrangement of the writing on the paper, such as margins, spacing, crowding, insertions, and alignment. FORENSIC SCIENCE: An Introduction by Richard Saferstein 7

8 Character of Handwriting
Spelling, punctuation, phraseology, and grammar can be personal and help to individualize the writer. Furthermore, the writing style of one individual may be altered beyond recognition by the influence of drugs or alcohol. FORENSIC SCIENCE: An Introduction by Richard Saferstein 8

9 Handwriting Exemplars
The collection of an adequate number of known writings (exemplars) is most critical for determining the outcome of a handwriting comparison. Known writing should contain some of the words and combination of letters present in the questioned document and be adequate in number to show the range of natural variations in a suspect’s writing. FORENSIC SCIENCE: An Introduction by Richard Saferstein 9

10 Handwriting Exemplars
The writing implement and paper should also be alike. The writing of dictation and several pages may serve to minimize attempts at deception. FORENSIC SCIENCE: An Introduction by Richard Saferstein 10

11 Transcript Comparisons
The two requests most often made of the examiner in connection with the examination of photocopier, fax, and printing devices are: Whether a particular suspect printing device can be identified as having prepared the questioned document. Whether the make and model of the printing devices used to prepare the questioned document can be identified. FORENSIC SCIENCE: An Introduction by Richard Saferstein 11

12 Characteristics From Use
As is true for any mechanical device, use of a printing device will result in wear and damage to the machine’s moving parts. These changes will occur in a fashion that is both random and irregular, thereby imparting individual characteristics to the printing device. FORENSIC SCIENCE: An Introduction by Richard Saferstein 12

13 Characteristics From Use
The document examiner has to deal with problems involving business and personal computers, which often produce typed copies that have only subtle defects. FORENSIC SCIENCE: An Introduction by Richard Saferstein 13

14 Digital Technology In the cases of photocopiers, fax machines, and computer printers, an examiner may be called upon to identify the make and model of a machine or to compare a questioned document with test samples from a suspect machine. FORENSIC SCIENCE: An Introduction by Richard Saferstein 14

15 Digital Technology A side-by-side comparison is made between the questioned document and the printed exemplars to compare markings produced by the machine. Examiners compare transitory defect marks, fax machine headers, toner, toner application methods, and mechanical and printing characteristics. FORENSIC SCIENCE: An Introduction by Richard Saferstein 15

16 Alterations Document examiners must deal with evidence that has been changed in several ways, such as through alterations, erasures, and obliterations. Erasures by rubber erasers, sandpaper, razor blades, or knives to remove writing or typing disturb the fibers of the paper and are readily apparent when examined with a microscope. FORENSIC SCIENCE: An Introduction by Richard Saferstein 16

17 Alterations If an alteration is made to a document with ink differing form the original, it can sometimes be detected due to differences in the luminescence properties of the inks. Obliteration of writing by overwriting or crossing out to hide the original writing can be revealed by infrared radiation, which may pass through the upper layer of writing while being absorbed by the underlying area. FORENSIC SCIENCE: An Introduction by Richard Saferstein 17

18 Other Problems Infrared photography and reflecting light at different angles are sometimes successfully used to reveal the contents of a document that has been accidentally or purposely charred in a fire. In certain situations, indented writings (partially visible depressions underneath the visible writing) have proven to be valuable evidence. FORENSIC SCIENCE: An Introduction by Richard Saferstein 18

19 Other Problems It may be possible to determine what was written by the impressions left on a paper pad. Applying an electrostatic charge to the surface of a polymer film placed in contact with a questioned document will visualize indented writings. FORENSIC SCIENCE: An Introduction by Richard Saferstein 19

20 Other Problems A study of the chemical composition of the ink used on documents may verify whether or not known and questioned documents were prepared by the same pen; and the paper itself may be analyzed. FORENSIC SCIENCE: An Introduction by Richard Saferstein 20

21 COMPUTER FORENSICS FORENSIC SCIENCE: An Introduction by Richard Saferstein 21

22 Introduction Computers have permeated society and are used in countless ways with innumerable applications. Similarly, the role of electronic data in investigative work has achieved exponential growth in the last decade. FORENSIC SCIENCE: An Introduction by Richard Saferstein 22

23 Introduction The use of computers and other electronic data storage devices leaves the footprints and data trails of their users. Computer forensics involves the preservation, acquisition, extraction, and interpretation of computer data. FORENSIC SCIENCE: An Introduction by Richard Saferstein 23

