Thumbnails/thumbnail.png
Cristian DeWeese
Dr. Rutherford
Hardening Operating Systems
11/12/2022
“Attack on Microsoft systems using the Internet ”
1. Following are the some of the Microsoft system attacks;
MItM Attack:
Because of the vulnerability, an off-site attacker is able to get access to the compromised system. Within the Windows LSA service is where the vulnerability may be found. (Kumar & Surisetty, 2011) An adversary operating from a distant location has the ability to trick a domain controller into providing NTLM authentication to them by calling a method on the LSARPC interface. As a consequence of this, an adversary may gain credentials and compromise the vulnerable system via the use of the NTLM Relay Attack.
DDos:
During a DDoS attack, users are unable to connect to the targeted service. During a distributed denial of service attack, all of an app's available resources are used up. Attackers flood a site with fake users to slow it down or bring it down entirely. (Gomez & Valdez, 2006) The frequency and severity of these episodes are both rising. According to statistics compiled by Azure Networking, DDoS assaults will raise by 25% in the first half of 2021 compared to the last quarter of 2020. In 2021, Azure prevented 359.713 assaults on its worldwide infrastructure, up 43 percent from the previous year. (Wu & Sun, 2010) Regardless of industry or location, businesses of any size are vulnerable to DDoS attacks. Internet gambling sites, online stores, and telecommunication companies are frequent targets of cybercriminals.
2. Following are the main 5 concerns;
Initial Breach Targets: Nobody hacks IT. Built Active Directory forests are clean and updated. New OSes and programs emerge throughout time. As Active Directory's administrative advantages are recognized, more information is provided, more PCs or programs are connected, and domains are altered to suit new Windows capabilities. Even when new infrastructure is introduced, other elements may not be maintained as well, systems and applications may be neglected, and organizations may forget they still have legacy infrastructure. Older, bigger, more complex ecosystems are more vulnerable.
Disabling Security Features: Many businesses don't utilize Windows Firewall with Advanced Security (WFAS) because they feel it's too complicated to set up. Starting with Windows Server 2008, the Windows Firewall is automatically configured to provide just the minimum permissions required for each role or functionality to function. When WFAS is turned off (and no other host-based firewall is used), Windows becomes more vulnerable. Firewalls at the network's perimeter protect against attacks from the Internet but not from drive-by downloads or compromised intranet systems.
Gaps in antivirus & Antimalware Deployments: Most workstations in a company will have antivirus and antimalware software installed, activated, and up-to-date, according to an analysis of antivirus and antimalware deployments. .
As soluções da NetWitness capturam todos os dados que circulam na rede e os contextualizam, filtrando o que pode ser crítico ou não. O usuario pode ver quem está indo aonde e vendo o quê.
A presentation made during the international Youth Exchange called Digital Danger and financed Erasmus+ Programme through Dům zahraniční spolupráce and the European Union
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
In this security insight brief, 21CT researchers look at the malicious network behaviors that concern organizations the most, and how to use security analytics to find them before damage is done. Understanding these 12 indicators of compromise are critical to identifying a network breach.
How to Detect a Cryptolocker Infection with AlienVault USMAlienVault
As an IT security pro, unless you've been hiding under a rock, you've heard about ransomware threats like Cryptolocker. These threats are typically delivered via an e-mail with a malicious attachment, or by directing a user to a malicious website. Once the Cryptolocker file executes and connects to the command and control server, it begins to encrypt files and demands payment to unlock them. As a result, detecting infection quickly is key to limiting the damage.
AlienVault USM uses several built-in security controls working in unison to detect ransomware like Cryptolocker, usually as soon as it attempts to connect to the command and control server. Join us for a live demo showing how AlienVault USM detects these threats quickly, saving you valuable time in limiting the damage from the attack.
You'll learn:
How AlienVault USM detects communications with the command and control server
How the behavior is correlated with other signs of trouble to alert you of the threat
Immediate steps you need to take to stop the threat and limit the damage
As soluções da NetWitness capturam todos os dados que circulam na rede e os contextualizam, filtrando o que pode ser crítico ou não. O usuario pode ver quem está indo aonde e vendo o quê.
A presentation made during the international Youth Exchange called Digital Danger and financed Erasmus+ Programme through Dům zahraniční spolupráce and the European Union
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
In this security insight brief, 21CT researchers look at the malicious network behaviors that concern organizations the most, and how to use security analytics to find them before damage is done. Understanding these 12 indicators of compromise are critical to identifying a network breach.
How to Detect a Cryptolocker Infection with AlienVault USMAlienVault
As an IT security pro, unless you've been hiding under a rock, you've heard about ransomware threats like Cryptolocker. These threats are typically delivered via an e-mail with a malicious attachment, or by directing a user to a malicious website. Once the Cryptolocker file executes and connects to the command and control server, it begins to encrypt files and demands payment to unlock them. As a result, detecting infection quickly is key to limiting the damage.
AlienVault USM uses several built-in security controls working in unison to detect ransomware like Cryptolocker, usually as soon as it attempts to connect to the command and control server. Join us for a live demo showing how AlienVault USM detects these threats quickly, saving you valuable time in limiting the damage from the attack.
You'll learn:
How AlienVault USM detects communications with the command and control server
How the behavior is correlated with other signs of trouble to alert you of the threat
Immediate steps you need to take to stop the threat and limit the damage
Understanding the term hacking as any unconventional way of interacting with some system it is easy to conclude that there are enormous number of people who hacked or tried to hack someone or something. The article, as result of author research, analyses hacking from different points of view, including hacker's point of view as well as the defender's point of view. Here are discussed questions like: Who are the hackers? Why do people hack? Law aspects of hacking, as well as some economic issues connected with hacking. At the end, some questions about victim protection are discussed together with the weakness that hackers can use for their own protection. The aim of the article is to make readers familiar with the possible risks of hacker's attacks on the mobile phones and on possible attacks in the announced food of the internet of things (next IoT) devices
Cyber Security Department
Graduation Project (407422)
Project Title Here ….
Submitted By:
Student Name
Student ID
Name 1
Id1
Term:
Date:
33 | Page
Table of Contents
1.Introduction5
2.Problem Statement5
3.Background5
4.Requirements and specification5
4.1.UserGroups5
4.2.Functional Requirements6
4.3.Non-Functional Requirements (NFRs)7
5.System Design10
5.1.
Solution
Concept10
5.2.Proposed System Architecture11
5.2.1Alternative 111
5.2.2Aternative 211
5.2.3etc11
5.2.4Production and Staging Environments13
5.3.Component Design13
5.3.1Hardware Components13
5.3.2Software Components13
5.3.2.1User Interface – Web client13
5.3.2.2.UseCaseDescription13
5.3.2.3.Back-End Database14
4.4.Design Evaluation15
6.Implementation16
6.1System Implemented Architecture16
6.1.1.Tier Two – Application Server and Web-Server16
6.1.1.1.The Web-Server16
<<if needed>>16
6.2Access Levels16
6.3System Services or Functionalities16
7.Testing, Analysis and Evaluation17
7.1Testing Methodology17
7.2System Analysis and Evaluation17
7.3Test Execution and Test Results17
7.3.1Integration Testing17
7.3.2Functional Testing17
7.4Examples on testing18
7.4.1Check password Strength18
<< this might be an example of testing password strength>>18
8.Issues, Engineering Tools and Standards18
8.1.Issues18
8.2.Engineering Tools and Standards18
9.Teamwork18
10.Conclusion20
10.1.Conclusion20
10.2.Future Work20
Appendix A: Test Plan21
Appendix B: Progress Report-Teamwork22
Appendix C- Attachments and Source Code24
References25
29 | Page
List of Figures
Figure 5 Use-Case Diagram12
Figure 7 High Level Implementation Architecture15
Figure 14 Security Domains Access Levels15
List of Tables
Table 1 User Groups5
Table 2 Non Functional Requirements7
Table 3 System Use Case Description12
Table 4 Comparing On-Cloud and On-Site Options14
Table 7 Team responsiblites, Contributions, and expertise18
1. Introduction
Systems and workstations that are running Microsoft Windows but have not been patched against the vulnerability that is known as "Eternal Blue" are susceptible to having their data stolen if the vulnerability has not been patched. A vulnerability is a fault in a computer system that, when exploited, could compromise the device's or system's level of security (Ding, et al., 2019). After the security flaw has been exploited, the hacker will be able to steal information, which will result in a data breach. The SMBv01 protocol that is utilized by Windows systems is the target of the vulnerability known as Eternal Blue.
Techniques such as heap spraying and buffers overrun are utilized throughout the attack in order to gain access to systems and devices that are powered by Windows operating systems. Notably, this vulnerability was exploited in the WannaCry ransomware attack that occurred in 2017, which encrypted the files of victims and demanded a ransom in order to decrypt the information. After it was initially launched, the attack would quickly spread to other systems, delivering co ...
How to Detect SQL Injections & XSS Attacks with AlienVault USM AlienVault
They may be the oldest tricks in the book, but SQL injection and cross-site scripting (XSS) attacks still put a hurt on thousands of web applications every year, impacting millions of users—your users and customers. SIEM solutions are essential in finding these exposures quickly, by collecting and correlating data to spot patterns and alert you of an attack. Join us for this demo to learn more about how these attacks work and how AlienVault USM gives you the built-in intelligence you need to spot trouble quickly.
