Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Crime Scene Investigation <ul><li>General Guidelines </li></ul><ul><li>The information in this section is designed for a b...
Crime Scene Investigation <ul><li>There is no set guide for investigating a crime scene.  </li></ul><ul><li>You must use y...
Evaluate the scene in advance.  <ul><li>When planning a raid it helps to have some advanced information.  Knowing where th...
Map the area.  10 9 8 7 3 1 2 11 11 4 5 6 11 LEGEND: 1) Drafting Table  2) File Cabinet  3) Desk 4) Computer 5) Printer 6)...
Draw out the site or obtain a copy of the floor plan if available <ul><li>This information may be obtained from the contra...
Determine the type and number of computers and media involved. <ul><li>Needs: </li></ul><ul><li>Equipment </li></ul><ul><l...
Plan what equipment you will need for the raid <ul><li>Determine the storage media needed to back up the suspects equipmen...
Obtain necessary Hardware/Software <ul><li>If you anticipate needing any special hardware or software, this is the time to...
Make sure you have all the items for your tool box, in advance.  <ul><li>Equipment needed: </li></ul>
Prepare a Check List <ul><li>Preparing for a raid is much easier if you have a checklist of all the tools and equipment yo...
Have necessary media for backups and copies.  <ul><li>In a business environment you probably only need data. </li></ul><ul...
Unforeseen requirements <ul><li>Volume of equipment </li></ul><ul><li>Disk size </li></ul><ul><li>Unusual operating system...
. <ul><li>Have additional funds or an open Purchase Order ready for the purchase of additional hardware, software and tech...
Set up Search Teams.  <ul><li>Setting up the teams sounds easy.  </li></ul><ul><li>The success of your investigation depen...
Assemble the required personnel. <ul><li>Give team members as much notice as possible to prepare for the raid.  This insur...
Assign team member responsibilities.  <ul><li>Ensure each team member knows their job.  Write a plan with what is expected...
Establish a plan of attack.  <ul><li>A plan everyone can understand is essential to the success of your search.  Complete ...
How to Create a Plan <ul><li>An easy acronym is SMEAC which is the five paragraph military order and is well suited to all...
SMEAC <ul><li>Situation  </li></ul><ul><ul><li>What are we facing?  It would be foolish to take on any investigation witho...
SMEAC  <ul><li>Mission  </li></ul><ul><ul><li>What do you want to accomplish?  Are you attempting to catch your suspect at...
SMEAC  <ul><li>Execution  </li></ul><ul><li>How will we accomplish our mission?  What time of the day would be best?  If t...
SMEAC  <ul><li>Avenues of Approach and Escape  </li></ul><ul><ul><li>How will we get there and handle the scene?  Dependin...
SMEAC  <ul><li>Communications  </li></ul><ul><ul><li>How will we talk to each other?  This sounds fairly simple.  Right! I...
Prepare the Search Warrant.  <ul><li>With search warrants involving new technology (or technology that is new to the attor...
Prepare the Search Warrant.  <ul><li>Prepare the Search Warrant Don’t use terminology you are not familiar with or don’t u...
Execute the Warrant  <ul><li>The basics of executing a search warrant do not change when computers are involved.  Try not ...
Knock and notice.  <ul><li>What is knock and notice? </li></ul><ul><li>For Law Enforcemet this is critical </li></ul><ul><...
Video Taping <ul><li>In Washington State - Turn off the sound </li></ul><ul><li>If you have a video recorder available, ma...
Secure the Scene  <ul><li>You want me to do what at Boeing? </li></ul><ul><li>Immediately locate all computers in the buil...
Each computer must be physically protected by an officer.   <ul><li>A suspect can completely destroy evidence from a compu...
Have a location to interview suspects and witnesses.  <ul><li>Try to keep this location away from the computers. </li></ul...
Teams perform their functions  <ul><li>The Case Agent makes assignments and is available for direction and questions.  It ...
Reports are written by one member of each team.  <ul><li>All reports, sketches and photos then go to the Case Agent.  Inte...
Note:  <ul><li>Maintain the chronological worksheet during the entire investigation. </li></ul><ul><ul><li>Stress this to ...
Use only clean, write protected disks in the suspect computer. <ul><li>Do not use the suspect computer commands or softwar...
Completing the Search  <ul><li>Team Debriefing.  </li></ul><ul><ul><li>Before leaving for the scene, debrief the team and ...
Search and Seizure Law <ul><li>This section has dealt with rules and concepts, not laws.  You need to decide each time wha...
Upcoming SlideShare
Loading in …5
×