24 Introduction In today's world of technology, many devices are capable of storing data and could thus be grouped into the field of computer forensics. FORENSIC SCIENCE: An Introduction by Richard Saferstein 24

25 The Basics Hardware vs. software:
Hardware comprises the physical and tangible components of the computer. Software, conversely, is a set of instructions compiled into a program that performs a particular task. Software consists of those programs and applications that carry out a set of instructions on the hardware. FORENSIC SCIENCE: An Introduction by Richard Saferstein 25

26 Terminology Computer Case/Chassis
This is the physical box holding the fixed internal computer components in place. Power Supply PC's power supply converts the power it gets from the wall outlet to a useable format for the computer and its components. FORENSIC SCIENCE: An Introduction by Richard Saferstein 26

27 Terminology Motherboard
The main circuit board contained within a computer (or other electronic devices) is referred to as the motherboard.

28 Terminology System Bus
Contained on the motherboard, the system bus is a vast complex network of wires that serves to carry data from one hardware device to another.

29 Figure 8-1 Cutaway diagram of a personal computer showing the tangible hardware components of a computer system. FORENSIC SCIENCE: An Introduction by Richard Saferstein 29

30 Terminology Read-Only Memory (ROM) chips store programs called firmware, which are used to start the boot process and configure a computer's components. FORENSIC SCIENCE: An Introduction by Richard Saferstein 30

31 Terminology Random Access Memory (RAM) serves to take the burden off of the computer's processor and Hard Disk Drive (HDD). FORENSIC SCIENCE: An Introduction by Richard Saferstein 31

32 Terminology The computer, aware that it may need certain data at a moments notice, stores the data in RAM. RAM is referred to as volatile memory because it is not permanent; its contents undergo constant change and are forever lost once power is taken away from the computer. FORENSIC SCIENCE: An Introduction by Richard Saferstein 32

33 Terminology The Central Processing Unit (CPU), also referred to as a processor, is essentially the brains of the computer. FORENSIC SCIENCE: An Introduction by Richard Saferstein 33

34 Terminology Input Devices
These devices are used to get data into the computer. For example: Keyboard Mouse Joystick Scanner FORENSIC SCIENCE: An Introduction by Richard Saferstein 34

35 Terminology Output Devices
Equipment through which data is obtained from the computer. For example: Monitor Printer Speakers FORENSIC SCIENCE: An Introduction by Richard Saferstein 35

36 Terminology The Hard Disk Drive (HDD) is typically the primary location of data storage within the computer. FORENSIC SCIENCE: An Introduction by Richard Saferstein 36

37 Terminology Different operating systems map out (partition) HDDs in different manners. Examiners must be familiar with the file system that they are examining. FORENSIC SCIENCE: An Introduction by Richard Saferstein 37

38 Terminology Evidence exists in many different locations and in numerous forms on a HDD. The type of evidence can be grouped under two major sub- headings: visible and latent data. FORENSIC SCIENCE: An Introduction by Richard Saferstein 38

39 How Data is Stored Generally speaking, a HDD needs to have its space defined before it is ready for use. Partitioning the HDD is the first step. When partitioned, HDDs are mapped (formatted) and have a defined layout. FORENSIC SCIENCE: An Introduction by Richard Saferstein 39

40 How Data is Stored HDDs are logically divided into sectors, clusters, tracks, and cylinders. Sectors are typically 512 bytes in size. A byte is 8 bits. A bit is a single 1 or 0. FORENSIC SCIENCE: An Introduction by Richard Saferstein 40

41 How Data is Stored Clusters are groups of sectors, and their size is defined by the operating system. Clusters are always in sector multiples of two. A cluster, therefore, will consist of 2, 4, 6, 8, and so forth sectors. With modern-day operating systems, the user can exercise some control over the amount of sectors per cluster. FORENSIC SCIENCE: An Introduction by Richard Saferstein 41

42 How Data is Stored Tracks are concentric circles that are defined around the platter. Cylinders are groups of tracks that reside directly above and below each other. FORENSIC SCIENCE: An Introduction by Richard Saferstein 42

