Embed Size (px)
DESCRIPTION
Taking a judge and jury through your investigative process, and why mobile evidence is relevant to your case, is only half of testimony. You should also be prepared to testify about the tools and methods you used, and to address any challenges to your process. This session will tell you what you need to know about mobile forensic extraction, analysis and interpretation; how to deal with questions about vendors’ proprietary methods; and specific challenges around mobile evidence authenticity and admissibility.
Citation preview
Global Training
Research, Strategy & Execution
1
Preparing to Testify About Mobile Evidence in Court
Agenda
3
1. Goals and Objectives
2. Preparing for Court
3. Forensic Tools
4. Forensic Methodologies
5. Special Considerations
6. Working with Attorneys
7. Questions
Goals and Objectives
4
• Discuss the role of the Mobile Device Examiner as witness in legal proceedings
• Learn how to successfully prepare to testify in legal proceedings
• Testifying to your examination—the extraction, analysis and interpretation
• Challenges around mobile evidence authenticity and admissibility
Preparing for Court
5
The Mobile Device Examiner as a witness…
What You Need Before You Testify:
• An understanding of your role as the witness
• To develop and/or update your resume or Curriculum Vitae or “CV”
• Prepare copies of all reports, notes, emails, and supplement documents that related to your examination
Preparing for Court
6
Understanding What Type of Witness You Are…
A Fact Witness is:
• An individual with knowledge about what happened in a specific case who offers testimony about what happened and/or what the facts are
An Expert Witness is:
• An individual who is a specialist in a subject, often technical, who may present their expert opinion without having been a witness to any occurrence relating to the legal proceeding at hand
Preparing for Court
7
Examiners should be prepared to:
• Provide copies of the Chain of Custody
• Provide the copies of the Legal Search Authority for the items that were analyzed
• Provide testimony as to how their forensic tools function and their methodology
• Provide a detailed report of findings that’s defendable
Forensic Tools
8
Lack of understanding of to how to properly use forensic tools and how they function, Examiners risk:
• Damaging or altering original evidence
• Failure to thoroughly examine evidence
• Misinterpreting data
• Preparing inaccurate reports of findings
Forensic Tools
9
Which could result in…
• The destruction of original evidence
• Evidence being ruled as inadmissible by the court
• The loss of the creditability of the examiner by the courts
• Potential civil liability
Forensic Methodologies
10
It is essential for the Mobile Device Examiner to have a sound set of analysis protocols. These protocols or methodologies ensure:
• The examiner’s forensic tools have been validated
• Evidence files are true and accurate copies of the original items seized
• The examiner stays within the scope of the legal search authority
• That the examiner conducted time-involved searches of evidence files
Forensic Methodologies
11
These protocols or methodologies ensure (continued):
• That the examiner has verified or validated their findings through: hand scrolling techniques, third party tools, and/or database verification and analysis
• That the examiner has had their findings peer reviewed by fellow colleagues
• That the examiner has prepared an accurate report
Special Considerations
12
As Mobile Examiners we must be prepared to testify not only to our report, but also to:
• Forensic hardware/software vendors’ proprietary methods
--Extraction techniques
--Decoding
• Technical issues
Special Considerations
13
So how do we as Mobile Device Examiners navigate these considerations?
• We have core understanding of how our forensic tools function and interact with evidence through means of:
--Attending Vendor Specific Training
--Professional Association Memberships
--Networking with Peers
• Product Support from the Vendor
Working with Attorneys
14
One last critical objective:
• Essential to develop positive relationships with the Attorneys adjudicating the case
• Understand their perspective
• Gather information on their needs: i.e. timeline, prosecution strategy, anticipated cross examination questions, trial prep schedule and objectives
• Offer creative solutions to help build the case
Working with Attorneys
15
Add value to the legal team by:
• Explaining your report of findings in layman’s terms
• Demonstrating the process of recreating and validating our findings
• Providing assistance with the creation of exhibits
• Addressing possible defense expert theories
• Providing ample time for trial preparation
Working with Attorneys
16
Follow these guidelines to help ensure that:
• Forensic reports or attorney exhibits are authenticated - and therefore - admissible
• The attorney is well prepared to defend and argue the evidence that has been identified
• The examiner is thoroughly prepared to testify as to their report
Final Thoughts
17
• Have a true understanding of how your forensic tool functions
• Validate your findings
• Document everything
• Peer review is imperative
• Speak in layman terms
• Do everything possible to assist your prosecutor
Questions?
18
