Presentation is loading. Please wait.

Presentation is loading. Please wait.

Document Analysis and Computer Forensics

Published byこうじ やすもと Modified over 5 years ago

Similar presentations

Presentation on theme: "Document Analysis and Computer Forensics"— Presentation transcript:

1 Document Analysis and Computer Forensics
SFS2. Students will use various scientific techniques to analyze physical and trace evidence. d. Identify methods used for the evaluation of handwriting and document evidence.

2 ESSENTIAL QUESTIONS How can you individualize handwriting?
What steps must be taken to recover good exemplars? How can you distinguish the types of forgery? What techniques can be used to examine a questioned document?

3 FYI: We will not be using graphology to interpret handwriting samples, as this is not a psychology course. We are only interested in the ability to distinguish origin and veracity of a questioned document.

4 What do document examiners do?
Compare exemplars to questioned documents by Revealing text from indented impressions Detecting alterations, obliterations, erasures, and page substitutions Determining individual dye components Examining typewritten and machine-printed documents Examining seals and stamps Examining handwriting

5 Basic Information on Handwriting
Penmanship is the technique of writing with the hand using a writing instrument. The various styles of writing are called hands (e.g. “print” and “cursive”). Handwriting is an individual personal style of penmanship. This does NOT develop until your brain and muscles have “learned” how to form the letters.

6 What do handwriting examiners look at?
Document experts will testify to the fact that no two individuals write exactly alike. Each examiner must be skilled at looking at challenges that occur, for instance someone trying to sign a check with a broken finger. Focus of examination is on the characteristics of authenticity.

7 12 Characteristics of Authenticity
Line quality Generally handwriting is smooth and free flowing when written at “regular” speed. Spacing of words and letters Ratio of relative height, width, and size of letters This is difficult to simulate accurately and consistently. Pen lifts and separations Forgeries typically indicate inconsistency in this area. Connecting strokes Beginning and ending strokes

8 12 Characteristics of Authenticity
Unusual letter formation This is difficult to forge, as it is a learned habit. Shading or pen pressure Because this results, in part, from the weight of the arm and hand, this is difficult to forge. Slant Even disguising your own writing usually doesn’t change this. Baseline habits Flourishes or embellishments Placement of diacritics How are the “i”s dotted and “t”s crossed?

9

10 Collection of Handwriting Exemplars
There must be an adequate amount of exemplars for a true comparison to be made, and there must be accountability for the natural variations that occur (greeting cards, diaries, planners) There is a 7-step method to ensuring a good exemplar from a suspect.

11 7 Step Method to a Good Exemplar
The writer should be allowed to write sitting comfortably at a desk or table without distraction. The suspect should not under any conditions be shown the questioned document or be provided with instructions on how to spell certain words or what punctuation to use. The suspect should be furnished a pen and paper similar to those used in the questioned document. The dictated text should be the same as the contents of the questioned document, or at least should contain many of the same words, phrases, and letter combinations found in the document.

12 7 Step Method to a Good Exemplar
Dictation of the text should take place at least three times. Signature exemplars can best be obtained when the suspect is required to combine other writings with a signature. Before requested exemplars are taken from the suspect, a document examiner should be consulted and shown the questioned document. Let's try one!

13 Methods of Forgery Forgery is the process of making, adapting, or imitating objects, statistics, or documents with the intent to deceive. When it applies to currency, is it called counterfeiting. Fraud is an intentional deception made for personal gain or to damage another individual. Forgery is one of the techniques of fraud and is a felony in all states The most commonly forged documents are signed checks.

14 Methods of Forgery Three types of forgery: Blind forgery
Forger uses his/her own handwriting Simulated forgery Forger carefully simulates other’s handwriting Traced forgery Forger traces a genuine signature onto document

15 Examples of Forgery

16 Identifying a Forgery Excluding the handwriting differences, an document examiner will also look at inconsistencies with Paper type Ink (chromatographical analysis)

17 Georgia Law Forgery in 1st degree Forgery in 2nd degree
Manufactures and distributes forgery (excluding checks) Forgery in 2nd degree Manufactures forgery (excluding checks) Forgery in 3rd degree Manufactures and/or distributes a check for $1500+ OR possesses 10+ forged checks Forgery in 4th degree Manufactures and/or distributes a check for <$1500 OR possesses <10 forged checks 1st – 3rd degrees are felony convictions and imprisonment (1-15 yrs) 4th degree is misdemeanor for 1st/2nd conviction; 3rd conv is felony

18 Georgia Law 1st – 3rd degrees are felony convictions and imprisonment (1-15 yrs) 4th degree is misdemeanor for 1st/2nd conviction; 3rd+ conviction is felony

19 Typescript Comparisons
Typed-written documents must be checked under a microscope for typing and dot formation. Different Types: Typewriter Printer As the type of printer becomes more technical the harder it is to distinguish. Hopefully there will be a repeating mistake, like inkblots or offline setting, that will make it easier to find.