You'll learn:
How these attacks work and what you can do to protect your network
What data you need to collect to identify the warning signs of an attack
How to identify impacted assets so you can quickly limit the damage
How AlienVault USM simplifies detection with built-in correlation rules & threat intelligence
Cyber Warfare is the current single greatest emerging threat to National Security. Network security has become an essential component of any computer network. As computer networks and systems become ever more fundamental to modern society, concerns about security has become increasingly important. There are a multitude of different applications open source and proprietary available for the protection +-system administrator, to decide on the most suitable format for their purpose requires knowledge of the available safety measures, their features and how they affect the quality of service, as well as the kind of data they will be allowing through un flagged. A majority of methods currently used to ensure the quality of a networks service are signature based. From this information, and details on the specifics of popular applications and their implementation methods, we have carried through the ideas, incorporating our own opinions, to formulate suggestions on how this could be done on a general level. The main objective was to design and develop an Intrusion Detection System. While the minor objectives were to; Design a port scanner to determine potential threats and mitigation techniques to withstand these attacks. Implement the system on a host and Run and test the designed IDS. In this project we set out to develop a Honey Pot IDS System. It would make it easy to listen on a range of ports and emulate a network protocol to track and identify any individuals trying to connect to your system. This IDS will use the following design approaches: Event correlation, Log analysis, Alerting, and policy enforcement. Intrusion Detection Systems (IDSs) attempt to identify unauthorized use, misuse, and abuse of computer systems. In response to the growth in the use and development of IDSs, we have developed a methodology for testing IDSs. The methodology consists of techniques from the field of software testing which we have adapted for the specific purpose of testing IDSs. In this paper, we identify a set of general IDS performance objectives which is the basis for the methodology. We present the details of the methodology, including strategies for test-case selection and specific testing procedures. We include quantitative results from testing experiments on the Network Security Monitor (NSM), an IDS developed at UC Davis. We present an overview of the software platform that we have used to create user-simulation scripts for testing experiments. The platform consists of the UNIX tool expect and enhancements that we have developed, including mechanisms for concurrent scripts and a record-and-replay feature. We also provide background information on intrusions and IDSs to motivate our work.
A comprehensive study on classification of passive intrusion and extrusion de...csandit
Cyber criminals compromise Integrity, Availability and Confidentiality of network resources in
cyber space and cause remote class intrusions such as U2R, R2L, DoS and probe/scan system
attacks .To handle these intrusions, Cyber Security uses three audit and monitoring systems
namely Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS). Intrusion
Detection System (IDS) monitors only inbound traffic which is insufficient to prevent botnet
systems. A system to monitor outbound traffic is named as Extrusion Detection System (EDS).
Therefore a hybrid system should be designed to handle both inbound and outbound traffic.
Due to the increased false alarms preventive systems do not suite to an organizational network.
The goal of this paper is to devise a taxonomy for cyber security and study the existing methods
of Intrusion and Extrusion Detection systems based on three primary characteristics. The
metrics used to evaluate IDS and EDS are also presented.
A COMPREHENSIVE STUDY ON CLASSIFICATION OF PASSIVE INTRUSION AND EXTRUSION DE...cscpconf
Cyber criminals compromise Integrity, Availability and Confidentiality of network resources in cyber space and cause remote class intrusions such as U2R, R2L, DoS and probe/scan system attacks .To handle these intrusions, Cyber Security uses three audit and monitoring systems namely Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS). Intrusion
Detection System (IDS) monitors only inbound traffic which is insufficient to prevent botnet systems. A system to monitor outbound traffic is named as Extrusion Detection System (EDS).
Therefore a hybrid system should be designed to handle both inbound and outbound traffic. Due to the increased false alarms preventive systems do not suite to an organizational network.
The goal of this paper is to devise a taxonomy for cyber security and study the existing methods of Intrusion and Extrusion Detection systems based on three primary characteristics. The
metrics used to evaluate IDS and EDS are also presented.
Team research paper and project on network vulnerabilities with multiple attacks and defesnses:
Cybersecurity
-For this project, our class was paired with teams to attempt to find vulnerabilities in other teams networks and to successfully beach their network.
-My role in this group was to help breach other team vulnerabilities through different attacks like responder attacks, honeypots, etc.
-The main challenges of this project were trying to find the vulnerabilities successfully, as the whole team had troubles with each of our different attacks and defenses.
-We learned how to use cybersecurity tools to help find vulnerabilities in networks and how to protect against them better. For example, in the honeypot we used we deployed it to port 80, when the attacker tried to access our fake server we were notified. We also deployed palto alto firewall to create our private and secure network. For an attack, we also used password crackers like john the ripper. This project taught us how to breach networks as a team.
In modern world, our entire life moves around Computers. Most of our tasks are dependent on
the Computers, like Communication, Ticket Reservations, Researches, Printing, and Education
etc. When we communicate with each other by using Computers through E Mails, a number of
Computers are used for this purpose and the collection of these computers forms a network,
which is called a Computer Network. As more and more peoples are going to be connected
through the general network (INTERNET), the problem of security arises. Now a day, a number
of security issues occur in networks which include Sniffing, Spoofing, Security Attacks,
Malwares, Unauthorized Access, etc. This will create havoc for the users, who wants to
communicate with each other through these networks. So, to make the communication between
two users via the Computer Networks, we have to follow some security measures, which include
using the Firewalls, Anti Malicious Software, Intrusion Detection Systems, Cryptography
Techniques, etc. This paper is basically focused on how the communication between two users
has been performed by using Computer Networks and how to make such a communication
You will present information on the AAC Tobii Dynavox I Seri.docxlillie234567
You will present information on the AAC Tobii Dynavox I
Series device and SNAP Core First Software.
The following objectives should be met:
1. Identify the AAC Device and communication APP
2. Discuss/demonstrate its function, use specs, and the
population it is best suited for
3. Identify research, evidence of efficacy, list pros and
cons of the device/app
4. Use 3D visuals and video of demonstrating how it is
used
5. Steps the individual that it is best suited for needs to
take for improvement.
6. Roles of the speech pathologist and who they would
collaborate with.
7. Resources
8. At least 8-10 slides with slide transcript
.
TE
CH
46
0
M
od
ul
e
6
Im
p
le
m
e
n
ta
ti
o
n
P
la
n
Ru
br
ic
Cr
ite
ria
To
ta
l
In
cl
u
d
e
p
ro
b
le
m
s
ta
te
m
e
n
t
sl
id
e
f
ro
m
p
re
vi
o
u
s
d
e
li
ve
ra
b
le
1
0
In
cl
u
d
e
r
e
co
m
m
e
n
d
e
d
s
o
lu
ti
o
n
s
li
d
e
f
ro
m
p
re
vi
o
u
s
d
e
li
ve
ra
b
le
1
0
W
o
rk
B
re
a
kd
o
w
n
S
tr
u
ct
u
re
2
0
S
ch
e
d
u
le
2
0
S
o
lu
ti
o
n
v
a
li
d
a
ti
o
n
3
0
S
o
lu
ti
o
n
e
va
lu
a
ti
o
n
a
n
d
c
o
n
ti
n
u
o
u
s
im
p
ro
ve
m
e
n
t
3
0
Le
ga
l,
e
th
ic
a
l a
n
d
c
u
lt
u
ra
l c
o
n
si
d
e
ra
ti
o
n
s
3
0
To
ta
l
1
5
0
Pr
ob
le
m
S
ta
te
m
en
t
•S
up
po
rt
F
itb
it’
s a
dd
iti
on
o
f a
b
lo
od
p
re
ss
ur
e
m
on
ito
rin
g
ca
pa
bi
lit
y
th
ro
u
g
h
d
e
si
g
n
o
f
a
w
e
b
a
n
d
m
o
b
ile
a
p
p
u
se
r
in
te
rf
a
ce
w
it
h
t
h
e
fo
llo
w
in
g
f
e
a
tu
re
s:
•
D
is
p
la
y
b
lo
o
d
p
re
ss
u
re
r
e
a
d
in
g
s
n
u
m
e
ri
ca
ll
y
a
n
d
g
ra
p
h
ic
a
ll
y
•
Tr
a
ck
c
h
a
n
g
e
s
o
ve
r
ti
m
e
•
Id
e
n
ti
fy
lo
w
/h
ig
h
r
e
a
d
in
g
s
a
n
d
t
re
n
d
s
th
a
t
m
a
y
in
d
ic
a
te
h
e
a
lt
h
c
o
n
ce
rn
s
Re
co
m
m
en
de
d
So
lu
tio
n
•W
e
b
si
te
p
lu
s
p
la
tf
o
rm
-s
p
e
ci
fi
c
e
xt
e
n
si
o
n
s
to
e
xi
st
in
g
a
p
p
s
•J
u
st
if
ic
a
ti
o
n
•
In
te
g
ra
ti
o
n
w
it
h
e
xi
st
in
g
F
it
b
it
a
p
p
s
is
t
o
p
p
ri
o
ri
ty
•
U
se
rs
w
il
l n
o
t
w
a
n
t
to
d
o
w
n
lo
a
d
a
s
e
p
a
ra
te
a
p
p
j
u
st
f
o
r
B
P
m
o
n
it
o
ri
n
g
•
U
se
rs
w
il
l w
a
n
t
to
v
ie
w
B
P
d
a
ta
in
c
o
n
te
xt
w
it
h
o
th
e
r
h
e
a
lt
h
a
n
d
f
it
n
e
ss
d
a
ta
•
V
a
lu
e
o
f
in
te
g
ra
ti
o
n
ju
st
if
ie
s
h
ig
h
e
r
d
e
ve
lo
p
m
e
n
t
a
n
d
m
a
in
te
n
a
n
ce
c
o
st
s
W
or
k
Br
ea
kd
ow
n
St
ru
ct
ur
e
•
A
n
a
ly
si
s
•
D
ra
ft
r
e
q
u
ir
e
m
e
n
ts
s
p
e
ci
fi
ca
ti
o
n
•
R
e
vi
e
w
a
n
d
a
p
p
ro
ve
r
e
q
u
ir
e
m
e
n
ts
•
C
ro
ss
-p
la
tf
o
rm
d
e
si
g
n
•
C
o
m
p
le
te
c
o
m
m
o
n
U
X
d
e
si
g
n
•
D
e
si
g
n
c
li
e
n
t-
si
d
e
s
o
ft
w
a
re
•
W
e
b
a
p
p
d
e
ve
lo
p
m
e
n
t
•
A
d
a
p
t
co
m
m
o
n
U
X
d
e
si
g
n
f
o
r
w
e
b
•
C
o
d
e
H
T
M
L/
C
S
S
fo
r
w
e
b
a
p
p
•
C
o
d
e
J
a
va
S
cr
ip
t
fo
r
w
e
b
a
p
p
•
In
te
g
ra
te
w
it
h
c
lo
u
d
A
P
I
•
In
te
g
ra
te
w
it
h
e
xi
st
in
g
w
e
b
si
te
•
Te
st
w
e
b
a
p
p
•
iO
S
a
p
p
d
e
ve
lo
p
m
e
n
t
•
A
d
a
p
t
co
m
m
o
n
U
X
d
e
si
g
n
f
o
r
iO
S
•
C
o
d
e
iO
S
a
p
p
•
In
te
g
ra
te
w
it
h
w
e
a
ra
b
le
d
e
vi
ce
A
P
I
•
In
te
g
ra
te
w
it
h
c
lo
u
d
A
P
I
•
In
te.