Criminal Investigative Team

871 views

Published on

Published in: Technology, Business
  • Be the first to comment

Criminal Investigative Team

  1. 1. Crime Scene Investigation <ul><li>General Guidelines </li></ul><ul><li>The information in this section is designed for a best case scenario. </li></ul><ul><li>You will not be able to follow all of the steps all the time. </li></ul>
  2. 2. Crime Scene Investigation <ul><li>There is no set guide for investigating a crime scene. </li></ul><ul><li>You must use your best judgement for every case and may sometimes need to change the steps depending on the situation. </li></ul><ul><li>Some of these steps are only applicable for search warrants. </li></ul>
  3. 3. Evaluate the scene in advance. <ul><li>When planning a raid it helps to have some advanced information. Knowing where the location, type and quantity of the equipment to be seized is can reduce the amount of frustration and delays experienced during the raid. </li></ul>
  4. 4. Map the area. 10 9 8 7 3 1 2 11 11 4 5 6 11 LEGEND: 1) Drafting Table 2) File Cabinet 3) Desk 4) Computer 5) Printer 6) Computer 7) Bookshelves 9) Desk 10) Storage Cabinet 11) Chairs
  5. 5. Draw out the site or obtain a copy of the floor plan if available <ul><li>This information may be obtained from the contractor who constructed the building, informants or customers or just an undercover recon of the place to be searched. On your map, identify all known computer equipment including computers and printers. If a safe or vault exists, include it on the map and identify what might be contained in it. </li></ul>
  6. 6. Determine the type and number of computers and media involved. <ul><li>Needs: </li></ul><ul><li>Equipment </li></ul><ul><li>Cables </li></ul><ul><li>Software </li></ul><ul><li>Media </li></ul>
  7. 7. Plan what equipment you will need for the raid <ul><li>Determine the storage media needed to back up the suspects equipment. Always attempt to overestimate your storage media needs. This will save you having to send someone back to the office for additional media. </li></ul>
  8. 8. Obtain necessary Hardware/Software <ul><li>If you anticipate needing any special hardware or software, this is the time to acquire it. Knowing how difficult it is to get money for emergencies, the more time you allow for this step, the less stress you will heap on yourself. </li></ul>
  9. 9. Make sure you have all the items for your tool box, in advance. <ul><li>Equipment needed: </li></ul>
  10. 10. Prepare a Check List <ul><li>Preparing for a raid is much easier if you have a checklist of all the tools and equipment you may need ready. Your checklist can have everything you would ever need listed. You can then omit items you will not need for each raid. </li></ul>
  11. 11. Have necessary media for backups and copies. <ul><li>In a business environment you probably only need data. </li></ul><ul><li>Make arrangements to provide a complete backup before investigative steps are taken to preserve original </li></ul><ul><li>Provide copy to business and retain a copy for investigation </li></ul><ul><li>Arrange to use hardware through agreements or court order </li></ul>
  12. 12. Unforeseen requirements <ul><li>Volume of equipment </li></ul><ul><li>Disk size </li></ul><ul><li>Unusual operating systems </li></ul><ul><li>Unusual networks </li></ul><ul><li>VPN </li></ul><ul><li>Type of business </li></ul><ul><li>Business hours </li></ul>
  13. 13. . <ul><li>Have additional funds or an open Purchase Order ready for the purchase of additional hardware, software and technical expertise </li></ul><ul><li>NOTHING CAN BE MORE FUSTRATING AND WASTEFUL THAN NOT HAVING NECESSARY RESOURCES TO COMPLETE THE INVESTIGATION </li></ul>
  14. 14. Set up Search Teams. <ul><li>Setting up the teams sounds easy. </li></ul><ul><li>The success of your investigation depends on your team and your plan. </li></ul><ul><li>A written plan should always be created and followed in putting your teams together so nothing is forgotten. You may have ideas to add to this section that help you function more efficiently. </li></ul>
