Knowt
Note
Studied by 20 peopleNoteStudied by 60 peopleNoteStudied by 137 peopleNoteStudied by 1 personNoteStudied by 70 peopleNoteStudied by 8 people
Semester 1 Forensics Review
Unit 4: Blood and Toxicology
Genetic Terms to Remember
Phenotype: a set of observable characteristics of an individual
Genotype: the genetic constitution of an individual
Homozygous: having two of the same gene (either dominant or recessive)
Heterozygous: having one dominant and one recessive copy of a gene
Introduction and History
Blood typing can provide class evidence; whereas DNA profiling can provide individual evidence
A blood spatter pattern can give information about truthfulness of an account by a witness or suspect
It can also provide information about the origin of the blood, the angle and velocity of impact, and type of weapon used
Crime Scene Investigation of Blood
Search for blood evidence
If any is discovered, process it determining:
Whether the evidence is blood or not
Kastle-Meyer test
Whether the blood is human
The blood type
Interpret the findings:
See if the blood type matches a suspect
If it does not, exclude the suspect
If it does, decide if DNA profiling is needed
Composition of Blood
Whole blood carries cells and plasma; the fluid found with hormones, clotting factors, and nutrients
Red blood cells carry oxygen to the body’s cells and carbon dioxide away
White blood cells fight disease and foreign invaders and, alone, contain nuclei
Platelets aid in blood clotting and repair if damaged blood vessels
How do you get your Blood Type?
There are four major blood types and two different antibodies:
A, B, AB, O
Anti-A and Anti-B
You get your blood type from your parents. You can determine the possible blood types for an individual if you know the blood types of their parents
Your blood type is a phenotype, but some blood types can have multiple genotypes
Blood types A and B are dominant over O (recessive), but A and B are co-dominant with each other
Rh Factor
Red blood cells carry proteins on their surfaces in addition to Anti-A and Anti-B
The Rhesus Factor, Rh, is a protein carried by some individuals
If a person carries the Rh factor they are “Rh Positive” if not, they are “Rh Negative”
Rh is a dominant trait, so only one copy of Rh+ is needed for a person to be Rh+
Blood Typing: Proteins
Blood typing is a quicker and less expensive than DNA profiling
It produces class evidence but can still link a suspect to a crime scene or exclude a suspect
42% of the population has Type A
12% of the population has Type B
3% of the population has Type AB
43% of the population has Type O
85% of the population is Rh+
Blood Typing: Antibodies- Additional Proteins and Enzymes
Antibodies are proteins secreted by white blood cells that attach to antigens to destroy them
Antigens are foreign molecules or cells that react to antibodies
Enzymes are complex proteins that catalyze different biochemical weapons
Many enzymes and proteins have been found in the blood that are important for identification purposes
Human or Animal Blood?
It is important to determine whether any blood found at a crime scene is human or animal
A precipitin test is often performed for questioned samples
Blood Spatters: History and Context
In 1939 the meaning of the spatter pattern was first analyzed
When a wound is inflicted, a blood spatter may be analyzed
It takes a grouping of blood stains to make a blood spatter pattern
The pattern can help reconstruct the events surrounding a shooting, stabbing, or beating
Blood Spatter Analysis
Analysis of a pattern can aid in determining the:
direction the blood traveled
angle of impact
point of origin of the blood
velocity of the blood
manner of death
When blood falls from a height or at a high velocity, it can overcome its natural cohesiveness and form satellite droplets
When it falls onto a surface, it can form spiking patterns around the drops
Satellites are not connected tot he blood drops, spikes are connected
Passive Patterns
Passive Drop: Bloodstain drop(s) created or formed by the force of gravity acting alone
Drip Pattern: A bloodstain pattern which results from blood dripping into blood
Very stationary
Flow Pattern: A change in the shape and direction of a bloodstain due to the influence of gravity or the movement of the object
Pool: A bloodstain pattern created when a source of blood remains stationary over a surface causing an accumulation of blood
Saturation: A bloodstain pattern created when a volume of blood has been absorbed by an object
Transfer Patterns
Transfer/Contact Pattern: A bloodstain pattern created when a wet, bloody surface comes in contact with a second surface. A recognizable image of all or a portion of the original surface may be observed in the pattern
Swipe Pattern: The transfer of blood from a moving surface onto an unstained surface. Direction of travel may be determined by the feathered edge
Wipe Pattern: A bloodstain pattern created when an object moves through an existing stain, removing and/or altering its appearance
Projected/Impact Patterns
Arterial Spurt: A bloodstain pattern(s) resulting from blood exiting the body under pressure from a breached artery
Cast-Off Pattern: A bloodstain created when blood is released or thrown from a blood-bearing object
Expirated Blood: Blood that is blown out of the nose, mouth, or a wound as a result of air pressure and/or air flow which is the propelling force
Always has bubbles in splatter
Low Velocity Impact Spatter (LVIS): A bloodstain pattern that is caused by a low velocity impact/force to a blood source
Has spiking/satellites
Medium Velocity Impact Spatter (MVIS): A bloodstain pattern caused by a medium velocity impact/force to a blood source
Typically from a beating
High Velocity Impact Spatter (HVIS): A bloodstain pattern caused by a high velocity impact/force to a blood source
Often produced by a gunshot or high speed machinery
Miscellaneous Patterns
Void: An absence of a stain in an otherwise continued bloodstain pattern
Indicates that a person or object was in the way of the blood spatter and was later moved
Skeletonized Stains: A bloodstain consisting of a darkened peripheral rim where the center of the stain is no longer intact
Blood Spatter Analysis: Directionality
The shape of an individual drop of blood provides clues to the direction from where the blood originated
The point of impact will be darker than the rest of the blood pattern
Blood Droplet Characteristics
A blood droplet will remain spherical in space until it collides with a surface
The spherical shape is caused by the surface tension of blood
As it collides with a surface, the blood droplet is pushed outwards into a rim
Angle of Impact
The shape of a blood drop:
Round if it falls straight down at a 90 degree angle
Elliptical blood droplets elongates as the angle decreases from 90 to 0 degrees
Angle of Impact= Sin-1 (width/height)
Origin of the Blood
Lines of convergence
Draw the straight lines down the axis of the blood spatters
Where the lines converge is where the blood originated from
Determining the Point of Origin
Place the stand on an area of convergence
Calculate the angle of impact of each stain
Using string, tape, and a protractor, raise the string to the calculated angle and attach it to the stand
Do the same for each stain
The place on the stand where the string from each stain meets is the area of origin
Forensic Toxicology: Introduction
Forensic toxicology helps determine (A) the cause-and-effect relationships between exposure to a drug or other substances and (B) the toxic or lethal effects from that exposure
People can be exposed to toxic substances:
Intentionally: By treating illness or pain
Accidentally: By harmful combinations or overdoses
Deliberately: By harming or killing others or by suicide
Poison: Murder, Accidental Overdoses, and Drug Overdoses
Less than .5% of all homicides are the result of poisoning
Accidental drug overdoses are much more common
More than 50% of the federal prison population and about 20% of the population in state prisons consist of drug offenders
Controlled Substances: Hallucinogens
The effects and intensity of response to these drugs varies from person to person