More Related Content
Similar to Thumbnailsthumbnail.pngCristian DeWeeseDr. Rutherford Har.docx
Understanding the term hacking as any unconventional way of interacting with some system it is easy to conclude that there are enormous number of people who hacked or tried to hack someone or something. The article, as result of author research, analyses hacking from different points of view, including hacker's point of view as well as the defender's point of view. Here are discussed questions like: Who are the hackers? Why do people hack? Law aspects of hacking, as well as some economic issues connected with hacking. At the end, some questions about victim protection are discussed together with the weakness that hackers can use for their own protection. The aim of the article is to make readers familiar with the possible risks of hacker's attacks on the mobile phones and on possible attacks in the announced food of the internet of things (next IoT) devices
Cyber Security Department
Graduation Project (407422)
Project Title Here ….
Submitted By:
Student Name
Student ID
Name 1
Id1
Term:
Date:
33 | Page
Table of Contents
1.Introduction5
2.Problem Statement5
3.Background5
4.Requirements and specification5
4.1.UserGroups5
4.2.Functional Requirements6
4.3.Non-Functional Requirements (NFRs)7
5.System Design10
5.1.
Solution
Concept10
5.2.Proposed System Architecture11
5.2.1Alternative 111
5.2.2Aternative 211
5.2.3etc11
5.2.4Production and Staging Environments13
5.3.Component Design13
5.3.1Hardware Components13
5.3.2Software Components13
5.3.2.1User Interface – Web client13
5.3.2.2.UseCaseDescription13
5.3.2.3.Back-End Database14
4.4.Design Evaluation15
6.Implementation16
6.1System Implemented Architecture16
6.1.1.Tier Two – Application Server and Web-Server16
6.1.1.1.The Web-Server16
<<if needed>>16
6.2Access Levels16
6.3System Services or Functionalities16
7.Testing, Analysis and Evaluation17
7.1Testing Methodology17
7.2System Analysis and Evaluation17
7.3Test Execution and Test Results17
7.3.1Integration Testing17
7.3.2Functional Testing17
7.4Examples on testing18
7.4.1Check password Strength18
<< this might be an example of testing password strength>>18
8.Issues, Engineering Tools and Standards18
8.1.Issues18
8.2.Engineering Tools and Standards18
9.Teamwork18
10.Conclusion20
10.1.Conclusion20
10.2.Future Work20
Appendix A: Test Plan21
Appendix B: Progress Report-Teamwork22
Appendix C- Attachments and Source Code24
References25
29 | Page
List of Figures
Figure 5 Use-Case Diagram12
Figure 7 High Level Implementation Architecture15
Figure 14 Security Domains Access Levels15
List of Tables
Table 1 User Groups5
Table 2 Non Functional Requirements7
Table 3 System Use Case Description12
Table 4 Comparing On-Cloud and On-Site Options14
Table 7 Team responsiblites, Contributions, and expertise18
1. Introduction
Systems and workstations that are running Microsoft Windows but have not been patched against the vulnerability that is known as "Eternal Blue" are susceptible to having their data stolen if the vulnerability has not been patched. A vulnerability is a fault in a computer system that, when exploited, could compromise the device's or system's level of security (Ding, et al., 2019). After the security flaw has been exploited, the hacker will be able to steal information, which will result in a data breach. The SMBv01 protocol that is utilized by Windows systems is the target of the vulnerability known as Eternal Blue.
Techniques such as heap spraying and buffers overrun are utilized throughout the attack in order to gain access to systems and devices that are powered by Windows operating systems. Notably, this vulnerability was exploited in the WannaCry ransomware attack that occurred in 2017, which encrypted the files of victims and demanded a ransom in order to decrypt the information. After it was initially launched, the attack would quickly spread to other systems, delivering co ...
How to Detect SQL Injections & XSS Attacks with AlienVault USM AlienVault
They may be the oldest tricks in the book, but SQL injection and cross-site scripting (XSS) attacks still put a hurt on thousands of web applications every year, impacting millions of users—your users and customers. SIEM solutions are essential in finding these exposures quickly, by collecting and correlating data to spot patterns and alert you of an attack. Join us for this demo to learn more about how these attacks work and how AlienVault USM gives you the built-in intelligence you need to spot trouble quickly.
You'll learn:
How these attacks work and what you can do to protect your network
What data you need to collect to identify the warning signs of an attack
How to identify impacted assets so you can quickly limit the damage
How AlienVault USM simplifies detection with built-in correlation rules & threat intelligence
Cyber Warfare is the current single greatest emerging threat to National Security. Network security has become an essential component of any computer network. As computer networks and systems become ever more fundamental to modern society, concerns about security has become increasingly important. There are a multitude of different applications open source and proprietary available for the protection +-system administrator, to decide on the most suitable format for their purpose requires knowledge of the available safety measures, their features and how they affect the quality of service, as well as the kind of data they will be allowing through un flagged. A majority of methods currently used to ensure the quality of a networks service are signature based. From this information, and details on the specifics of popular applications and their implementation methods, we have carried through the ideas, incorporating our own opinions, to formulate suggestions on how this could be done on a general level. The main objective was to design and develop an Intrusion Detection System. While the minor objectives were to; Design a port scanner to determine potential threats and mitigation techniques to withstand these attacks. Implement the system on a host and Run and test the designed IDS. In this project we set out to develop a Honey Pot IDS System. It would make it easy to listen on a range of ports and emulate a network protocol to track and identify any individuals trying to connect to your system. This IDS will use the following design approaches: Event correlation, Log analysis, Alerting, and policy enforcement. Intrusion Detection Systems (IDSs) attempt to identify unauthorized use, misuse, and abuse of computer systems. In response to the growth in the use and development of IDSs, we have developed a methodology for testing IDSs. The methodology consists of techniques from the field of software testing which we have adapted for the specific purpose of testing IDSs. In this paper, we identify a set of general IDS performance objectives which is the basis for the methodology. We present the details of the methodology, including strategies for test-case selection and specific testing procedures. We include quantitative results from testing experiments on the Network Security Monitor (NSM), an IDS developed at UC Davis. We present an overview of the software platform that we have used to create user-simulation scripts for testing experiments. The platform consists of the UNIX tool expect and enhancements that we have developed, including mechanisms for concurrent scripts and a record-and-replay feature. We also provide background information on intrusions and IDSs to motivate our work.
A comprehensive study on classification of passive intrusion and extrusion de...csandit
Cyber criminals compromise Integrity, Availability and Confidentiality of network resources in
cyber space and cause remote class intrusions such as U2R, R2L, DoS and probe/scan system
attacks .To handle these intrusions, Cyber Security uses three audit and monitoring systems
namely Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS). Intrusion
Detection System (IDS) monitors only inbound traffic which is insufficient to prevent botnet
systems. A system to monitor outbound traffic is named as Extrusion Detection System (EDS).
Therefore a hybrid system should be designed to handle both inbound and outbound traffic.
Due to the increased false alarms preventive systems do not suite to an organizational network.