  15. 15. Assemble the required personnel. <ul><li>Give team members as much notice as possible to prepare for the raid. This insures all will have the opportunity to be prepared with a plan and equipment to do the job. </li></ul>
  16. 16. Assign team member responsibilities. <ul><li>Ensure each team member knows their job. Write a plan with what is expected of each team member as far in advance as possible and distribute it to your team. </li></ul>
  17. 17. Establish a plan of attack. <ul><li>A plan everyone can understand is essential to the success of your search. Complete your plan in writing with diagrams and a check list. A written plan will increase the efficiency of your entire team. The check list helps insure you (or any members of your team) don’t forget anything. Before leaving for the scene, review the plan with all team members at the same time. </li></ul>
  18. 18. How to Create a Plan <ul><li>An easy acronym is SMEAC which is the five paragraph military order and is well suited to all tactical planning. </li></ul>
  19. 19. SMEAC <ul><li>Situation </li></ul><ul><ul><li>What are we facing? It would be foolish to take on any investigation without any idea of who or what you are up against. You need to define everything you are up against. Included in this definition are the number of people, type of equipment and geographical location. </li></ul></ul>
  20. 20. SMEAC <ul><li>Mission </li></ul><ul><ul><li>What do you want to accomplish? Are you attempting to catch your suspect at the computer or do you want the computers unattended? Determining the patterns of your suspects might take a few days of surveillance during the times you select for serving your warrant. </li></ul></ul>
  21. 21. SMEAC <ul><li>Execution </li></ul><ul><li>How will we accomplish our mission? What time of the day would be best? If the target is a business and you don’t intend on seizing the equipment, you might want to consider either before the business closes to avoid any contact with customers. Your surveillance will help you determine traffic patterns. </li></ul>
  22. 22. SMEAC <ul><li>Avenues of Approach and Escape </li></ul><ul><ul><li>How will we get there and handle the scene? Depending on the type of raid, your methods will vary. If you are taking a SWAT team you would proceed differently than if you were going with an auditor. Keep in mind how you will get your civilian help in and out of the crime scene. A good map identifying where you want all the vehicles to park, where potential obstacles are, where you will allow any media coverage and where you might load seized property. </li></ul></ul>
  23. 23. SMEAC <ul><li>Communications </li></ul><ul><ul><li>How will we talk to each other? This sounds fairly simple. Right! It’s crucial and often creates the greatest problems and the lack thereof can result in lost evidence and even result in personal injury or worse. </li></ul></ul><ul><ul><li>Radios and cellular phones are common methods of communications as long a everyone is on the same frequency and everyone knows all the cell phone numbers. </li></ul></ul>
  24. 24. Prepare the Search Warrant. <ul><li>With search warrants involving new technology (or technology that is new to the attorneys and the judge), you should take as much time as necessary to compose your warrant. Have your warrant reviewed by experienced investigators and your prosecutor to make sure you have everything covered. </li></ul>
  25. 25. Prepare the Search Warrant. <ul><li>Prepare the Search Warrant Don’t use terminology you are not familiar with or don’t understand. When having a judge sign your warrant, spend time explaining the terminology so the judge understands the entire warrant. These steps are to prevent your warrant from being thrown out because it didn't include some important piece of evidence or that the judge did not understand what he was signing. </li></ul>
  26. 26. Execute the Warrant <ul><li>The basics of executing a search warrant do not change when computers are involved. Try not to give any advanced notice of your raid even when at the site. Since computers can run on battery power, don’t cut all building power then casually approach the suspects. The data you are seeking can disappear within seconds of tipping off the suspect. </li></ul>