Often derived from plants, hallucinogens affect the user’s perceptions, thinking, self-awareness, and emotion
Examples include MDMA (ecstacy), Mescaline, LSD, and PSP
Common side effects of an overdose include:
Increased heartrate and blood pressure
Hallucinations
Dilated pupils
Increased body temperatures and sweating
Seizures and stroke
Controlled Substances: Narcotics
Narcotics reduce pain and can be very habit forming
Common examples are opium, heroin, codeine, morphine, methadone, and oxycodone
Side effects and signs of an overdose are:
Difficulty breathing
Low blood pressure
Drowsiness
Small pupils
Blue fingernails and lips
Controlled Substances: Stimulants
Stimulants increase feelings of energy and alertness, while suppressing appetite
As the drug wears off, however, depression often results
Stimulants tend to be highly addictive
Examples include speed, cocaine, crack, and methamphetamines
Side effects and characteristics of an overdose include:
High blood pressure and body temp
Increased and irregular heartbeat
Sweating
Brain bleeding
Death
Controlled Substances: Anabolic Steroids
These drugs are produced in a laboratory and have a chemical structure similar to testosterone
Anabolic steroids promote cell tissue and growth, increasing bone mass and body muscle
Because of this, they are popular with weightlifters, body builders, and other athletes
Negative effects include increased cholesterol, stunted growth, kidney and liver problems, and hyper-aggressiveness
Anabolic steroids are mostly testosterone (the male sex hormone), and its derivative. Examples include: Testosterone, dihydrotestosterone, androstenedione (andro), dehydroepiandrosterone (DHEA), clostebol, nandrolone
Controlled Substances: Depressants
Depressants act on the central nervous system and increase the activity of a neurotransmitter called GABA
Increased GABA production results in drowsiness and slowed brain activity
These drugs, consequently, relieve anxiety and produce sleep
Mixing depressants with alcohol and other drugs increases their effects and health risks, possibly leading to coma or death
Examples include ethyl alcohol, barbituates, benzodiazepines, and alcohol
Alcohols
There are 3 legal limits of Blood Alcohol Under Georgia DUI Law:
.02 is the legal limit for persons under 21 years of age
.08 is the legal limit for adults over 21 years of age driving non-commercial vehicles
.04 is the legal limit for persons driving commercial vehicles or large trucks or busses
Drug Identification
The challenge or difficulty of forensic drug identification comes in selecting analytical procedures that will ensure a specific identification of a drug
This plan, or scheme of analysis, is divided into 2 phases:
Screening Test that is nonspecific and preliminary in nature to reduce the possibilities to a manageable number
Confirmation Test that is a single test that specifically identifies a substance
Preliminary Analysis
Faced with the prospect that the unknown substance may be one of a thousand or more commonly encountered drugs, the analyst must employ screening tests to reduce these possibilities to a small and manageable number
This objective is often accomplished by subjecting the material to a series of color tests that will produce characteristic colors for the more commonly encountered illicit drugs
Microcrystalline tests can also be used to identify specific drug substances by studying the size and shape of crystals formed when the drug is mixed with specific reagents
Conformational Determination
Once the preliminary analysis is completed, a conformational determination is pursued
Forensic chemists will employ a specific test to identify a drug substance to the exclusion of all other known chemical substances
Typically, infrared spectrophotometry or gas chromatography- mass spectrometry is used to identify a drug substance specifically
Chromatography
Chromatography is a means of separating and tentatively identifying the components of a mixture
Gas Chromatography (GC): the moving phase is actually a gas called the carrier gas, which flows through a column
The stationary phase is a thin film of liquid contained within the column
After a mixture has traversed the length of the column, it will emerge separated into its components
Spectrophotometry
Just as a substance can absorb visible light to produce color, many of the invisible radiations of the electromagnetic spectrum are likewise absorbed
Spectrophotometry, an important analytical tool, measures the quantity of radiation that a particular material absorbs as a function of wavelength and frequency
UV and IR Spectrophotometry
Currently, most forensic laboratories use UV and IR spectrophotometers to characterize chemical compounds
The simplicity of the UV (Ultra Violet light) Spectrum facilitates its use as a tool for determining a material’s probable identity, although it may not provide a definitive result
The IR (Infrared light) Spectrum provides a far more complex pattern
Different materials always have distinctly different infrared spectra
Each IR Spectrum is therefore equivalent to a “fingerprint” of that substance
Mass Spectrometer (MS)
In the Mass Spectrometer, a beam of high energy electrons collides with a material producing positively charged ions
These positive ions almost instantaneously decompose into numerous fragments, which are separated according to their masses
The unique feature of mass spectrometry is that under carefully controlled conditions, no two substances produce the same fragment pattern
Bacterial Toxins
Tetanus
Lockjaw, as it is sometimes called, is produced by the clostridium tetani bacteria
Its poison can cause violent muscle spasms
Botulism
Produced by bacteria clostridium botulinum, it paralyzes muscles
Causes irreversible damage to nerve endings
Very small amounts are extremely deadly
The most poisonous biological substances
Used in Botox
Pesticides and Heavy Metals
Pesticides mostly are used to protect plants or food crops. Metal compounds are very poisonous. Both can result in death
Pesticides (Ex: DDT, Aldrin, Dieldrin): interferes with nerve’s impulses and muscular contractions
Lead: Notable side effects include anemia and blue discoloration along the gum line
Mercury: Flu-like symptoms, personality changes, memory and balance problems
Arsenic: Side effects begin within 30 minutes of ingestion, flu-like symptoms, kidney failure, and skin lesions
Cyanide: Can be fatal within 6-8 minutes, pink skin from high blood oxygen, produces an almond-like odor
Strychnine: Within minutes produces body spasms, increased body temp, and convulsions
Bioterrorism Agents
Ricin: A poisonous protein in the castor bean, lethal in extremely small amounts, can enter the body in 3 ways:
Inhaled as mist or powder
Ingested as food or drink
Injected into the body (most fatal)
Anthrax: Caused by the bacteria Bacillus Anthracus, which form spores
Can be spread to humans from infected animals
Can enter the body through:
Inhalation: Causes breathing problems that usually result in death
Ingestion: Becomes fatal in 25-60% of cases
Absorption via the skin: Leads to death in about 20% of untreated cases
Unit 3: DNA and Fingerprinting
Fingerprinting: Historical Development
The oldest known documents showing fingerprints date from 3rd Century B.C. China
In ancient Babylon (dating back to 1792-1750 B.C.), fingerprints pressed into clay marked contracts
The earliest written study (1684) is Dr. Nehemiah’s paper describing the patterns he saw on human hands under a microscope, including the presence of ridges
In 1788, Johann Mayer noted that the arrangement of skin ridges is never duplicated in two persons. He was probably the first scientist to recognize this fact
9 Fingerprint patterns were described in 1823 by Jan Evangelist Purkyn
Sir William Herschel in 1856 began the collection of fingerprints and noted they were not altered by age
Alphonse Bertillion created a way to identify criminals that were used in 1883 to identify a repeat offender
In 1888, Sir Francis Galton and Sir Edmund Richard Henry developed the fingerprint system that is still in use in the U.S.