The goal of this paper is to devise a taxonomy for cyber security and study the existing methods
of Intrusion and Extrusion Detection systems based on three primary characteristics. The
metrics used to evaluate IDS and EDS are also presented.
A COMPREHENSIVE STUDY ON CLASSIFICATION OF PASSIVE INTRUSION AND EXTRUSION DE...cscpconf
Cyber criminals compromise Integrity, Availability and Confidentiality of network resources in cyber space and cause remote class intrusions such as U2R, R2L, DoS and probe/scan system attacks .To handle these intrusions, Cyber Security uses three audit and monitoring systems namely Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS). Intrusion
Detection System (IDS) monitors only inbound traffic which is insufficient to prevent botnet systems. A system to monitor outbound traffic is named as Extrusion Detection System (EDS).
Therefore a hybrid system should be designed to handle both inbound and outbound traffic. Due to the increased false alarms preventive systems do not suite to an organizational network.
The goal of this paper is to devise a taxonomy for cyber security and study the existing methods of Intrusion and Extrusion Detection systems based on three primary characteristics. The
metrics used to evaluate IDS and EDS are also presented.
Team research paper and project on network vulnerabilities with multiple attacks and defesnses:
Cybersecurity
-For this project, our class was paired with teams to attempt to find vulnerabilities in other teams networks and to successfully beach their network.
-My role in this group was to help breach other team vulnerabilities through different attacks like responder attacks, honeypots, etc.
-The main challenges of this project were trying to find the vulnerabilities successfully, as the whole team had troubles with each of our different attacks and defenses.
-We learned how to use cybersecurity tools to help find vulnerabilities in networks and how to protect against them better. For example, in the honeypot we used we deployed it to port 80, when the attacker tried to access our fake server we were notified. We also deployed palto alto firewall to create our private and secure network. For an attack, we also used password crackers like john the ripper. This project taught us how to breach networks as a team.
In modern world, our entire life moves around Computers. Most of our tasks are dependent on
the Computers, like Communication, Ticket Reservations, Researches, Printing, and Education
etc. When we communicate with each other by using Computers through E Mails, a number of
Computers are used for this purpose and the collection of these computers forms a network,
which is called a Computer Network. As more and more peoples are going to be connected
through the general network (INTERNET), the problem of security arises. Now a day, a number
of security issues occur in networks which include Sniffing, Spoofing, Security Attacks,
Malwares, Unauthorized Access, etc. This will create havoc for the users, who wants to
communicate with each other through these networks. So, to make the communication between
two users via the Computer Networks, we have to follow some security measures, which include
using the Firewalls, Anti Malicious Software, Intrusion Detection Systems, Cryptography
Techniques, etc. This paper is basically focused on how the communication between two users
has been performed by using Computer Networks and how to make such a communication
Similar to Thumbnailsthumbnail.pngCristian DeWeeseDr. Rutherford Har.docx (20)
You will present information on the AAC Tobii Dynavox I Seri.docxlillie234567
You will present information on the AAC Tobii Dynavox I
Series device and SNAP Core First Software.
The following objectives should be met:
1. Identify the AAC Device and communication APP
2. Discuss/demonstrate its function, use specs, and the
population it is best suited for
3. Identify research, evidence of efficacy, list pros and
cons of the device/app
4. Use 3D visuals and video of demonstrating how it is
used
5. Steps the individual that it is best suited for needs to
take for improvement.
6. Roles of the speech pathologist and who they would
collaborate with.
7. Resources
8. At least 8-10 slides with slide transcript
.
TE
CH
46
0
M
od
ul
e
6
Im
p
le
m
e
n
ta
ti
o
n
P
la
n
Ru
br
ic
Cr
ite
ria
To
ta
l
In
cl
u
d
e
p
ro
b
le
m
s
ta
te
m
e
n
t
sl
id
e
f
ro
m
p
re
vi
o
u
s
d
e
li
ve
ra
b
le
1
0
In
cl
u
d
e
r
e
co
m
m
e
n
d
e
d
s
o
lu
ti
o
n
s
li
d
e
f
ro
m
p
re
vi
o
u
s
d
e
li
ve
ra
b
le
1
0
W
o
rk
B
re
a
kd
o
w
n
S
tr
u
ct
u
re
2
0
S
ch
e
d
u
le
2
0
S
o
lu
ti
o
n
v
a
li
d
a
ti
o
n
3
0
S
o
lu
ti
o
n
e
va
lu
a
ti
o
n
a
n
d
c
o
n
ti
n
u
o
u
s
im
p
ro
ve
m
e
n
t
3
0
Le
ga
l,
e
th
ic
a
l a
n
d
c
u
lt
u
ra
l c
o
n
si
d
e
ra
ti
o
n
s
3
0
To
ta
l
1
5
0
Pr
ob
le
m
S
ta
te
m
en
t
•S
up
po
rt
F
itb
it’
s a
dd
iti
on
o
f a
b
lo
od
p
re
ss
ur
e
m
on
ito
rin
g
ca
pa
bi
lit
y
th
ro
u
g
h
d
e
si
g
n
o
f
a
w
e
b
a
n
d
m
o
b
ile
a
p
p
u
se
r
in
te
rf
a
ce
w
it
h
t
h
e
fo
llo
w
in
g
f
e
a
tu
re
s:
•
D
is
p
la
y
b
lo
o
d
p
re
ss
u
re
r
e
a
d
in
g
s
n
u
m
e
ri
ca
ll
y
a
n
d
g
ra
p
h
ic
a
ll
y
•
Tr
a
ck
c
h
a
n
g
e
s
o
ve
r
ti
m
e
•
Id
e
n
ti
fy
lo
w
/h
ig
h
r
e
a
d
in
g
s
a
n
d
t
re
n
d
s
th
a
t
m
a
y
in
d
ic
a
te
h
e
a
lt
h
c
o
n
ce
rn
s
Re
co
m
m
en
de
d
So
lu
tio
n
•W
e
b
si
te
p
lu
s
p
la
tf
o
rm
-s
p
e
ci
fi
c
e
xt
e
n
si
o
n
s
to
e
xi
st
in
g
a
p
p
s
•J
u
st
if
ic
a
ti
o
n
•
In
te
g
ra
ti
o
n
w
it
h
e
xi
st
in
g
F
it
b
it
a
p
p
s
is
t
o
p
p
ri
o
ri
ty
•
U
se
rs
w
il
l n
o
t
w
a
n
t
to
d
o
w
n
lo
a
d
a
s
e
p
a
ra
te
a
p
p
j
u
st
f
o
r
B
P
m
o
n
it
o
ri
n
g
•
U
se
rs
w
il
l w
a
n
t
to
v
ie
w
B
P
d
a
ta
in
c
o
n
te
xt
w
it
h
o
th
e
r
h
e
a
lt
h
a
n
d
f
it
n
e
ss
d
a
ta
•
V
a
lu
e
o
f
in
te
g
ra
ti
o
n
ju
st
if
ie
s
h
ig
h
e
r
d
e
ve
lo
p
m
e
n
t
a
n
d
m
a
in
te
n
a
n
ce
c
o
st
s
W
or
k
Br
ea
kd
ow
n
St
ru
ct
ur
e
•
A
n
a
ly
si
s
•
D
ra
ft
r
e
q
u
ir
e
m
e
n
ts
s
p
e
ci
fi
ca
ti
o
n
•
R
e
vi
e
w
a
n
d
a
p
p
ro
ve
r
e
q
u
ir
e
m
e
n
ts
•
C
ro
ss
-p
la
tf
o
rm
d
e
si
g
n
•
C
o
m
p
le
te
c
o
m
m
o
n
U
X
d
e
si
g
n
•
D
e
si
g
n
c
li
e
n
t-
si
d
e
s
o
ft
w
a
re
•
W
e
b
a
p
p
d
e
ve
lo
p
m
e
n
t
•
A
d
a
p
t
co
m
m
o
n
U
X
d
e
si
g
n
f
o
r
w
e
b
•
C
o
d
e
H
T
M
L/
C
S
S
fo
r
w
e
b
a
p
p
•
C
o
d
e
J
a
va
S
cr
ip
t
fo
r
w
e
b
a
p
p
•
In
te
g
ra
te
w
it
h
c
lo
u
d
A
P
I
•
In
te
g
ra
te
w
it
h
e
xi
st
in
g
w
e
b
si
te
•
Te
st
w
e
b
a
p
p
•
iO
S
a
p
p
d
e
ve
lo
p
m
e
n
t
•
A
d
a
p
t
co
m
m
o
n
U
X
d
e
si
g
n
f
o
r
iO
S
•
C
o
d
e
iO
S
a
p
p
•
In
te
g
ra
te
w
it
h
w
e
a
ra
b
le
d
e
vi
ce
A
P
I
•
In
te
g
ra
te
w
it
h
c
lo
u
d
A
P
I
•
In
te.
Task· This is an individual task. · The task focuses on areas .docxlillie234567
Task
· This is an individual task.
· The task focuses on areas studied to date, requiring you to show knowledge and application in the parts stated.