43 Figure 8-3 Partitions of a hard disk drive.
FORENSIC SCIENCE: An Introduction by Richard Saferstein 43

44 How Data is Stored After the partitioning and formatting processes are complete, the HDD will have a map of the layout of the defined space in that partition. Partitions utilize a File Allocation Table (FAT) to keep track of the location of files and folders (data) on the HDD. FORENSIC SCIENCE: An Introduction by Richard Saferstein 44

45 How Data is Stored The NTFS partition (Windows 7, 8) utilizes, among other things, a Master File Table (MFT). FORENSIC SCIENCE: An Introduction by Richard Saferstein 45

46 How Data is Stored Each partition table (map) tracks data in different ways. The computer forensic examiners should be versed in the technical nuances of the HDDs that they examine. FORENSIC SCIENCE: An Introduction by Richard Saferstein 46

47 How Data is Stored It is sufficient for our purposes here, however, merely to visualize the partition table as a map to where the data is located. This map uses the numbering of sectors, clusters, tracks, and cylinders to keep track of the data. FORENSIC SCIENCE: An Introduction by Richard Saferstein 47

48 Processing the Electronic CS
Processing the electronic crime scene has a lot in common with processing a traditional crime scene: Warrants Documentation Good investigation techniques At this point, a decision must be made as to whether a live acquisition of the data is necessary. FORENSIC SCIENCE: An Introduction by Richard Saferstein 48

49 Shutdown vs. Pulling the Plug
Several factors influence the systematic shutdown vs. pulling- the-plug decision. For example, if encryption is being used, pulling the plug will encrypt the data rendering it unreadable without a password or key; therefore, pulling the plug would not be prudent. FORENSIC SCIENCE: An Introduction by Richard Saferstein 49

50 Shutdown vs. Pulling the Plug
Similarly, if crucial evidentiary data exists in RAM and has not been saved to the HDD and will thus be lost with discontinuation of power to the system, another option must be considered. Regardless, the equipment will most likely be seized. FORENSIC SCIENCE: An Introduction by Richard Saferstein 50

51 Forensic Image Acquisition
Now that the items have been seized, the data needs to be obtained for analysis. The computer Hard Disk Drive will be used as an example, but the same "best practices" principals apply to other electronic devices as well. FORENSIC SCIENCE: An Introduction by Richard Saferstein 51

52 Forensic Image Acquisition
Throughout the entire process, the computer forensic examiner must adopt the method that is least intrusive. The goal of obtaining data from a HDD is to do so without altering even one bit of data. FORENSIC SCIENCE: An Introduction by Richard Saferstein 52

53 Forensic Image Acquisition
Because booting a HDD to its operating system changes many files and could potentially destroy evidentiary data, obtaining data is generally accomplished by removing the HDD from the system and placing it in a laboratory forensic computer so that a forensic image can be created. FORENSIC SCIENCE: An Introduction by Richard Saferstein 53

54 Forensic Image Acquisition
Occasionally, in cases of specialized or unique equipment or systems, the image of the HDD must be obtained utilizing the seized computer. Regardless, the examiner needs to be able to prove that the forensic image obtained includes every bit of data and resulted in no changes (writes) to the HDD. FORENSIC SCIENCE: An Introduction by Richard Saferstein 54

55 Computer Fingerprint To this end, a sort of fingerprint of the drive is taken before and after imaging. This fingerprint is accomplished through the use of a Message Digest 5 (MD5), Secure Hash Algorithm (SHA), or similar validated algorithm. FORENSIC SCIENCE: An Introduction by Richard Saferstein 55

56 Computer Fingerprint Before imaging the drive, the algorithm is run and a 32- character alphanumeric string is produced based on the drive’s contents. FORENSIC SCIENCE: An Introduction by Richard Saferstein 56

57 Computer Fingerprint It then run against the resulting forensic image, and if nothing changed, the same alphanumeric string will be produced, thus demonstrating that the image is all-inclusive of the original contents and that nothing was altered in the process. FORENSIC SCIENCE: An Introduction by Richard Saferstein 57

58 Visible Data Visible data is the data of which the operating system is aware. Consequently, this data is easily accessible to the user. FORENSIC SCIENCE: An Introduction by Richard Saferstein 58

59 Visible Data From an evidentiary standpoint, it can encompass any type of user created data, such as: Word processing documents Spreadsheets Accounting records Databases Pictures FORENSIC SCIENCE: An Introduction by Richard Saferstein 59