  27. 27. Knock and notice. <ul><li>What is knock and notice? </li></ul><ul><li>For Law Enforcemet this is critical </li></ul><ul><li>Document the notice verbatim. </li></ul><ul><li>In jurisdictions where it is legal, video with sound if possible </li></ul>
  28. 28. Video Taping <ul><li>In Washington State - Turn off the sound </li></ul><ul><li>If you have a video recorder available, make use of it. Having the videotape will be very useful during the trial as well as to resolve complaints and claims which may arise out of the service of the warrant. </li></ul>
  29. 29. Secure the Scene <ul><li>You want me to do what at Boeing? </li></ul><ul><li>Immediately locate all computers in the building. </li></ul><ul><li>With the declining price of computers, there could by tens or even hundreds of computers at the location depending on the size of the business. There have been cases where several computers have been found in a home or apartment. This is where a little advanced intelligence pays off. </li></ul>
  30. 30. Each computer must be physically protected by an officer. <ul><li>A suspect can completely destroy evidence from a computer in seconds if left unattended. With the ever decreasing cost of networking computers, it is possible for one person at a remote computer to destroy the information on all computers on a network. </li></ul>
  31. 31. Have a location to interview suspects and witnesses. <ul><li>Try to keep this location away from the computers. </li></ul><ul><li>Use a properly trained and briefed Team Member(s) for this task </li></ul><ul><li>Have an appropriate number of Team members available. </li></ul><ul><li>Guide: </li></ul><ul><ul><li>Interviews 30-45 min. </li></ul></ul><ul><ul><li>Interrogations: 1-4 hours </li></ul></ul>
  32. 32. Teams perform their functions <ul><li>The Case Agent makes assignments and is available for direction and questions. It is best if he is free of other responsibilities so as to properly evaluate and direct the overall scene. </li></ul><ul><li>Sketching, Interviews, Photos and Searches can be simultaneous. </li></ul>
  33. 33. Reports are written by one member of each team. <ul><li>All reports, sketches and photos then go to the Case Agent. Interview report, Photo and sketch report, arrest and interrogation report, evidence search and seizure report and a computer search and evaluation report are usually necessary. </li></ul>
  34. 34. Note: <ul><li>Maintain the chronological worksheet during the entire investigation. </li></ul><ul><ul><li>Stress this to all non-law enforcement personnel. Documenting even the smallest step could prove to be important during the investigation and prosecution of a case. Most computer professionals do not understand the need for documentation and it’s purpose later during testimony at the trial. </li></ul></ul>
  35. 35. Use only clean, write protected disks in the suspect computer. <ul><li>Do not use the suspect computer commands or software as you may alter evidence. Some programs when executed alter data and dates and there may be ANSI bombs, viruses, destructive executable batch files or other schemes employed which damage or erase or format the computer. </li></ul>
  36. 36. Completing the Search <ul><li>Team Debriefing. </li></ul><ul><ul><li>Before leaving for the scene, debrief the team and attempt to eliminate any questions that may not be resolved. </li></ul></ul><ul><ul><li>New problem documentation. </li></ul></ul><ul><ul><li>If you encounter any new problems, write them down in your procedures book for future investigations. </li></ul></ul>
  37. 37. Search and Seizure Law <ul><li>This section has dealt with rules and concepts, not laws. You need to decide each time what will and what will not work for your particular circumstance. The most important consideration is the current law regarding search and seizure of computer evidence. </li></ul><ul><li>Computer S&S law is in it’s infantcy and little case law exists…..YET </li></ul>

×