· You should upload a single, correctly formatted document which may also include any relevant tables and diagrams
Continuing with the marketing plan you developed for the Midterm Assessment, complete it with according with the topics discussed in class during the 2nd part of the course with following points (but not exclusively)
1. Distribution Channels:
· Markets with direct sales (if any)
· Markets with distributors (if any)
· Markets with agents (if any)
2. Pricing Strategy:
· Pricing strategies per channel
· Take a product and show how should you fix the price according the channel
3. Communication Strategy
· Business Magazines
· Trade Shows
· Digital Tools
4. Any other factor you consider key for your marketing plan
Formalities:
· Wordcount: 2.000 words
· Cover, Table of Contents, References and Appendix are excluded from the total wordcount.
· Font: Arial 12,5 pts.
· Text alignment: Justified.
· Harvard style in-text citations and bibliography
It assesses the following learning outcomes:
1. Have an in-depth understanding of B2B market opportunities.
2. Identify and differentiate between the different and unique challenges of business markets
3. Apply and analyze the different B2Bsystems and processes
4. Have a systematic understanding of how theoretical concepts can be applied in business markets.
5. Critically appreciate B2B marketing strategy assessments and developments.
6. Apply and assess the tools for B2Bmarketing strategy development and implementation
Rubrics
Learning Descriptors
Fail Below 60%
Marginal Fail 60-69%
Fair 70-79 %
Good 80-89%
Exceptional 90-100%
Purpose & Understanding
KNOWLEDGE & UNDERSTANDING
15%
Very poor coverage of central purpose, goals, research questions or arguments with little relevant information evident. Virtually no evidence of understanding or focus.
Minimal understanding of purpose of the study; factual errors evident. Gaps in knowledge and superficial understanding. A few lines of relevant material.
Reasonable understanding and clearly identifies the purpose, goals, research questions or argument.
Reflect partial achievement of learning outcomes.
A sound grasp of, and clearly identifies, the purpose, goals, research questions or argument. Some wider study beyond the classroom content shown.
Effectively describes and explains the central purpose, arguments, research questions, or goals of the project; explanation is focused, detailed and compelling. Recognition of alternative forms of evidence beyond that supplied in the classroom.
Content
KNOWLEDGE & UNDERSTANDING
15%
Content is unclear, inaccurate and/or incomplete. Brief and irrelevant. Descriptive. Only personal views offered.
Unsubstantiated and does not support the purpose, argument or goals of the project. Reader gains no insight through the content of the project.
Limi.
Team ProjectMBA687What it is…The team project in MBA68.docxlillie234567
Team Project
MBA687
What it is…
The team project in MBA687 gives you, the learner and person who is one course away from an MBA:
The opportunity to demonstrate that you can work as a member of a high-functioning team to complete a complex analysis, synthesis and presentation task.
The opportunity to demonstrate mastery of the knowledge and skills that you have acquired through the MBA program.
Where to find information in the syllabus, 1
Page 6
Group Case Study
Prior to the start of Unit 7, students will be assigned into groups of no more than 4 students per group. Each group will be assigned to complete a case study chosen by the instructor from 20 cases located in Appendix C. The 20 case materials can be found in the required textbook (see Appendix C for relevant page numbers). Group case studies should follow the same requirements as the writing assignments stated above. Group case studies are due in Unit 7. Earlier submissions are encouraged.
Also from Page 6
Writing Assignments
Writing assignments must be APA compliant and include a title page, appropriate citations, and references.
Where to find information in the syllabus, 2
Appendix C (Page 24)
This was the list from which your team selected its case
Pages 43-45
This is the rubric (grading guide) that the instructor will use to evaluate and grade the team’s submission.
General outline for the submission
This submission is much like one that you would present in a workplace situation. Imagine that you are presenting your findings on the case to senior management of your company, or to the board of directors.
For your paper, use the outline found in Table 2, page C-6 of your text.
Strategic Profile and Case Analysis Purpose
Situation Analysis
A. General environmental analysis
B. Industry analysis
C. Competitor analysis
D. Internal analysis
III. Identification of Environmental Opportunities and Threats and Firm Strengths and Weaknesses (SWOT Analysis)
Strategy Formulation
A. Strategic alternatives
B. Alternative evaluation
C. Alternative choice
Strategic Alternative Implementation
A. Action items
B. Action plan
Parts I, II and II
Parts I, II and III are much like the introduction, external analysis and internal analysis that you did for your individual project.
The author provides a list of things that you can consider about the external analysis of the industry in Table 3 (C-7)
The author discusses industry analysis (C-6), competitor analysis (C-7) and industry analysis (C-8). It will be helpful to review these areas, even though you have done your individual projects.
In the following pages, the author suggests many tools that you can use to analyze the company and its industry.
Strategy in the paper, 1
Strategy formulation
This is your team’s recommendations for the company
Recommendations should be either business level strategy alternatives or corporate level strategy alternatives.
Recommendations should be based on and sup.
T he fifteen year-old patient was scheduled for surgery on t.docxlillie234567
T he fifteen year-old patient was
scheduled for surgery on the right
side of his brain to remove a right tem-
poral lobe lesion that was believed to be
causing his epileptic seizures.
The surgery began with the sur-
geon making an incision on the left
side, opening the skull, penetrating the
dura and removing significant portions
of the left amygdala, hippocampus and
other left-side brain tissue before it was
discovered that they were working on
the wrong side.
The left-side wound was closed,
the right side was opened and the pro-
cedure went ahead on the right, correct
side.
The error in the O.R. was revealed
to the parents shortly after the surgery,
but only as if it was a minor and incon-
sequential gaffe.
The patient recuperated, left the
hospital, returned to his regular activi-
ties and graduated from high school
before his parents could no longer deny
he was not all right. After a thorough
neurological assessment he had to be
placed in an assisted living facility for
brain damaged individuals.
When the full magnitude of the
consequences came to light a lawsuit
was filed which resulted in a $11 mil-
lion judgment which was affirmed by
the Supreme Court of Arkansas.
A circulating nurse has a le-
gal duty to see that surgery
does not take place on the
wrong side of the body.
The preoperative documents
failed to identify on which side
the surgery was to be done.
It was below the standard of
care for the circulating nurse
not to notice that fact and not
to seek out the correct infor-
mation.
SUPREME COURT OF ARKANSAS
December 13, 2012
Operating Room: Surgical Error Blamed, In
Part, On Circulating Nurse’s Negligence.
Surgical Error Blamed, In Part, On
Circulating Nurse’s Negligence
The Court accepted the testimony
of the family’s nursing expert that a
circulating nurse has a fundamental
responsibility as a member of the surgi-
cal team to make sure that surgery is
done on the correct anatomical site,
especially when it is brain surgery.
The circulating nurse is supposed
to understand imposing terms like se-
lective amygdala hippocampectomy
and know the basics of how it is sup-
posed to be done.
Hospital policy called for the sur-
geon, the anesthesiologist, the circulat-
ing nurse and the scrub nurse or tech to
take a “timeout” prior to starting a sur-
gical case for final verification of the
correct anatomical site.
The circulating nurse should have
available three essential documents, the
surgical consent form, the preoperative
history and the O.R. schedule.
The full extent of the error, that is,
a full list of the parts of the brain that
were removed from the healthy side,
should have been documented by the
circulating nurse, and failure to do so
was a factor that adversely affected the
patient’s later medical course, the pa-
tient’s nursing expert said. Proassur-
ance v. Metheny, __ S.W. 3d __, 2012 WL
6204231 (Ark.
Study Participants Answers to Interview QuestionsParticipant #1.docxlillie234567
Study Participants Answers to Interview Questions
Participant #1:
1. What are the disparities between jail and youth rehabilitation for African American offenders?
a. African Americans will be imprisoned more than their white counterparts who will be given rehabilitation, institutional racism exists, and the system will spend more man hours and time dealing with white offenders than black offenders.
2. What are some social issues that African American juveniles are faced with?
a. Sociocultural stigmas, single-parent households, inadequate educational systems, poor role models, and single-parent households
3. Why are African American male juveniles not offered other means of rehabilitative punishments?
a. The New Jim Crow is our correctional system, which seeks to fill jail cells by incarcerating more black and Latino people who are then utilized as enslaved people in the system for huge corporations and the US Government. The system indicates they are not receptive and will not change.
4. What effects does the existing jail and punishment system have on this population?
a. Demeaning and discouraging—we should fund educational aid, mental health services, and instruction. Providing people with helpful tools, role models, and direction will also help them become contributing members of society
Participant #2:
1. Youth rehabilitation centers should provide mechanisms to prevent offenders from committing crimes but in order to effectively do that the differences amongst AA juveniles and other races must be addressed, while jail just allows for a separation from society to think about the crime.
2. African American male juveniles are faced with a predetermined
perception of being criminals as well as a lack of resources in their communities to educate them on the different career paths & trades that exist.
3. The funding doesn’t exist to provide other rehabilitative opportunities in AA communities.
4. The existing punishment system allows offenders to be separated from the public but it doesn’t provide them with any resources to be successful once their time is complete. Not addressing the underlying issues of how they entered the system as well as how to they can live a successful life after now being labeled as a criminal normally results in repeat offenders.
Participant #3:
1. The youth aren’t getting the proper guidance, mental healthcare and attentiveness in jail. They’re already “written off” which leads to them believing what they’re being taught and increasing the likelihood of them becoming repeat offenders. In youth rehab, you’re given a second chance, you’re being taught how to manage your mental and emotional state. You are being prepared for the world.