60 Temporary Files and Swap Space
Temporary files, created by programs as a sort of "back-up on the fly," can also prove valuable as evidence. Finally, data in the swap space (utilized to conserve valuable RAM within the computer system) can yield evidentiary data. FORENSIC SCIENCE: An Introduction by Richard Saferstein 60

61 Temporary Files and Swap Space
Latent data, on the other hand, is that data of which the operating system is unaware. FORENSIC SCIENCE: An Introduction by Richard Saferstein 61

62 Figure 8-8 As a user switches between applications and performs multiple tasks, data is swapped back and forth between RAM and the computer's hard drive. This area on the hard drive is referred to as either swap space or a paging file. FORENSIC SCIENCE: An Introduction by Richard Saferstein 62

63 Latent Data Evidentiary latent data can exist in both RAM and file slack. RAM slack is the area from the end of the logical file to the end of the sector. File slack is the remaining area from the end of the final sector containing data to the end of the cluster. FORENSIC SCIENCE: An Introduction by Richard Saferstein 63

64 Latent Data Another area where latent data might be found is in unallocated space. Unallocated space is that space on a HDD that the operating system sees as empty and ready to store data. FORENSIC SCIENCE: An Introduction by Richard Saferstein 64

65 Figure 8-11 A simplistic view of a hard drive platter demonstrating the concept of unallocated space. FORENSIC SCIENCE: An Introduction by Richard Saferstein 65

66 Latent Data The constant shuffling of data through deletion, defragmentation, swapping, and so on is one of the ways that data is orphaned in latent areas. Finally, when a user deletes files, the data typically remains behind. Deleted files are therefore another source of latent data to be examined during forensic analysis. FORENSIC SCIENCE: An Introduction by Richard Saferstein 66

67 Analysis of Internet Data
Places on a computer where a forensic computer examiner might look to determine what websites a computer user has recently visited include: Internet cache Cookies Internet history FORENSIC SCIENCE: An Introduction by Richard Saferstein 67

68 Analysis of Internet Data
The history file can be located and read with a forensic software package. Another way to access websites that have been visited is by examining bookmarks and favorite places. FORENSIC SCIENCE: An Introduction by Richard Saferstein 68

69 IP Addresses IP addresses provide the means by which data can be routed to the appropriate location, and they also provide the means by which most Internet investigations are conducted. IP addresses take the form ###.###.###.###, in which, generally speaking, ### can be any number between 0 and 255. FORENSIC SCIENCE: An Introduction by Richard Saferstein 69

70 Investigation of Internet Communications
An investigator tracking the origin of an seeks out the sender’s IP address in the 's header. Chat and instant messages are typically located in a computer’s random-access memory (RAM). FORENSIC SCIENCE: An Introduction by Richard Saferstein 70

71 Investigation of Internet Communications
Tracking the origin of unauthorized computer intrusions, or hacking, requires investigating a computer’s log file, RAM, and network traffic. A firewall is a device designed to protect against intrusions into a computer network. FORENSIC SCIENCE: An Introduction by Richard Saferstein 71

72 Figure 18–14 Two computers communicating by sending data to each other's IP address via the Internet. An IP address is assigned to each computer by their respective Internet service providers. FORENSIC SCIENCE: An Introduction by Richard Saferstein 72

73 Mobile Forensics Mobile devices offer many of the same services offered by desktop or laptop computers and other devices. Mobile devices can provide a vast amount of useful and evidentiary data in an investigation. FORENSIC SCIENCE: An Introduction by Richard Saferstein 73

74 Mobile Forensics Leaving a mobile device running but placing it in something that will block its communication is the preferred method for preserving data on a mobile device. Complications arise in extracting and evaluating data from mobile devices because of the variety of ways that different devices store and manage data. FORENSIC SCIENCE: An Introduction by Richard Saferstein 74

75 MOBILE DEVICES FORENSIC SCIENCE: An Introduction by Richard Saferstein 75

76 Types of Mobile Devices
Digital (2G) cellular networks moved phones into the small, handheld form and, because they were digital, the new networks opened the door for practical data communications and the beginning of what was referred to as "feature phones." FORENSIC SCIENCE: An Introduction by Richard Saferstein 76

77 Types of Mobile Devices
A cellular system is a network of relatively short-distance transceivers that are spaced strategically so that low-power transmitters can reach the phones in their coverage areas and the very low-power transmitters in the cell phones can reach the cell towers. FORENSIC SCIENCE: An Introduction by Richard Saferstein 77

