Preparing to Testify About Mobile Device Evidence


Published on

Taking a judge and jury through your investigative process, and why mobile evidence is relevant to your case, is only half of testimony. You should also be prepared to testify about the tools and methods you used, and to address any challenges to your process. This session will tell you what you need to know about mobile forensic extraction, analysis and interpretation; how to deal with questions about vendors’ proprietary methods; and specific challenges around mobile evidence authenticity and admissibility.

Published in: Law, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Preparing to Testify About Mobile Device Evidence

  1. 1. Global Training Research, Strategy & Execution 1 Preparing to Testify About Mobile Evidence in Court
  2. 2. 2 Brendan Morgan Senior Trainer Cellebrite
  3. 3. Agenda 3 1. Goals and Objectives 2. Preparing for Court 3. Forensic Tools 4. Forensic Methodologies 5. Special Considerations 6. Working with Attorneys 7. Questions
  4. 4. Goals and Objectives 4 • Discuss the role of the Mobile Device Examiner as witness in legal proceedings • Learn how to successfully prepare to testify in legal proceedings • Testifying to your examination—the extraction, analysis and interpretation • Challenges around mobile evidence authenticity and admissibility
  5. 5. Preparing for Court 5 The Mobile Device Examiner as a witness… What You Need Before You Testify: • An understanding of your role as the witness • To develop and/or update your resume or Curriculum Vitae or “CV” • Prepare copies of all reports, notes, emails, and supplement documents that related to your examination
  6. 6. Preparing for Court 6 Understanding What Type of Witness You Are… A Fact Witness is: • An individual with knowledge about what happened in a specific case who offers testimony about what happened and/or what the facts are An Expert Witness is: • An individual who is a specialist in a subject, often technical, who may present their expert opinion without having been a witness to any occurrence relating to the legal proceeding at hand
  7. 7. Preparing for Court 7 Examiners should be prepared to: • Provide copies of the Chain of Custody • Provide the copies of the Legal Search Authority for the items that were analyzed • Provide testimony as to how their forensic tools function and their methodology • Provide a detailed report of findings that’s defendable
  8. 8. Forensic Tools 8 Lack of understanding of to how to properly use forensic tools and how they function, Examiners risk: • Damaging or altering original evidence • Failure to thoroughly examine evidence • Misinterpreting data • Preparing inaccurate reports of findings
  9. 9. Forensic Tools 9 Which could result in… • The destruction of original evidence • Evidence being ruled as inadmissible by the court • The loss of the creditability of the examiner by the courts • Potential civil liability
  10. 10. Forensic Methodologies 10 It is essential for the Mobile Device Examiner to have a sound set of analysis protocols. These protocols or methodologies ensure: • The examiner’s forensic tools have been validated • Evidence files are true and accurate copies of the original items seized • The examiner stays within the scope of the legal search authority • That the examiner conducted time-involved searches of evidence files
  11. 11. Forensic Methodologies 11 These protocols or methodologies ensure (continued): • That the examiner has verified or validated their findings through: hand scrolling techniques, third party tools, and/or database verification and analysis • That the examiner has had their findings peer reviewed by fellow colleagues • That the examiner has prepared an accurate report
  12. 12. Special Considerations 12 As Mobile Examiners we must be prepared to testify not only to our report, but also to: • Forensic hardware/software vendors’ proprietary methods --Extraction techniques --Decoding • Technical issues
  13. 13. Special Considerations 13 So how do we as Mobile Device Examiners navigate these considerations? • We have core understanding of how our forensic tools function and interact with evidence through means of: --Attending Vendor Specific Training --Professional Association Memberships --Networking with Peers • Product Support from the Vendor
  14. 14. Working with Attorneys 14 One last critical objective: • Essential to develop positive relationships with the Attorneys adjudicating the case • Understand their perspective • Gather information on their needs: i.e. timeline, prosecution strategy, anticipated cross examination questions, trial prep schedule and objectives • Offer creative solutions to help build the case
  15. 15. Working with Attorneys 15 Add value to the legal team by: • Explaining your report of findings in layman’s terms • Demonstrating the process of recreating and validating our findings • Providing assistance with the creation of exhibits • Addressing possible defense expert theories • Providing ample time for trial preparation
  16. 16. Working with Attorneys 16 Follow these guidelines to help ensure that: • Forensic reports or attorney exhibits are authenticated - and therefore - admissible • The attorney is well prepared to defend and argue the evidence that has been identified • The examiner is thoroughly prepared to testify as to their report
  17. 17. Final Thoughts 17 • Have a true understanding of how your forensic tool functions • Validate your findings • Document everything • Peer review is imperative • Speak in layman terms • Do everything possible to assist your prosecutor
  18. 18. Questions? 18