2. Prejudice. Are seen as thugs, no good. Etc. don’t have proper resources to get them back on their feet. Difficulty getting jobs, getting into school once released.
3. Unsure, but I’m sure it’s race.
4. You can become in.
STUDENT REPLIES
STUDENT REPLY #1 Vanessa Deleon Guerrero
When conducting surveillance, you are closely monitoring a person’s activities. Investigators or detectives watch their every move, at home, work, where they eat, shop all while being unnoticeable. When detectives conduct surveillance, they still need to ensure that they are respecting the person’s privacy. For example, detectives will not take photos of the person while they are in the shower. If the person is outside or in an area that has public view, then they can take photos of that person. They must conduct their surveillance in an orderly manner, without causing panic to the public in order to ensure public safety.
Private companies such as Facebook, Instagram or twitter are used for people to express themselves. However, what is posted on their social media becomes public and they make their lives public for everyone to see. If someone posted that they were just at a park where a shooting happened, law enforcement can use that to interview them because it puts them at the scene of the crime. However, private companies, for example like phone companies should not use data like text messaging for their benefit. They should not be allowed to read their customers’ messages or listen in on their phone calls. That is a true invasion of privacy.
Reference
Brandl, S. (2018). Criminal investigation (4th ed.). Thousand Oaks, CA: SAGE Publications.
Bedi, M. (2016). The curious case of cell phone location data: Fourth Amendment doctrine mash-up Links to an external site... Northwestern University Law Review, 110(2), 507–524
STUDENT REPLY #2 Danielle Berlus
Hello everyone, when I think of surveillance, I think of all the places that they put cameras like the ones at streetlights that catch you speeding or when they are looking for a suspect and they look to facial recognition devices. I think it is hard to balance what is expected to be private. I don't think anything is private anymore except possibly the bathrooms and even then, someone maybe recording you. Our cell phones I think are being monitored by so many companies and even those who want to steal our personal data as well.
"The government tracks movements through the acquisition of cell phone location data: historical cell phone location data, real-time cell phone location data, and actively "pinging" a cell phone for location data. Cell phone providers store location data as the normal part of their business of providing service. Police, in turn, can request that cell phone providers hand over this location data for a suspect over a set period of time. This information is classified as historical cell phone location data. This data stands in contrast to real-time location data. Whereas the former focuses on past locations, real-time data provides locations as they actually occur. Here, cell phone providers, upon request, give police contemporaneous data on the location of the nearest cell tower for tracking p.
Student Name
BUS 300 Public Relations
[Insert Instructor’s Name]
Month Date Year
BUS300 PR Plan Part 2 Outline
This paper will be a revised and expanded version of Developing a Public Relations Plan, Part 1 assignment in Week 4. Your paper should have a section with the bolded headers below. Ensure you have a section that discusses each of these:
Mix Media
In this section, you will describe the mix of media you would use to implement your public relations campaign and explain in detail your objectives for each media form. Include traditional and twenty-first- century integrated marketing communication strategies in your discussion. (This section should be at least three paragraphs).
Government Relations
In this section you will describe the government relations tactics you would use as part of your public relations campaign, and explain in detail how these tactics will help you achieve your objectives. In great detail explain how these tactics will help you achieve your objectives. (This section should be at least two paragraphs).
Community Relations
In this section please explain in detail how you can take advantage of community relations to generate positive publicity for your organization. (This section should be at least two paragraphs).
News Release
Draft a news release that you will use in your public relations campaign (Chapter 15). Explain in detail how the content, style, and essentials of your news release will help you persuade the public to your point of view. Use information from Chapter 15 as support. Describe the key elements of writing to consider when responding to a public relations crisis or scandal. (Your news release should be similar to the example provided in the book).
Crisis Management
In this section you will explain the five planning issues related to crisis management that can be employed to mitigate the scandal or risks (Chapter 17). (This section should be at least four to five paragraphs).
Additional Requirements
Remember to Include in-text citations when presenting information from other sources. You should begin your search for sources in the Strayer Library. Use a minimum of three credible, relevant, and appropriate sources. After you conclude the paper, you will need a separate page that includes your references. Include a sources page at the end of your paper.
Please ensure you proofread your paper and summarize when providing in-text citations.
1. Enter your first source entry here.
2. Enter your second source entry here.
3. Enter your third source entry here.
image1.png
BUS 300 Public Relations
Dr. Tenielle Buchanan
October 30, 2022BUS300 PR Plan Part 1 Outline
Your paper should have a section with the bolded headers below. Ensure you have a section that discusses each of these:
Name of organization
The United States-based publication Rolling Stone magazine is a news magazine that covers articles on current events relating to music, contempo.
Statistical Process Control 1 STATISTICAL PROCESS .docxlillie234567
Statistical Process Control 1
STATISTICAL PROCESS CONTROL
by XXXXXXXX
Student ID: 2XXXXXXX
University of Northampton
(Amity Global Institute Pte Ltd, Singapore)
Managing Operations and The Supply Chain
Dr. Melvin Goh
BSOM046
BSOM046-SUM-1920-ES1-Statistical Process Control
18 Oct XXXX
Word Count: 1600 (± 50)
Statistical Process Control 2
Table of Content
1. Introduction………………………………………………………………….3
2. Literature Review……………………………………………………………3
3. Methodology…………………………………………………………………5
4. Case Study Analysis…………………………………………………………9
5. Recommendation…………………………………………………………….15
6. Conclusion…………………………………………………………………...17
7. References……………………………………………………………………18
8. Appendix……………………………………………………………………..22
Statistical Process Control 3
STATISTICAL PROCESS CONTROL
INTRODUCTION
This report will provide a literature review of the concept and relevance of statistical process
control (SPC) from its inception until the present day. A case study of Waterside’s Leather
Limited (WLL) using the temperature data of its combined effluent discharge over one hundred
and twenty days will be conducted, and a recommendation will also be proposed.
LITERATURE REVIEW
Man has always tried to imitate and better his competitors to develop a better and cheaper
product or service. This idea was as crucial for the hunter-gatherer as it is for the manufacturing
industry after many millennia. This awareness led to the requirement of apprentices having to
follow in the footsteps of the master craftsmen for many years until they could become masters
in their craft. However, this was not a scientifically tabulated and monitored process.
Bradford and Miranti (2019) state that “it was in 1924 that Walter A. Shewhart introduced the
use of control charts to evaluate data distribution patterns to determine whether manufacturing
processes remain under control at Bell Telephone Laboratories”. He also introduced the terms
of variation in the process which comprises of common cause and special cause variation
(Subhabrata and Marien, 2019).
SPC is a technique for controlling processes to distinguish causes of variation and signal for
corrective action (Chen 2005 cited in Avakh and Nasari 2016). While some say that “SPC is
the use of statistically based tools and techniques principally for the management and
Statistical Process Control 4
improvement of processes” (Stapenhurrst, 2005), others say that “SPC is not really about
statistics or control, it is about competitiveness” (Oakland and Oakland, 2018).
Figure 1: A typical Control Chart
(Graph from https://learning.oreilly.com/library/view/nonparametric-statistical-process/9781118456033/c02.xhtml#head-2-
18)
The USA War Department used these methods to enhance the quality of products during World
War II. W.E Deming used Shewhart’s cycle in his quality training in Japan in 1950 but made
a new version stress.
Student 1 Student Mr. Randy Martin Eng 102 MW .docxlillie234567
Student 1
Student
Mr. Randy Martin
Eng 102 MW
6 December 2010
The Tragedy of Othello
The “Devil” throughout the ages has been referred to by many names; accuser, adversary,
enemy, and thief among others, no matter what title is given he is universally accepted as the
purest and ultimate form of evil. In William Shakespeare’s play, The Tragedy of Othello,
Shakespeare uses the element of drama of character to create a villain that embodies absolute
wickedness, a human form of the author of evil. The character Shakespeare creates to serve as
the ultimate antagonist is none other than “honest Iago.” Iago’s character is the best
representation of an elusive villain whose clever abilities to deceive and persuade bring
catastrophic destruction like that of an unexpected, nearly invisible black ice. Shakespeare uses
the character to advance the theme that mankind has the ability to be influenced and even driven
to engage in repulsive and devastatingly horrendous acts towards to each other. Iago himself is
driven and influences the actions Casio, Othello, and Rodrigo.
Spurred by jealousy and the pain of an injured pride Iago observes the man who was
granted/appointed the position he believed to have deserved and conceives a plan for taking
Cassio(this man) out. The character Cassio is deceived and manipulated by Iago in two manners.
First Iago sets up Cassio to betray himself and be demoted and then later uses Cassio as a pawn
to play into an even greater and more elaborate act of revenge against Othello.
Giving into anger and jealousy, Iago devises a plan to crush Cassio and satiate the pain of
Student 2
being passed over, Shakespeare writes:
I: With as little
a web as this will I ensnare as great a fly as Cassio. Ay, smile upon her, do!
I will gyve thee in thine own courtship…
If such tricks as these strip you out of your lieutenantry, (2.1.162-4)
Critic August Schlegel notes, “…he spreads his nets with a skill which nothing can escape.” The
devastation of being passed over for the position drove Iago to exact revenge on the unknowing
bystander, Cassio. Pride is a powerful internal motivator that takes a tremendous toll on those
who allow it contribute to their actions or control their thoughts. It is easy to give into the
feelings of being wronged and turn an evil eye rather than applauding another in their success.