78 Types of Mobile Devices
The architectural functionality that distinguishes 2G from 3G is that 2G systems were circuit switched and 3G systems are packet switched. FORENSIC SCIENCE: An Introduction by Richard Saferstein 78

79 Types of Mobile Devices
The advent of packet- switched mobile phone networks allowed virtually any kind of data to be accessed by a mobile device, and the smartphone was born. FORENSIC SCIENCE: An Introduction by Richard Saferstein 79

80 Types of Mobile Devices
Native IP (4G) networks differ technologically from 3G networks in that they can access the Internet directly, increasing speed and bandwidth dramatically. FORENSIC SCIENCE: An Introduction by Richard Saferstein 80

81 Mobile Phone Operating Systems
The most popular operating systems for mobile devices— including smartphones and tablets—are Apple iOS, Google Android, and Microsoft Windows Phone. FORENSIC SCIENCE: An Introduction by Richard Saferstein 81

82 Mobile Phone Operating Systems
3G and 4G phones are close in architecture and design to a PC or Mac. These phones behave the same way (especially 4G devices) and have the ability to download and install applications (apps) the same as any PC or Mac. FORENSIC SCIENCE: An Introduction by Richard Saferstein 82

83 Variability of Mobile Devices
One interesting aspect of mobile device forensics is geolocation. The GPS in a mobile device can locate the user's activities and, when used with a timeline, can place the user in the vicinity of a crime. This can make it much easier to track the user's movements. FORENSIC SCIENCE: An Introduction by Richard Saferstein 83

84 Variability of Mobile Devices
Each mobile device has its own quirks: Each device needs special connectors and special device drivers on the tool used to examine it in order to decipher what is stored on the device. FORENSIC SCIENCE: An Introduction by Richard Saferstein 84

85 Variability of Mobile Devices
Storage in a modern smartphone or tablet is accomplished by: Onboard nonvolatile memory Mini-SD cards FORENSIC SCIENCE: An Introduction by Richard Saferstein 85

86 Extracting Data from Mobile Devices
All mobile devices should be kept in a Faraday bag or box. Storing the device in this manner prevents changes from being made remotely to the device. FORENSIC SCIENCE: An Introduction by Richard Saferstein 86

87 Extracting Data from Mobile Devices
Physical forensic images are bit-by-bit copies of the file system, including deleted data. Logical extraction is a snapshot of the file system showing what the file system wants the user to see. FORENSIC SCIENCE: An Introduction by Richard Saferstein 87

88 Extracting Data from Mobile Devices
Mobile device forensic analysis can provide an overlay to physical evidence and timelines as well as computer forensic timelines to give a clearer picture of the events preceding and following a crime event. FORENSIC SCIENCE: An Introduction by Richard Saferstein 88

89 Extracting Data from Mobile Phones
Examiners make it a practice to run the forensic image twice, taking one of the images and treating it as evidence. The examiner should decide, based on what can be done with the particular device, whether to obtain a physical or logical extraction or both. FORENSIC SCIENCE: An Introduction by Richard Saferstein 89

90 Mobile Phone Architecture
SD (Secure Digital) cards are storage expansion cards used by many mobile devices. The SD card adds memory for storing things such as photos and music. SD cards are nonvolatile. FORENSIC SCIENCE: An Introduction by Richard Saferstein 90

91 Mobile Phone Architecture
SIM (Subscriber Identification Module) cards have an international mobile subscriber identity (IMSI) number that associates the phone with the subscriber’s mobile network. FORENSIC SCIENCE: An Introduction by Richard Saferstein 91

92 Mobile Phone Architecture
Each SIM is an integrated circuit card identifier (ICCID). The ICCID contains the issuer identification number (IIN), the individual account identification, and a check digit. FORENSIC SCIENCE: An Introduction by Richard Saferstein 92

93 Mobile Phone Architecture
In addition to memory, the typical mobile device contains a digital signal processor, a microprocessor, a radio frequency transmitter/receiver, audio components, and a power supply. The power supply provides the power to run the device and delivers the ability to charge the battery. FORENSIC SCIENCE: An Introduction by Richard Saferstein 93