In 1891, Ivan (Juan) Vucetich improved fingerprint collection. He began to note measurements on identification cards (also known as 10 Cards), as well as adding all ten fingerprint impressions. He also invented a better way of collecting these impressions
Beginning in 1896, Sir Henry, with the help of two colleagues created a system that divided fingerprints into groups. Along with notations about individual characteristics, all 10 fingerprints were imprinted onto a 10 Card
Alphonse Bertillion and the Case of Will West
A strange occurrence at the Leavenworth Penitentiary in 1883 changed the course of identification forever
A prisoner by the name of Will West was brought to prison for processing. Officials were alarmed because a man named William West had been incarcerated since 1901 and they assumed William had escaped and returned. Records seemed to confirm this
But William West was still in his cell! The new Mr. West was a different man. They were so similar to each other that the Bertillion system of identification identified them as the same. After this, fingerprints were used more in prisons
What are Fingerprints?
All fingers, toes, feet, and palms, are covered in small ridges
Plantar (feet), Dactyl (fingers and toes), and Palmar (palm)
These ridges are arranged in connected units called dermal, or friction ridges
These ridges help us get or keep our grip on objects
Natural secretions plus dirt on these surfaces leave behind an impression (a print) on those objects with which we come in contact
The epidermal layer is responsible for producing fingerprints is the papillary/basal layer
Formation of Fingerprints
An animal’s external tissue (skin) consists of (a) an inner dermis and (b) an outer dermis
The creation of fingerprints occurs in a papillary/basal layer in the epidermis where new skin cells are produced
Fingerprints are probably produced/formed at the start of the 10th week of pregnancy
Because the basal layer grows faster than others, it collapses, forming intricate shapes
Types of Fingerprints
Loops
About 65% of the known population has loop fingerprints (most common)
Left loops and right loops
Arches
Arches are the simplest type of fingerprints that are formed by ridges that enter one side and exit on the other side of the print
About 5% of the known population has arches
Plain arch and tented arch (similar to plain arch but has a spike in the center)
Whorls
Whorls have at least one ridge that makes (or tends to make) a complete circuit. They also have at least 2 deltas. If a print has more than two deltas, it is most likely accidental
Plain whorl and central pocket whorl
About 30% of the known population has whorls
Draw a line between the two deltas in the plain and central pocket whorls. If some of the curved ridges touch the line it is a plain whorl. If none of the center core touches the line it is a central pocket whorl
Other types
Double loop whorl
Made up of any two loops combined into one print
Accidentals
Contains 2 or more patterns (not including the plain arch), or does not clearly fall under any of the other categories
Characteristics of Fingerprints
Forensic scientists look for the presence of a core (the center of a loop/whorl) and deltas (the triangular regions near the loop)
A ridge count is another characteristic that distinguishes one fingerprint from another. The count is made from the center of the core to the edge of the delta
Basic patterns can be further divided
Left and right loops are equally common (65%)
Arch patterns can be plain (4%) or tented (1%)
Whorl patterns can be plain (24%), central pocket (2%), or double loop whorl (4%)
Accidentals (.01%)
Even twins have unique fingerprints due to small differences (called minutae) in the ridge patterns
ACE-V Method
Analysis, Comparison, Evaluation, and Verification
Instead of just counting minutiae points, this method takes into account the full set of skills of a forensic scientist
Analysis
Level 1: Ridge flow and class characteristics
Type of fingerprint, ridge count, orientation of the print, large scar
Level 2: Ridge characteristics or points
Minutiae points, small scars
Level 3: Ridge structure
Pores, ridge width and shape, and other tiny details
Comparison
Search known prints for level 1,2, and 3 details
Evaluation
Examine unknown and known prints side by side looking for the same level 1, 2, and 3 details
Differences can be just as important as similarities
Verification
All positive fingerprint opinions must be verified by a second qualified expert
Without such verification, identification has not been proven to the level required by science. No report should be made of an identification until a second qualified expert has been made that verification independently of influence or pressure of any source
Types of Prints
There are 3 types of prints that investigators look for at crime scenes:
Patent fingerprints: visible prints transferred onto smooth surfaces by blood or other liquids
Plastic fingerprints: indentations left in soft materials such as clay or wax
Latent fingerprints: not visible but made so by dusting with powders or the use of chemicals
The Future of Fingerprints
New scanning technologies and digitally identifying patterns may eliminate analytical mistakes
Trace elements of objects that have been touched are being studied to help with the identification of individuals
To help help with identification, other physical features such as eyes and facial patterns are also being studied
DNA: Introduction and History of Biological Evidence in Forensics
DNA fingerprinting, also known as DNA profiling, is used in criminal or legal cases with a high degree of accuracy
Biological evidence, such as blood, saliva, urine, semen, and hair is examined for the presence of inherited traits
The Function and Structure of DNA
DNA molecules make up chromosome structures and are found in the nucleus of cells in the human body
DNA is structured in a double helix. It is composed of the nucleotides A,T,C, and G
DNA Identification
Non-coding DNA, sometimes called junk DNA, contains many of the unique patterns of repeated base sequences that identify individuals
In a human population, these are called polymorphisms
In 1984, a technique was developed for isolating and analyzing these variable areas
This DNA fingerprinting appears as a pattern of bands on X-ray film. These patterns can be used for identification of individuals
The number of copies of the same repeated base sequence in DNA varies among individuals
Variable Number of Tandem Repeats (VNTR)
Within non-coding DNA, sequences of DNA are repeated multiple times
Some can be 9-80 bases in length
Short Tandem Repeats (STR)
Within non-coding DNA, other sequences of DNA are also repeated multiple times
These usually are only 2-5 bases in length and are the preferred sequences for analysis
DNA Profiling and DNA Population Data Bases
VNTR and STR data are analyzed for (a) tissue matching and (b) inheritance matching
Population genetics is the study of variation in genes among groups of individuals
Calculations can be made based on these groups to determine the probability of a random person would have the same alternative form of a gene (an allele) as (a) a suspect in a crime or (b) an alleged father in a paternity test
Sources of DNA
A perpetrator may leave biological evidence, such as saliva or blood, at a crime scene
This individual evidence is capable of identifying a specific person
But a small amount of biological evidence might be considered only trace evidence, and it may be consumed during forensic testing
In 1993, however, the polymerase chain reaction (PCR) technique was invented. It generates multiple copies of DNA evidence
Avoiding the Contamination in the Collection and Preservation of DNA
Use disposable gloves and collection instruments
Avoid physical contact, talking, sneezing, and coughing in the evidence area
Air-dry evidence and put it into new paper bags or envelopes'
If evidence can’t be dried, freeze it
Keep evidence cool and dry during transportation and storage
Preparing DNA Samples for Fingerprinting-Extraction
Cells are isolated from biological evidence such as blood, saliva, urine, semen, and hair
These cells are then disrupted to release the DNA from proteins and other cell components
Once released, the DNA can be extracted from the cell nucleus