More commonly found in relationships is the mentality of if I can’t have him nobody will.
With ease and grace Iago is able to show Cassio false sympathy and gain trust that allows
him to direct Cassio’s actions, by creating false hope. Shakespeare writes:
I: …, I could heartily wish this had not
befall’n; but since it is as it is, mend it for your own good.(2.3.270-1)
I: I tell you what you
shall do. Our general’s wife is now the general...
confess yourself freely to her; importune her help
to put you in your place again. She is of so free, .
Sophia Pathways for College Credit – English Composition II
SAMPLE TOUCHSTONE AND SCORING
Logan Stevens
English Composition II
December 20, 2019
Where’s the Beef?: Ethics and the Beef Industry
Americans love their beef. Despite the high rate of its consumption, in recent years
people in the United States have grown increasingly concerned about where their food comes
from, how it is produced, and what environmental and health impacts result from its production.
These concerns can be distilled into two ethical questions: is the treatment of cattle humane and
is there a negative environmental impact of beef production? For many, the current methods of
industrial beef production and consumption do not meet personal ethical or environmental
standards. Therefore, for ethical and environmental reasons, people should limit their beef
consumption.
The first ethical question to consider is the humane treatment of domesticated cattle. It
has been demonstrated in multiple scientific studies that animals feel physical pain as well as
emotional states such as fear (Grandin & Smith, 2004, para. 2). In Concentrated Animal Feeding
Operations (CAFOs), better known as “factory farms” due to their industrialized attitude toward
cattle production, cattle are often confined to unnaturally small areas; fed a fattening, grain-based
diet; and given a constant stream of antibiotics to help combat disease and infection. In his essay,
“An Animal’s Place,” Michael Pollan (2002) states that beef cattle often live “standing ankle
Comment [SL1]: Hi Logan! This is a great title.
Comment [SL2]: It will help strengthen your opening
sentence to include some sort of facts or statistics about
beef consumption in America.
Comment [SL3]: Throughout your essay, you talk about
more than just limiting the consumption of beef. How could
you strengthen your Thesis Statement to connect all of
those points?
Sophia Pathways for College Credit – English Composition II
SAMPLE TOUCHSTONE AND SCORING
deep in their own waste eating a diet that makes them sick” (para. 40). Pollan describes
Americans’ discomfort with this aspect of meat production and notes that they are removed from
and uncomfortable with the physical and psychological aspects of killing animals for food. He
simplifies the actions chosen by many Americans: “we either look away—or stop eating
animals” (para. 32). This decision to look away has enabled companies to treat and slaughter
their animals in ways that cause true suffering for the animals. If Americans want to continue to
eat beef, alternative, ethical methods of cattle production must be considered.
The emphasis on a grain-based diet, and therefore a reliance on mono-cropping, also
contributes to the inefficient use of available land. The vast majority of grain production (75-
90% depending on whether corn or soy) goes to feeding animals rather than humans, and cattle
alone .
STORY TELLING IN MARKETING AND SALES – AssignmentThe Ethic.docxlillie234567
STORY TELLING IN MARKETING AND SALES – Assignment
The Ethics of Storytelling
Assignment Description:
During the past week in class, we learned that all brand stories need to have a strong ethical foundation. Brands need to create and distribute messages that are honest and convey their corporate values.
FOR THIS ASSIGNMENT, “CHOOSE ANY 1” OF THE FOLLOWING SHORT VIDEOS TO WRITE ABOUT:
· “Apple 2013 Christmas commercial”
https://www.youtube.com/watch?v=03KQTCEM08k
· “WestJet Christmas Miracle”
https://www.youtube.com/watch?v=zIEIvi2MuEk&t=9s
For the video you choose, answer the following questions about the story that is being told:
(minimum 350 words, combine 1 to 5)
1. Does this story affirm the company’s core values? Why or why not?
2. Does this story foster trust with each and every stakeholder? Why or why not?
3. Does this story help build relationships? Why or why not?
4. Does this story showcase diverse and inclusive behaviors?
5. Does this story honor the company’s commitments and promises to its customers? Why or why not?
Note: Write a minimum of 350 words for above 5 questions, conveying your own thoughts and views.
image1.png
CHCCCS023 Learner Guide Version 1.1 Page 1 of 59
CHCCCS023
Support independence and
wellbeing
Learner Guide
CHCCCS023 Learner Guide Version 1.1 Page 2 of 59
Table of Contents
Unit of Competency ..................................................................................................................... 5
Application ...................................................................................................................................... 5
Unit Sector ...................................................................................................................................... 5
Performance Criteria ....................................................................................................................... 6
Foundation Skills ............................................................................................................................. 8
Assessment Requirements .............................................................................................................. 9
1. Recognise and support individual differences.......................................................................... 12
1.1 – Recognise and respect the person’s social, cultural and spiritual differences ........................ 13
Individual differences .................................................................................................................... 13
Social differences .......................................................................................................................... 13
Cultural differences ....................................................
STEP IV CASE STUDY & FINAL PAPERA. Based on the analysis in Ste.docxlillie234567
STEP IV: CASE STUDY & FINAL PAPER
A. Based on the analysis in Step III, choose which theory best applies to this situation. Add any arguments justifying your choice of these ethical principles to support your decision.
Consequentialism (Utilitarian) Theory
Deontology Theory
Kant’s Categorical Imperative Principle
Social Contract Theory
Virtue Ethics Theory
NAME THE THEORY HERE: Deontology Theory
B. Explain your choice above: THIS AREA SHOULD BE 4-7 sentences or roughly 100-200 words.
Deontology is an approach to Ethics that focuses on the rightness or wrongness of actions themselves I choose this because ethical actions based on normative theories can be effective in developing better privacy practices for organizations. A business should be able to admit to making a mistake. This is especially important to shareholders, employees, and other stakeholders.It is important for businesses to operate with transparency. Consumers need to be able to trust what businesses present to them.
C. Your decision: What would you do? Why? List the specific steps needed to implement your defensible ethical decision. THIS AREA SHOULD BE 2 OR MORE PARAGRAPHS (250-350 words).
Deontology is a theory of ethics that suggests that actions can either be bad or good when judged based on a clear set of rules. So what I would do is set these rules in place. Businesses/companies should uphold the ethical standard of respect. People personal data shouldn’t be treated as ends rather than means. Companies should keep personal data about their customers/users and should be expected to keep this information private out of respect for these individual’s privacy.
Another rule, Businesses/companies should uphold complete transparency. This builds not only trust, but help builds a relationship with the users/customers. And if they don’t enclosed information the company’s actions would be considered unethical and wrong. Another rule is that there should always be accountability. A business/company should always be able to admit to making a mistake. This is especially important to shareholders, and stakeholders. They should be able to own up to missteps even when this could have serious consequences. With these rules emplaced it would be more ethical.
D. What longer-term changes (i.e., political, legal, societal, organizational) would help prevent your defined dilemma in the future? THIS AREA SHOULD BE 2 OR MORE PARAGRAPHS (250-350 words).
My dilemma is the misuse of personal information and data. Not just in social media but, also companies and business. One of the obvious ways to stop this dilemma is to make it that companies aren’t allowed to collect and store our personal data. User data can legally be sold as long as legal conditions for its collection and sale have been met and there isn’t any regulation against it. Our data is being sold for profit. This shouldn’t be allowed. There should be laws and regulations against that. They are the only ones benefiting.
Step 1Familiarize yourself with the video found here .docxlillie234567
Step 1:
Familiarize yourself with the video found here:
Link to Who Leads Us? video
AND the website associated with the video, located here:
Who Leads Us?
AND the website of your Representative in the United States House:
The US House of Representatives
Step 2:
After learning about Reflective Democracy across the United States it is time to learn about how it affects you. Begin by examining yourself and your surrounding community. How would you describe your cultural background? How would you describe the cultural background of your US Representative? How would you describe the cultural background of the district that he or she represents (and that you are a part of)? Compare and contrast the culture of the district to the culture of your Representative. Compare and contrast the culture of your Representative and your culture. Compare and contrast your culture with the culture of the district that you live. Where do you see the greatest differences between cultures? What are some advantages and disadvantages of these cultural differences? How would you work to bridge the divide between cultures? (SR 1)Step 3:
Find a policy issue that your Representative has taken a stand on. Explain that issue in detail. Once you have explained the issue, provide information on where your representative stands on the issue. Where do you stand on the issue? What do you believe should be done? What might be another alternative solution? Thinking about your ideas on the issue who might object to your viewpoint and what might their objections be? Once you’ve laid out their objections, respond to them, and explain, with logic, why your perspective is correct and your opponents’ objections are mistaken. (PR 1 and PR 2)Step 4:
Now that you have officially staked out a policy position, you need to think about how to get it put into action. Who in the government, and who in your community. do you believe should be involved? What specific actions should you (and those in the community) take? Why is it important to get your community involved and what will be the benefits of activating people to the cause? (SR 2)Step 5:
Let’s assume that you are successful in your efforts, and you achieve your policy goal. What do you believe will be the consequences of putting this policy into practice? How far reaching do you think the consequences will be for your community? Your state? Your country? What do you think will be the effects over the short term? Over the long term? Be sure to mention both positive and negative consequences that might result? (PR 3)
.