20 Characteristics From Use
As is true for any mechanical device, use of a printing device will result in wear and damage to the machine’s moving parts. These changes will occur in a fashion that is both random and irregular, thereby imparting individual characteristics to the printing device. The document examiner has to deal with problems involving business and personal computers, which often produce typed copies that have only subtle defects. Another area of investigation relates to the typewriter ribbon, which may contain type impressions.

21

22 Digital Technology In the cases of photocopiers, fax machines, and computer printers an examiner may be called on to identify the make and model of a machine or to compare a questioned document with test samples from a suspect machine. A side by side comparison is made between the questioned document and the printed exemplars to compare markings produced by the machine. Examiners compare transitory defect marks, fax machine headers, toner, toner application methods, and mechanical and printing characteristics.

23

24 Changes in Documents Document examiners must deal with evidence that has been changed in several ways, such as through alterations, erasures, and obliterations.

25 Changes in Documents Erasures remove writing or typing from a document by using rubber erasers, sandpaper, razor blade or knife, or chemicals The fibers of the paper are easily disturbed (torn, wrinkled) and the changes are readily apparent when examined with a microscope Using oblique lighting can often detect shadows from the indentations IR or UV lighting can detect thinner paper A mixture of baking soda and toner powder visualize surface abrasion

26

27 Changes in Documents Obliteration is the overwriting, covering, or crossing out to hide the original writing. It can be revealed by IR light, which may pass through the upper layer of writing while being absorbed by the underlying area.

28

29 Changes in Documents An alteration is made to a document when writing or typing is changed but the original remains visible When ink differing from the original is used, it can sometimes be detected due to differences in the IR reflectance or luminescence properties of the inks.

30

31 Other Document Problems
Indented writings are impressions left on papers positioned under a piece of paper that has been written on. Usually can be seen using oblique lighting. Often effective, but oblique lighting techniques are unable to recover microscopic indentations- those which occur three or four sheets down.

32 Other Document Problems
Electrostatic Detection Apparatus (ESDA) can be used to prevent destruction of the original document. Writing can be revealed from three or more pages beneath the original – very sensitive. A suspect page is covered with a cellophane material and vacuum sealed. The document and cellophane are then subjected to a high voltage static charge by waving a wand over the surface. Black toner, similar to that used in photocopiers and laser printers is then cascaded over the cellophane.

33

34 What is computer forensics?
The systematic identification, preservation, extraction, documentation, and analysis of electronic data that could potentially be used in court. Extensive knowledge of computer hardware and software is required

35 Types of Cyber Crime Hacking Cyberterrorism DDoS Attacks
Intentionally entering an unauthorized computer or network system Cyberterrorism Hacking into a company's internal networking system for the purpose of demonmstrating or protesting a political agenda DDoS Attacks Used to make an online service unavailable and take the network down by overwhielming the site with traffic from a variety of sources

36 Types of Cyber Crime Botnets Identity Theft Exploit Kits
Networks from compromised computers that are controlled externally by remote hackers Identity Theft Gaining access to a user's personal information for fraudulent means Exploit Kits Readymade purchasable software designed to exploit system vulnerabilities

37 Types of Cyber Crime Cyberstalking Social Engineering PUPs
Involves online harassment where the user is subjected to numerous online messages and s Social Engineering Using deception to manipulate someone into divulging confidential or personal information that could be used fraudulently PUPs Designed to install unnecessary software in your system for information gathering or other fraudulent behavior (spyware, ransomware)

38 Types of Cyber Crime Phishing Prohibited/Illegal Content Online Scams
Sending malicious attachments or URLs to gain access to user accounts or systems Prohibited/Illegal Content Sharing and/or distributing inappropriate content Online Scams Usually ads or spam s that promise unrealistic rewards but compromise user information instead

39 Investigating Cyber Crimes
The most common type of cyber crime is unauthorized access and use of information Identify any hardware Determine how/whether the computer should be turned off/on Image the drive Document the findings Present the evidence in court