Preparing DNA Samples for Fingerprinting
DNA is mixed with special enzymes
The enzymes cut apart the DNA in specific places forming different sized fragments
The DNA is loaded into the chambers found on an agarose gel
An electric current is passed through the gel separating the fragments by size
Amplification
With some VNTR analysis, polymerase chain reaction (PCR) can be used to amplify the DNA that contains the VNTR’s
In STR profiles, restriction enzymes are unnecessary; PCR allows the amplification of the strands with STR sequences
Electrophoresis
DNA samples are placed in gels through which electric currents are passed
DNA fragments line up in bands along the length of each gel
Probes
DNA probes are used to identify the unique sequences in a person’s DNA
Different DNA probes are made up of different synthetic sequences of DNA bases complementary to the DNA strand
The probe binds to the complementary bases in the strand
In most criminal cases, 6-8 are used
Analysis of DNA Fingerprints and Applications
Bands and widths are significant in matching samples of DNA
DNA fingerprinting can (a) match crime scene DNA with a suspect, (b) determine maternity, paternity, or match to another relative, (c) eliminate a suspect, (d) free a falsely imprisoned individual, and (e) identify human remains
STR Profiles
STR profiles are a different way of analyzing DNA that is becoming more common than electrophoresis
STR loci are used. If the loci are more present, they appear as a peak
Mitochondrial DNA
Another type of DNA used for individual characterization is mitochondrial DNA (mDNA)
mDNA is located outside the cell’s nucleus, and it is inherited from the mother
Mitochondria are structures found in all our cells and used to provide energy that our bodies need to function
Mitochondrial DNA typing does not approach STR analysis in its discrimination power and thus it is best reserved for samples, such as hair, for which STR analysis may not be possible
Forensic analysis of mDNA is more rigorous, time consuming, and costly when compared to nuclear DNA analysis
Also, all individuals of the same maternal lineage will be indistinguishable by mDNA analysis
2 regions of mDNA have been found to be highly variable, and a procedure known as sequencing is used to determine the order of base pairs
CODIS
Perhaps the most significant tool to arise from DNA typing is the ability to compare DNA types recovered from crime scene evidence to those of convicted sex offenders and other convicted criminals
CODIS (combined DNA index system) is a computer software program developed by the FBI that maintains local, state, and national databases of DNA profiles from convicted offenders, unsolved crime scene evidence, and profiles of missing persons
CODIS currently contains about 470,000 profiles from unsolved cases
Unit 5: Cyber Crime
Types of Mobile Devices
Digital (2G) cellular networks moved phones into the small, hand held form and, because they were digital, the new networks opened the door for practical data communications and the beginnings of what was referred to as “feature phones”
A Cellular System is a network of relatively short-distance transceivers that are spaced strategically so that low-power transmitters can reach the phones in their coverage areas and the very low-power transmitters in the cell phones can r each the cell towers
The architectural functionality that distinguishes 2G from 3G is that 2G systems are circuit switched and 3G are packet switched
The advent of of packet switched mobile phone networks allowed virtually any kind of data to be accessed by a mobile device, and the smart phone was born
Native IP (4G) networks differ technologically from 3G networks in that they can access the internet directly, increasing speed and bandwidth dramatically
Mobile Phone Operating Systems
The most popular operating systems for mobile devices (including smartphones and tablets) are Apple IOS, Google Android, and Microsoft Windows Phone
3G and 4G phones are close in architecture and design to a PC or a Mac
These phones behave the same way (especially 4G devices) and have the ability to download and install applications (apps) the same as any PC or Mac
Variability of Mobile Devices
One interesting aspect of mobile devices forensics is geolocation
The GPS in a mobile device can locate the user’s activities and, when used with a timeline, can place the user in the vicinity of a crime
This can make it much easier to track the user’s movements
Each mobile device has its own quirks:
Each device needs special connectors and special device drivers on the tool used to examine it in order to decipher what is stored on the device
Storage in a modern smartphone or tablet is accomplished by:
Onboard nonvolatile memory
Mini SD cards
Extracting Data From Mobile Devices
All mobile devices should be kept in a Faraday bag or box
Storing the device in this manner prevents changes from being made remotely to the device
Physical forensic images are bit-by-bit copies of the file system, including deleted data
Logical extraction is a snapshot of the file system showing what the file system wants the user to see
Mobile device forensic analysis can provide an overlay to physical evidence and timelines as well as computer forensic timelines to give a clearer picture of the events preceding and following a crime event
Examiners make it a practice to run the forensic image twice, taking one of the images and treating it as class evidence
The examiner should decide based on what can be done with the particular device, whether to obtain a physical logical extraction or both
Mobile Phone Architecture
Assessing the Impact of Digital Evidence on an Investigation
Temporal chains show the events in which they occurred
Casual chains of evidence describe the events of a crime in terms of cause and effect
The links in the chain of evidence are the pieces of evidence and how they are tied together based on how one link affects one or more other links
Hybrid crime assessment is a technique that investigators can use when faced with a physical crime, such as murder, rape, or robbery, which has a digital element to it- a computer, smartphone or some other mobile device
The object of hybrid crime assessment is to tie all of these elements together
The amount of information that we can get from a mobile device varies greatly, depending on the specific device
Computer Forensics: Introduction
Computers have permeated society and are used in countless ways with innumerable applications
Similarly, the role of electronic data in investigative work has achieved exponential growth in the last decade
The use of computers and other electronic data storage devices leaves footprints and data trails of their users
Computer forensics involves the preservation, acquisition, extraction, and interpretation of computer data
In today’s world of technology, many devices are capable of storing data and could thus be grouped into the field of computer forensics
Computer Forensics: the Basics
Hardware vs. Software
Hardware: comprises the physical and tangible components of a computer
Software: a set of instructions compiled into a program that preforms a particular task. Software consists of those programs and applications that carry out a set of instructions on the hardware
Terminology
Computer Case/Chassis
The physical box holding the fixed internal computer components in place
Power Supply
The PC’s power supply converts the power it gets from the wall outlet to a useable format for the computer and its components
Motherboard
The main circuit board contained within a computer (or other electronic devices) is referred to as the motherboard
Has a socket to accept RAM and connects to every device used by the system
System Bus
Contained on the motherboard, the system bus is a vast complex network of wires that serves to carry data from one hardware device to another
Read-Only Memory (ROM)
ROM chips store programs called firmware, which are used to start the boot process and configure a computer’s components
Random-Access Memory (RAM)
RAM serves to take the burden off of the computer’s processor and Hard Disk Drive (HDD)
The computer, aware that it may need certain data at a moment’s notice, stores the data in RAM