94 Assessing the Impact of Digital Evidence on an Investigation
Temporal chains show events in the order in which they occurred. Causal chains of evidence describe the events of a crime in terms of cause and effect. The links in the chain are the pieces of evidence, and they are tied together based on how one link affects one or more other links. FORENSIC SCIENCE: An Introduction by Richard Saferstein 94

95 Assessing the Impact of Digital Evidence on an Investigation
Hybrid crime assessment is a technique that investigators can use when faced with a physical crime, such as murder, rape, or robbery, which has a digital element to it—a computer, smartphone, or some other mobile device. FORENSIC SCIENCE: An Introduction by Richard Saferstein 95

96 Assessing the Impact of Digital Evidence on an Investigation
The object of hybrid crime assessment is to tie all of these elements together. The amount of information that we can get from a mobile device varies greatly, depending on the specific the device. FORENSIC SCIENCE: An Introduction by Richard Saferstein 96

Download ppt "Handwriting Analysis Computer, Mobile device Analysis"

Similar presentations

Chapter 16 DOCUMENT EXAMINATION.

Chapter 16 DOCUMENT EXAMINATION.
Forensic Science Questioned Documents

Forensic Science Questioned Documents
DOCUMENT AND VOICE EXAMINATION

DOCUMENT AND VOICE EXAMINATION
Computer Systems – Hardware

Computer Systems – Hardware
COMPUTER CONCEPTS Computer Information Systems. COURSE COMPETENCIES Explain the functions of computer system components. Describe the information processing.

COMPUTER CONCEPTS Computer Information Systems. COURSE COMPETENCIES Explain the functions of computer system components. Describe the information processing.
Forensic Science Questioned Documents. Questioned Documents Any object that contains handwritten or typewritten markings whose source or authenticity.

Forensic Science Questioned Documents. Questioned Documents Any object that contains handwritten or typewritten markings whose source or authenticity.
17-1 ©2011, 2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE: An Introduction, 2 nd ed. By Richard Saferstein DOCUMENT EXAMINATION.

17-1 ©2011, 2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE: An Introduction, 2 nd ed. By Richard Saferstein DOCUMENT EXAMINATION.
CTE Forensics/Law & Public Safety 1-2

CTE Forensics/Law & Public Safety 1-2
Hardware of Personal Computers

Hardware of Personal Computers
Chapter 16 DOCUMENT EXAMINATION.

Chapter 16 DOCUMENT EXAMINATION.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
17-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE An Introduction By Richard Saferstein COMPUTER FORENSICS.

17-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein COMPUTER FORENSICS.
18-1 ©2011, 2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE: An Introduction, 2 nd ed. By Richard Saferstein COMPUTER FORENSICS.

18-1 ©2011, 2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE: An Introduction, 2 nd ed. By Richard Saferstein COMPUTER FORENSICS.
Bellringer Do you think students should study computers? Why or why not?

Bellringer Do you think students should study computers? Why or why not?
16- PRENTICE HALL ©2007 Pearson Education, Inc. Upper Saddle River, NJ 07458 CRIMINALISTICS An Introduction to Forensic Science, 9/E By Richard Saferstein.

16- PRENTICE HALL ©2007 Pearson Education, Inc. Upper Saddle River, NJ CRIMINALISTICS An Introduction to Forensic Science, 9/E By Richard Saferstein.
Ch. 16 Document Examination CSI And Document Examination CSI And Document Examination.

Ch. 16 Document Examination CSI And Document Examination CSI And Document Examination.
Essential Computer Concepts

Essential Computer Concepts
DOCUMENT EXAMINATION Chapter 16. Activity On the paper provided: –Write your name on the appropriate line –On the lines provided write exactly the words:

DOCUMENT EXAMINATION Chapter 16. Activity On the paper provided: –Write your name on the appropriate line –On the lines provided write exactly the words:
 Design model for a computer  Named after John von Neuman  Instructions that tell the computer what to do are stored in memory  Stored program Memory.

 Design model for a computer  Named after John von Neuman  Instructions that tell the computer what to do are stored in memory  Stored program Memory.
17- PRENTICE HALL ©2007 Pearson Education, Inc. Upper Saddle River, NJ 07458 CRIMINALISTICS An Introduction to Forensic Science, 9/E By Richard Saferstein.

17- PRENTICE HALL ©2007 Pearson Education, Inc. Upper Saddle River, NJ CRIMINALISTICS An Introduction to Forensic Science, 9/E By Richard Saferstein.

Similar presentations

Ads by Google