40 Categories of Computer Evidence
Substantive evidence Introduced for what it helps to prove itself Illustrative evidence Illustrates testimony but does not by itself prove anything Computer-stored evidence Includes documents and other records that were created by a person and that happen to be sotred in electronic form Computer-generated evidence Direct output of computer programs

41 Categories of Computer Evidence
Substantive evidence stored on a computer Checkbook software, s, image files Substantive evidence generated by a computer Login record of ISP, ATM receipts Illustrative evidence generated by a computer Computer animation used to describe testimony

42 Georgia Law Georgia designates 5 types of cyber crimes:
Computer Theft Computer Trespass Computer Invasion of Privacy Computer Forgery Computer Password Disclosure Criminal penalties for 1-4 include up to $50k in fines and/or up to 15 yrs in prison Criminal penalties for 5 may be fined up to $5k and/or up to 1 yr in prison

Download ppt "Document Analysis and Computer Forensics"

Similar presentations

Chapter 16 DOCUMENT EXAMINATION.

Chapter 16 DOCUMENT EXAMINATION.
Forensic Science Questioned Documents

Forensic Science Questioned Documents
Introduction to Document Examination Karen Woodworth, MFS Grapevine High School.

Introduction to Document Examination Karen Woodworth, MFS Grapevine High School.
Unit 7.  Examination of:  Handwriting  Transcript  Overwriting  Erasures  Reconstruct writing of charred or burned papers  Indented writing  counterfeit.

Unit 7.  Examination of:  Handwriting  Transcript  Overwriting  Erasures  Reconstruct writing of charred or burned papers  Indented writing  counterfeit.
DOCUMENT AND VOICE EXAMINATION

DOCUMENT AND VOICE EXAMINATION
Document Analysis. Document examination is a form of forensic science that includes the analysis of handwriting as well as the detection of forged documents.

Document Analysis. Document examination is a form of forensic science that includes the analysis of handwriting as well as the detection of forged documents.
Forensic Science Questioned Documents. Questioned Documents Any object that contains handwritten or typewritten markings whose source or authenticity.

Forensic Science Questioned Documents. Questioned Documents Any object that contains handwritten or typewritten markings whose source or authenticity.
17-1 ©2011, 2008 Pearson Education, Inc. Upper Saddle River, NJ 07458 FORENSIC SCIENCE: An Introduction, 2 nd ed. By Richard Saferstein DOCUMENT EXAMINATION.

17-1 ©2011, 2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE: An Introduction, 2 nd ed. By Richard Saferstein DOCUMENT EXAMINATION.
CTE Forensics/Law & Public Safety 1-2

CTE Forensics/Law & Public Safety 1-2
Document Analysis.

Document Analysis.
Chapter 16 DOCUMENT EXAMINATION.

Chapter 16 DOCUMENT EXAMINATION.
Objectives: You will understand: How analyst can individualize handwriting to a particular person. What types of evidence are submitted to the document.

Objectives: You will understand: How analyst can individualize handwriting to a particular person. What types of evidence are submitted to the document.
16- PRENTICE HALL ©2007 Pearson Education, Inc. Upper Saddle River, NJ 07458 CRIMINALISTICS An Introduction to Forensic Science, 9/E By Richard Saferstein.

16- PRENTICE HALL ©2007 Pearson Education, Inc. Upper Saddle River, NJ CRIMINALISTICS An Introduction to Forensic Science, 9/E By Richard Saferstein.
A questioned document is one in which a document in its entirety, or in part, is subject to question as to authenticity and/or origin OR any signature,

A questioned document is one in which a document in its entirety, or in part, is subject to question as to authenticity and/or origin OR any signature,
Computer Analysis.

Computer Analysis.
Ch. 16 Document Examination CSI And Document Examination CSI And Document Examination.

Ch. 16 Document Examination CSI And Document Examination CSI And Document Examination.
Questioned Documents.

Questioned Documents.
Document Analysis Students will learn: Students will be able to:

Document Analysis Students will learn: Students will be able to:
DOCUMENT EXAMINATION Chapter 16. Activity On the paper provided: –Write your name on the appropriate line –On the lines provided write exactly the words:

DOCUMENT EXAMINATION Chapter 16. Activity On the paper provided: –Write your name on the appropriate line –On the lines provided write exactly the words:
Handwriting Analysis. QUESTION ? A piece of paper is involved in most crimes, perhaps indirectly like in a ransom note in a kidnapping or a forged signature.

Handwriting Analysis. QUESTION ? A piece of paper is involved in most crimes, perhaps indirectly like in a ransom note in a kidnapping or a forged signature.

Similar presentations

Ads by Google