RAM is referred to as volatile memory because it is not permanent; its contents undergo constant change and are forever lost once power is taken away from the computer
Central Processing Unit (CPU)
The CPU, also called the processor, is essentially the brains of the computer
Input Devices
These devices are used to get data into the computer, for example:
Keyboard
Mouse
Joystick
Scanner
Output Devices
Equipment through which data is obtained from the computer, for example:
Monitor
Printer
Speakers
Hard Disk Drive (HDD)
HDD is typically the primary location of data storage within the computer
Different operating systems map out (partition) HDDs in different manners
Examiners must be familiar with the file system tat they are examining
Evidence exists in many different locations and in numerous forms on a HDD
The type of evidence can be grouped under two major subheadings: visible and latent data
How Data is Stored
Generally speaking, a HDD needs to have its space defined before it is ready for use
Partitioning the HDD is the first step
When partitioned, HDDs are mapped (formatted) and have a defined layout
HDDs are logically divided into sectors, clusters, tracks, and cylinders
Sectors are typically 512 bytes in size
A byte is 8 bits
A bit is a single 1 or 0
Bit is short for “binary digit”
Clusters are groups of sectors and their size is defined by the operating system
Clusters are always in sector multiples of two
A cluster, therefore, will consist of 2, 4, 6, 8, and so forth sectors
With modern-day operating systems, the user can exercise some control over the amount of sectors per cluster
Tracks are concentric circles that are defined around the platter
Cylinders are groups of tracks that reside directly above and below eachother
After the partitioning and formatting processes are complete, the HDD will have a map of the layout of the defined space in that partition
Partitions utilize a File Allocation Table (FAT) to keep track of the location of files and folders (data) on the HDD
The NTFS Partition (Windows 10, 11) utilizes, among other things, a Master File Table (MFT)
Each partition table (MAP) tracks data in different ways
The computer forensic examiners should be versed in the technical nuances of the HDDs that they examine
It is sufficient for our purposes here, however, merely to visualize the partition table as a map to where the data is located
This map uses the numbering of sectors, clusters, tracks, and cylinders to keep track of the data partitioning of the HDD n
Processing the Electronic CS
Processing the electronic crime scene has a lot in common with processing a traditional crime scene:
Warrants: Done first
Documentation
Good investigation techniques
At this point, a decision must be made as to whether a live acquisition of the data is necessary
Shutdown vs. Pulling the Plug
Several factors influence the systematic shutdown vs pulling-the-plug decision:
For example, if encryption is being used, pulling the plug will encrypt the data, rendering it unreadable without a password or key; therefore, pulling the plug would not be prudent
Similarly, if crucial evidentiary data exists in RAM and has not been saved to the HDD and will thus be lost with discontinuation of power to the system, another option must be required
Regardless, the equipment will most likely be seized
Forensic Image Acquisition
Now that the images have been seized, the data needs to be obtained for analysis
The computer Hard Disk Drive will be used as an example, but the same “best practices” principles apply to other devices as well
Throughout the entire process, the computer forensic examiner must adopt the method that is the least intrusive
The goal of obtaining data from a HDD is to do so without altering a bit of data
Because booting a HDD to its operating system changes many files and could potentially destroy evidentiary data, obtaining data is generally accomplished by removing the HDD from the system and placing it in a laboratory forensic computer so that a forensic image can be created
Occasionally, in cases of specialized or unique equipment or systems, the image of HDD must be obtained utilizing the seized computer
Regardless, the examiner needs to be able to prove that the forensic image obtained includes every bit of data and resulted in no changes (writes) to the HDD
Computer Fingerprint
To this end, a sort of fingerprint of the device is taken before and after imaging
The fingerprint is accomplished through the use of Message Digest 5 (MD5), Secure Hash Algorithm (HSA), or similar validated algorithms
Before imaging the drive, the algorithm is run and a 32-character alphanumeric string is produced based on the drive’s contents
It is then run against the resulting forensic image, and if nothing changed, the same alphanumeric string will be produced, thus demonstrating that the image is all-inclusive of the original contents and that nothing was altered in the process
Visible Data
Visible data is the data of which the operating system us aware
Consequently, this data is easily and readily accessible to the user
From an evidentiary standpoint, it can encompass any type of user created data, such as:
Word processing documents (most common place to look)
Spreadsheets
Accounting records
Databases
Pictures
Temporary Files and Swap Space
Temporary files, created by programs as a sort of “back-up on the fly”, can also prove valuable as evidence
Finally, data in the swap space (utilized to conserve valuable RAM within the computer system) can yield evidentiary data
Latent data, on the other hand, is that data of which the operating system is unaware, it is hidden from view
Latent data will not be in the temporary files
Latent Data
Evidentiary latent data can exist in both RAM and file slack
RAM slack is the area from the end of the logical file to the end of the sector
File slack is is the remaining area from the end of the final sector containing data to the end of the cluster
Another area where latent data might be found is in unallocated space
Unallocated space is that space on a HDD that the operating system sees as empty and ready to store data
Visible data will not be stored here
The constant shuffling of data through deletion, defragmentation, swapping, and so on is one of the ways that data is orphaned in latent areas
Finally, when a user deleted files, the data typically remains behind
It is relocated until the disk space is allocated for another use
It may still be found using forensic image acquisition software
Analysis of Internet Data
Places on a computer where a forensic examiner might look to determine what websites a computer user has recently visited include:
Internet cache: copies of most recently requested websites
Cookies: track information about web visitors
Internet History: list of websites recently visited
The history file can be located and read within a forensic software package
Another way to access websites that have been visited is by examining the bookmarks and favorite places
IP Addresses
IP addresses provide the means by which data can be routed to the appropriate location, and they also provide the means by which most internet investigators are conducted
IP addresses take the form ###.###.###.#, in which, generally speaking, ### can be any number between 0 and 255
Investigations of Internet Communications
An investigator tracking the origin of an email seeks out the sender’s IP address in the email’s header
Chat and instant messages are typically located in a computer’s random access memory (RAM)
Tracking the origin of unauthorized computer intrusions, or hacking, requires investigating a computer’s log file, RAM, and network traffic
A firewall is a device designed to protect against intrusions into a computer network
Unit 2: Hair, Fiber, and Plants
History of Hair Analysis
Alfred Swaine Taylor and Thomas Stevenson, in 1883, wrote a forensic science text that included a chapter on hair
Victor Balthazard and Marcelle Lambert, in 1910, wrote and published a comprehensive study of hair
Dr. Sydney Smith, in 1934, first used a comparison microscope to analyze hairs side by side
Advances continue today with chemical tests, neutron activation analysis, and DNA analysis
The Function and Structure of Hair
Hair on mammals helps regulate body temperature, decrease friction, and protect against sunlight
Hair consists of (a) a hair shaft produced by (b) a follicle embedded in the skin
A hair has 3 layers, the inner medulla, the cortex, and the outer cuticle
Types of Cuticle and Cortex
The cuticle is the outermost layer made of over-lapping scales that protect the inner layers of the hair
The cortex is the thickest layer containing most of the pigment giving hair its color
The distribution of pigment in the cortex varies from person to person
Pigment is commonly denser near the cuticle
Types of Medulla: Human
Continuous: one unbroken line of color
Interrupted (intermitted): pigment line broken at regular intervals
Fragmented (segmented): pigmented line unevenly spaced
Solid: pigmented area filling both the medulla and the cortex
None: no separate pigmentation in the medulla
Types of Hair
The cross section of a hair can be circular, triangular, irregular, or flattened, influencing the curl of the hair
The texture of hair can be coarse or fine
Different regions of the body on which can vary are (a) head, (b) eyebrows and lashes, (c) mustache and beard, (d) underarms, (e) overall body -aka axillary hair- and (f) pubic hair
The Life Cycle of Hair
Hair proceeds through 3 stages as it develops:
During the long anagen stage, hair actively grows. The cells around the follicle rapidly divide and deposit materials in the hair
In the catagen stage, the hair grows and changes
Hair is in the telogen stage when the follicle becomes dormant. During this stage, hairs can easily be lost
Treated Hair
Forensic investigators sometimes can link hair from a location from an individual
Bleaching disturbs the scales on the cuticle and removes the pigment leaving hair brittle and a yellowish color
Dying colors the cuticle and the cortex of the hair shaft
Because of this and because hair grows daily, a person’s treated hairs will have specific characteristics in common with his or her lost hairs
Animal Hair and Human Hair
Core: the medulla- thickest layer: the cortex- outermost layer: the cuticle
Pigmentation in animal hair is denser towards the medulla
In humans it tends to be denser towards the cuticle
unlike human hair, animal hair abruptly can change colors and banded patterns
The medulla index is different. In animals it is much thicker than in humans
The different patterns are spinous, coronal, and imbricate
The outermost layer of the hair shaft (the cuticle) is different in humans and animals
Spinous is typically cat hair, coronal is typically rodent hair
Imbricate is human hair
Medullary Index
The ratio of the diameter of the medulla to the diameter of the entire hair
Medullary index= diameter medulla/medulla hair
Index of .5 or higher: animal hair
Index of .33 or less: human hair
Using Hair in an Investigation
Macroscopic investigation can indicate length, color, and curliness
Microscopic investigation can indicate fine detail in the hair structure
Phase contrast microscopy, for example, can show the presence of dye or other treatments
Electron microscopes can provide more detail of the surface or interior of the sample
Hair Growth
Hair grows approximately .44 mm per day and 1.3 cm per month
Therefore, if you dye your hair or put a toxin in the hair you can calculate how long it has been since the incident occurred
Testing for Substances in the Hair Shaft
Chemicals that the skin absorbs can be detected by analysis of the hair shaft
A forensic scientist can perform chemical tests for the presence of various chemical substances
The hair shaft can be examined in sections to establish a timeline for exposure to toxins
Neutron Activation Analysis (NAA) can determine concentrations of substances in the sample
Testing the Hair Follicle
Microscopic assessment of the follicle is performed first because it is cost effective and quick
If a microscopic match is found, the follicle can be blood tested and perhaps show the blood type
If a microscopic match is found, the follicle can be DNA analyzed to provide identification with a high degree of confidence
Fibers: Introduction and How Forensic Scientist Use Fibers
Fibers often fall of and are picked up during normal activities
Very small fibers easily shed from most textiles and can become trace evidence
In an investigation, collection of fibers within 24 hours is critical
Fiber evaluation can show such things as the type of fiber, its color, possibility of violence, location of suspects, and point of origin
Fiber Samples and Testing
Weaving spun fibers (yarns) together produces clothing and many textiles
Shedding from an article of clothing or a textile is the most common form of fiber transfer
Natural fibers require only an ordinary microscope to find characteristic shapes and markings
Infrared spectroscopy can reveal something of the chemical structure of other fibers that otherwise may look very alike
If a large quantity of fibers is found, some can be subjected to destructive tests such as burning them in a flame or dissolving them in various liquids
Crimes can be solved in this way by comparing fibers found on different suspects with those found at the crime scene
Fiber Classification: Natural Fibers
Animal fibers (made of proteins): wool from sheep, cashmere and mohair from goats, angora from rabbits, and hair from alpacas, llamas, and camels are commonly used in textiles
Shimmering silk from caterpillar cocoons is longer and not as easily shed
Plant fibers (made of the polymer cellulose):
Can absorb water
Are insolvable in water
Are very resistant to damage from harsh chemicals
Can only be dissolved by strong acids
Can be common at crime scenes because they become brittle over time
Cotton from seedpods is the plant fiber most commonly used in textiles, coir from coconuts is durable, hemp, jute and flax from stems grow in bundles, manila and sisal from leaves deteriorate more quickly
Mineral fibers: fiberglass is a fibrous form of glass, asbestos is a naturally occurring mineral with a crystalline structure
Fiber Classification: Synthetic (Artificially Produced) Fibers
Until the 19th century only plant and animal fibers were used to make clothes and textiles
Half the products today are artificially produced
Regenerated fibers (derived from cellulose): Rayon is the most common of this type of fiber, it can imitate natural fibers, but is stronger; celenese is cellulose chemically combined with acetate and is often found in carpets; polymide nylon is cellulose combined with 3 acetate units, is breathable, lightweight, and used in performance clothing
Synthetic polymer fibers: petroleum is the basis for these fibers; and they have very different characteristics from other fibers, monomers in large vats are joined together to form polymers. The fibers are produced and spun into yarn together, regular diameters and no internal structures
Polyester: (found in “polar fleece”) wrinkle-resistant, and not easily broken down by light or concentrated acid; added to natural fibers for strength
Nylon: easily broken down by light and concentrated acid; otherwise similar to polyester
Acrylic: inexpensive, tends to “ball” easily, and used as an artificial wool or fur
Olefins: high performance, quick drying, and resistant to wear
Yarns, Fabrics, and Textiles
Fibers can be twisted (spun) into yarn of any length, thick or thin, loose or tight. A blend can be made to meet different needs such as resistance to wrinkling
Fibers can woven into fabrics or textiles
Threads are arranged side by side (the warp)
More threads (the weft) then are woven back and forth cross-wide of a number of different patterns through the warp
Pollen and Plants: Intro
Forensic Palynology is a specialized field that studies pollen and spore evidence
Since both pollen and spores have resistant structures, they at times can help determine such things as whether a body was moved, a crime’s location, whether it occurred in the city or country, or in which season it may have occurred
Pollen-Producing Plants
Forensic palynologists know each pollen-producing plant provides a pollen fingerprint; a specific type of pollen grain. They also know where there will be a certain number of grains found in a specific geographical area during particular times of the year
Examples of non-seed plants are ferns, mosses, liverworts, and horsetails
Examples of seed plants are gymnosperms (cycads, ginkgoes and conifers like an evergreen) and angiosperms (flowering plants like roses)
Gymnosperms
Gymnosperms are the oldest seeded plants
Evergreens are conifer gymnosperms
They produce seeds in a hard, scaly structure (cones)
Pollination occurs when pollen is transferred from the male cones to the female cones
Angiosperms
The most recent plant group to evolve is known as the flowering plants
Plants in this group produce seeds in an enclosed fruit
These plants are very diverse and include corn, oaks, maples, and the grasses
Types of Pollination
Pollination is the transfer of pollen from the male part of a plant to the female part of a seed plant
Self pollination, in flowering plants, involves transfer of pollen from an anther to the stigma within the same flower, as in pea plants
Cross pollination involves 2 distinct plants
Pollen of self-pollinating plants is generally of lower value in forensic studies because it is rarely encountered
Pollen can be carried by wind, water, or animals
Pollen carried by wind may be less effective for determining direct links between individuals and places because of long distances over which it can be carried
Spore Producers
Spore producers include certain protists (algae), plants, fungi, and the bacteria that produce a unique type of spore
Bacterial spores, endospores, can cause diseases such as anthrax and botulism
Spore analysis has the advantage that the spores possible can be grown and the species identified with certainty
Spore Dispersal
Algae disperse spores into water or air
Spore producers have the same value in investigations as pollen from wind-pollinated plants
Pollen and Spore Identification in Solving Crimes
The outer shell of a pollen grain and spore (the exine) has a complex and unique structure
These are determined under a microscope
Identification can provide important trace evidence in solving crimes
How to Collect Pollen and Spores
During an investigation, control samples must be collected as well as evidence samples
Samples must be collected wearing gloves and with clean tools (such as brushes and cellophane tape) and placed in sterile containers, which then must be sealed and labeled with care
Sampling instruments must be cleaned after each use, or new ones must be used
Collected evidence must be secured, and the chain of custody must be maintained
Analyzing Pollen and Spore Samples
To identify pollen and spores, specialists can use a compound light microscope, a scanning electronic microscope, reference collections that may consist of photos and illustrations or perhaps even actual dried specimens arranged systematically (herbariums)
Pollen and spore evidence that has been collected, analyzed, and interpreted can be presented in court
These “fingerprints” can be used to confirm certain aspects of a crime
Unit 1: Intro to Forensics
Forensic Science
It is the application of science to law
As society grows more complex, it becomes more dependent on laws to regulate the activities of its members
Offers the knowledge and technology of science for the definition and enforcement of law
It can not offer final and authoritative solutions, however, forensic science does play an important and unique role in the criminal justice system
Forensic Medicine
The application of medicine and medical science to legal problems
Practitioners of forensic medicine are doctors of medicine with special certification in pathology and forensic pathology
Most of them are medical examiners
They are concerned with determining caused and circumstances in cases of questioned death
Blood Analysis
Blood is commonly found at crime scenes and has a high forensic value
Blood can be used to determine blood type and hopefully contains enough DNA to create/generate a profile
The pattern blood falls in can additionally be used to determine the sequence of events that occurred during the crime
DNA Analysis
DNA can only match a singular person (except identical twins)
DNA can be found on crime scenes in bodily fluids, skin, and sometimes hair
DNA analysts compare DNA samples from crime scenes to suspects in order to determine a match
Forensic Odontology
Commonly called forensic dentistry
The application of dentistry to human identification problems
Forensic odontologists are dentists who specialize in the forensic aspect of their field
They are concerned with the identification of persons based on their dentition, usually in cases of otherwise unrecognizable bodies or in mass disasters
They also analyze and compare bite mark evidence
Forensic Anthropology
Personal identification based mostly on skeletal remains
Practitioners are anthropologists who are interested in forensic scnience
Forensic anthropologists can determine the race, sex, age, and stature of an individual based on a skeleton
The skull of an individual can be used for a facial reconstruction to help determine the identity of an individual
Forensic Chemistry and Toxicology
Forensic chemists and toxicologists are concerned with identifying unknown substances both outside and inside the body
They perform a variety of tests to determine the identify of an unknown substance
Trace Evidence Analysis
Hair, fibers, pollen, and other evidence qualify as trace evidence
Evidence is collected and analyzed back in a lab
While difficult to use, trace evidence can help investigators determine the identity of individuals involved in a crime
Questioned Documents Examination
The comparison and interpretation of…
Handwriting
Mechanically produced material
They analysis of paper, inks, and other materials used to produce documents
Firearm and Tool Mark Examination
Firearm identification
Comparison of markings on bullets, cartridge cases, and shell cases
Determining if a bullet has been fired from a particular weapon
Tool mark examinations are concerned with the association of a particular impression with a particular tool
Fingerprint Examinations
Classification of fingerprints
Maintaining fingerprint databases
Development and lifting of latent prints
Comparisons of known and unknown fingerprints to determine a match
The Frye Standard
The Frye vs. the United States decision set guidelines for determining the admissibility of scientific evidence into the courtroom
To meet the Frye Standard, the evidence in question must be “generally accepted” by the scientific community
Frye is NOT absolute
In the 1993 case of Daubert vs. Merrell Dow pharmaceutical, the U.S. Supreme Court asserted that the Frye Standard is not an absolute prerequisite to the admissibility of scientific evidence
Trial judges were said to be ultimately responsible as “gate keepers” for the admissibility and validity of scientific evidence presented in their courts, as well as all expert testimony
The Daubert Criteria
In Daubert, the Supreme Court offered some guidelines as how a judge can gauge scientific evidence:
Whether the technique or theory has been subject to peer review and publication
The technique’s potential rate of error
Existence and maintenance of standards controlling the technique’s operation
Whether the scientific theory or method has attracted widespread acceptance within a relevant scientific community
The Goals of a Forensic Scientist
Recognition of physical evidence
Identification of physical evidence
Individualization of physical evidence
Evaluation of physical evidence
Reconstruction of a crime
Recognition
Although it may seem obvious it is important to be able to recognize what is and is not physical evidence
Almost anything can be physical evidence and is very dependent on the type of crime committed
With practice and experience evidence recognition becomes easier
Beware… submitting too much evidence is just as bad as submitting too little
Identification
Identification of physical evidence may be regarded as a classification scheme
Evidence is assigned into categories containing like items
Initial categories are broad and then narrowed down as more information is obtained
Class Evidence
To identify an object in forensic science is really to separate it by class
Class characteristics are the properties that all the members of a certain group of objects or substances have in common
Ex: Single layered paint, soil, glass fragments too small to fit back together, hairs, fibers
The Value of Class Evidence
Many lawyers try to discredit class evidence because it can not be limited to just one possible source
However class evidence DOES HAVE VALUE!
Some class evidence hold little forensic value such as fibers from jeans or white cotton shirts…they are too common
Individualization
Refers to the demonstration that a particular sample is unique, even among members of the same class
This creates INDIVIDUAL EVIDENCE. Evidence that is unique and can be matched to one specific person
Ex: DNA (except for identical twins), fingerprints, handwriting, fired bullets, tool marks (sometimes), shoeprints (sometimes), tire prints (sometimes), glass fragments that can be matched
Reconstruction
Refers to the process of putting the “pieces” of a case or situation together
The objective is to reach an understanding of a sequence of past events based on the record of physical evidence
Identification and individualization of physical evidence plays a crucial role in providing data for reconstructions
Eyewitness Evidence
Eyewitness testimony is not always reliable
Witnesses to a crime can lie, but the brain doesn’t always remember information accurately
Many wrongful convictions have been made as a result of a faulty testimony
The Innocence Project seeks to re-examine post-conviction cases using DNA evidence
Principle of Exchange
Dr. Edmund Locard, director of the world’s first forensic lab (1910 in Lyon, France) established the idea of exchange principle; namely that
When a person comes into contact with an object or another person a cross-transfer of physical material can occur
Study of the material can determine the nature and duration of the transfer
Types of Evidence
Statements of a witness in court would be direct evidence. This is the only direct evidence
Indirect or circumstantial evidence, such as a fingerprint (physical evidence), or blood or hairs (biological evidence), would imply something, and is called trace evidence
The Crime Scene Investigation Team
Police and possible district attorney
Crime scene investigators
Medical examiners
Detectives
Specialists
The 7 S’s of Crime Scene Investigation
Secure the scene
Separate the witnesses
Scan the scene
See to it that photos are taken
Sketch the scene
Search for evidence
Secure the collected evidence
Searching for Evidence
There are 4 crime scene search patterns:
Grid
Linear
Quadrant/zone
Spiral
Packaging the Evidence
Crease a clean paper and place the evidence in the X position
Fold in the left and right, then fold in the top and bottom. Tape shut with the evidence tape
Put the bindle into a plastic or paper evidence bag affixing a seam over the opening
Write your name on the seal
Chain of Custody
In order to present credible evidence in court, a chain of custody log is essential
A person bags the evidence, marks it for identification, seals it, and signs it across the sealed edge
It is signed over to a technician in a lab for analysis who opens it, but not on the sealed edge
After analysis, the technician puts it back in the evidence bag, seals it in another bag, and signs the evidence log
Analyze the Evidence
The facts of the case are determined when the forensic lab processes all the collected evidence
The lab then sends the results to the lead detective who aims to see how it all fits into the crime scene scenario
The lab results can:
Show how reliable are any witness accounts
Establish the identity of suspects or victims
Show suspects to be innocent or link them with a scene or victim
Crime Scene Reconstruction
Reconstruction involves:
Determining the who, what, where, when, and why
Determining what happened before, during, or after a crime
Creates a cohesive sequence of events
Staged Crime Scenes
When lab results do not match up with the testimony of witnesses, it could have been the crime was staged. Common examples include:
Staging a fire: to cover bankruptcy
Staging a suicide: to cover a murder
Staging a burglary: to collect insurance money
To help determine whether a crime was staged, consider the following:
Whether the type of wound found on the victim matches the weapon employed
Whether the wound could have been self inflicted
Behavior of the victim before the event
If staging could have been to cover up another crime
Forensic Photography: Why is this Important?
There is a specific protocol for taking pictures as a forensic scientist. If pictures aren’t taken according to this protocol they WILL be thrown out of court
Number of Shots
Overall view: photo of overall view of the crime scene
Medium view: Picture of where the piece of evidence is in reference to other items
Close of view (2 pictures): A picture of only the object
Angle
All close-up pictures must be taken from a 90 degree angle in order to be admitted into a court of law
Ruler and Evidence Number
An L-shaped ruler must be visible in close-up pictures. Most forensic scientists recommend taking the exact same photo with and without the ruler
An evidence number must also be visible in medium and close up shots. This number should correspond to the number seen in the medium view pictures
Forensic Photography in the Lab
While photos need to be taken at a crime scene to properly document evidence, many pictures are also taken back at a lab
Evidence such as developed fingerprints or hair and fibers underneath a microscope also need to be photographed to be presented in court
This may involve using alternative lighting sources and other photography methods to get a clear picture of the evidence
Sketching a Crime Scene: Fast, Tidy, Accurate!
Evidence needs to be collected and analyzed by technicians, so there will not be a lot of time for sketching
Measurements need to be made quickly, but without disturbing the evidence or contaminating the crime scene
Where Do I Start? Rough Sketch
Step 1: Draw a rough outline of the area- include windows (represented by rectangles), and doors (represented by openings in the outline)
Step 2: Measure the room of space in which the crime occurred. Label the dimensions on the the sketch
Step 3: Sketch in the furniture and location of evidence using basic shapes
Step 4: Label each item in the diagram with a number or letter, then write the name in a key
Step 5: Measuring from fixed points
A: Make two measurements from fixed (not movable) points to each piece of evidence
B: These measurements may be noted on your rough sketch , but many investigators keep a separate list of measurements
Step 6: Label the diagram with the North direction arrow, date, time, location, and victim’s name (if known)
Note: any unknown victim is commonly given the name John Doe or Jane Doe
The Final Sketch
There is never a second chance to sketch a scene, so all information must be noted before leaving
The final sketch will be completed after leaving the crime scene
The final sketch will be drawn with a ruler to scale and must be done on graph paper or computer generated
No measurements will be shown on your final sketch because everything will be drawn to scale
It MUST include all the following:
A scale of distance (ex: 1cm=2 feet)
Date, Time, and Location of the crime
Name of victim (if there is a victim)
Name and initials of the person making the sketch
A North heading on the diagram
Evidence labels (ex: A-F) and a key
NoteStudied by 20 peopleNoteStudied by 60 peopleNoteStudied by 137 peopleNoteStudied by 1 personNoteStudied by 70 peopleNoteStudied by 8 people