Statistical application and the interpretation of data is importan.docxlillie234567
Statistical application and the interpretation of data is important in health care. Review the statistical concepts covered in this topic. In a 800-1,000 words paper, discuss the significance of statistical application in health care. Include the following:
1. Describe the application of statistics in health care. Specifically discuss its significance to quality, safety, health promotion, and leadership.
2. Consider your organization or specialty area and how you utilize statistical knowledge. Discuss how you obtain statistical data, how statistical knowledge is used in day-to-day operations and how you apply it or use it in decision making.
Three peer-reviewed, scholarly or professional references are required.
Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center. An abstract is not required.
RUBRICS:
1, Application of statistics in health care is described in detail. The significance to quality, safety, health promotion, and leadership is described thoroughly for all criteria. Strong information and rationale is provided to fully illustrate the application of statistics, and its significance, to health care and the specific areas.
2, Application of statistical knowledge to organization or specialty area is thoroughly discussed. How statistical data are obtained, used in day-to-day operations, or applied in decision making is described in detail. The ability to understand and apply statistical data is clearly demonstrated.
3, Thesis is comprehensive and contains the essence of the paper. Thesis statement makes the purpose of the paper clear.
4, Clear and convincing argument presents a persuasive claim in a distinctive and compelling manner. All sources are authoritative.
5, Writer is clearly in command of standard, written, academic English
6, Paper Format (use of appropriate style for the major and assignment)
Compañías utilizando la Inteligencia Artificial
La Inteligencia Artificial es un campo donde se combina las ciencias de las computadoras y bases de datos para ayudar a resolver problemas o para simular Inteligencia Humana. Comprende varios subcampos donde se utilizan varios métodos en los cuales se pueden mencionar los más comunes que son: las maquinas aprendiendo o Machine Learning y el aprendizaje profundo o Deep Learning. Estos métodos o disciplinas están comprometidas con los Algoritmos de la Inteligencia Artificial que buscan crear sistemas expertos que pueden hacer predicciones o clasificaciones basadas en una data introducida por un usuario. Algunas de las funciones primarias de la Inteligencia Artificial varían entre razonar, aprender, resolver problemas, toma de decisiones y principalmente entender el comportamiento humano. Este concepto esta formado por dos tipos de acercamientos, el primero es el acercamiento humano y el acercamiento ideal. Cuando hablamos del acercamiento humano, estamos emprendiendo sistemas que piensan y actúan como humanos. El acercami.
SOURCE: http://eyeonhousing.org/2013/09/24/property-tax-remains-largest-revenue-source/
Property tax comes from housing. More new construction means more property taxes collected. The
better (so more expensive the home) the more property taxes collected. Defaults, foreclosures can
drive down house values and reduce property taxes. You are simply trying to understand some
forecasting regarding the future (maybe near-term future) of property taxes to be collected. CERNIK
Property Tax Remains Largest Revenue Source
According to the latest data from the Census Bureau, taxes paid by homeowners and other real
estate owners remain the largest single source of revenue for state and local governments. At
34%, property taxes represent a significantly larger share than the next largest sources: individual
income taxes (24%) and sales taxes (21%).
State and local government property tax collections continue to increase on a nominal basis.
From the third quarter of 2012 through the end of the second quarter of 2013, approximately
$479 billion in taxes were paid by property owners. This was a small increase from the
previous trailing four-quarter record of $477 billion, set last quarter.
The modest changes throughout the Great Recession in nominal state and local government
property tax collections are due in large part to lagging property assessments and the ability of
local jurisdiction to make annual adjustments to tax rates. In general, declining property values
are not reflected in the system until a few years after the decline occurs. Once assessments are
updated, property tax authorities can adjust rates thus maintaining a desired level of collection.
http://eyeonhousing.org/2013/09/24/property-tax-remains-largest-revenue-source/
http://www.census.gov/govs/qtax/
http://eyeonhousing.files.wordpress.com/2013/09/piechart.png
As state and local government property tax collections increased in recent years, the share of
local tax collections due to property taxes fell from a high of 37.4% in the second quarter of
2010 to the current share of 33.5%. The average share for property taxes since 2000 is 32.4%.
The changing share of local collections is due predominantly to fluctuations in all other tax
receipts. State and local individual income tax, corporate income tax, and sales tax collections
are very responsive to changing economic conditions. For example, in the second quarter of 2009
state and local governments collected $76 billion in individual income tax. In the second quarter
of 2013, the most recent, state and local governments collected $114 billion in individual income
tax. The dramatic 50% increase in state and local individual income tax receipts is due to
improving economic conditions, rising incomes, and higher rates in several states.
http://eyeonhousing.files.wordpress.com/2013/09/chart_13.png
The S&P/Case-Shiller House Price Index – National Index grew by 7.1% on a n.
Sophia Pathways for College Credit – English Composition I
Are you ready to write Touchstone 4?
The essay below provides an example of an advanced level argumentative essay. As you read through
the essay, notice how the author effectively incorporates elements of argument, has a strong thesis
statement which takes a stand on one side of a debatable topic, and utilizes the classical model of
argumentation with effective incorporation and utilization of support.
______________________________________________________________________
Marcus Bishop
English Composition I
March 15, 2018
Teenage Sleep and School Start Times
John, an average teenager, tries to get to school on time in the mornings. He sets two
alarms on his phone and often skips a shower or breakfast, or both, so that he doesn’t miss the
school bus that stops at his corner at 7:00 AM. Once at school, John joins his sleep-deprived
peers in mad dashes to their first classes. School is on, whether students are prepared to learn
or not. According to numerous studies, the average U.S. teenager gets between 7 and 7.25
hours of sleep a night, while his body needs between 9 and 9.5 hours. With the average start
time for high school in the U.S. 8:03 AM (Croft, Ferro, and Wheaton, 2015), it’s not a great leap
to conclude many high school students are sleep-deprived. High schools should implement later
start times to maintain healthy biological functions and to maximize learning for teenagers.
Comment [SL1]: While the sentence structure is a bit
repetitive, this introduction does a good job of engaging the
reader with the average teenager and providing the
necessary background information for the reader to fully
understand the importance of the thesis.
Comment [SL2]: This is a well written thesis statement. It
takes a clear position on one side of a debatable topic. It is
concise, yet provides adequate detail so that the reader
knows what your key points within the essay will likely be.
Sophia Pathways for College Credit – English Composition I
Sleep deprivation in teens affects their health, including issues like mood and behavior,
increased anxiety or depression, use of caffeine, tobacco, or alcohol, and even weight gain. Lack
of sleep increases the likelihood that teens across all socio-economic spectrums will be unable
to concentrate and will suffer poor grades in school as a result. In addition, teens, already in a
high risk category as new drivers, are more susceptible to “drowsy-driving incidents.” (Richter,
2015). These are all compelling reasons to consider changes in school start times for teenagers.
Our internal body clocks – what scientists call circadian rhythm - regulate biological
processes according to light and dark. When our eyes tell us it’s dark, we begin to tire, and
when our eyes tell us it’s light, we begin to waken. Adults often refer to themselves as a
“morning person” or a “night person” because t.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
Delivering Micro-Credentials in Technical and Vocational Education and TrainingAG2 Design
Explore how micro-credentials are transforming Technical and Vocational Education and Training (TVET) with this comprehensive slide deck. Discover what micro-credentials are, their importance in TVET, the advantages they offer, and the insights from industry experts. Additionally, learn about the top software applications available for creating and managing micro-credentials. This presentation also includes valuable resources and a discussion on the future of these specialised certifications.
For more detailed information on delivering micro-credentials in TVET, visit this https://tvettrainer.com/delivering-micro-credentials-in-tvet/
Safalta Digital marketing institute in Noida, provide complete applications that encompass a huge range of virtual advertising and marketing additives, which includes search engine optimization, virtual communication advertising, pay-per-click on marketing, content material advertising, internet analytics, and greater. These university courses are designed for students who possess a comprehensive understanding of virtual marketing strategies and attributes.Safalta Digital Marketing Institute in Noida is a first choice for young individuals or students who are looking to start their careers in the field of digital advertising. The institute gives specialized courses designed and certification.
for beginners, providing thorough training in areas such as SEO, digital communication marketing, and PPC training in Noida. After finishing the program, students receive the certifications recognised by top different universitie, setting a strong foundation for a successful career in digital marketing.
How to Build a Module in Odoo 17 Using the Scaffold MethodCeline George
Odoo provides an option for creating a module by using a single line command. By using this command the user can make a whole structure of a module. It is very easy for a beginner to make a module. There is no need to make each file manually. This slide will show how to create a module using the scaffold method.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
1. Thumbnails/thumbnail.png
Cristian DeWeese
Dr. Rutherford
Hardening Operating Systems
11/12/2022
“Attack on Microsoft systems using the Internet ”
1. Following are the some of the Microsoft system attacks;
MItM Attack:
Because of the vulnerability, an off-site attacker is able to get
access to the compromised system. Within the Windows LSA
service is where the vulnerability may be found. (Kumar &
Surisetty, 2011) An adversary operating from a distant location
has the ability to trick a domain controller into providing
NTLM authentication to them by calling a method on the
LSARPC interface. As a consequence of this, an adversary may
gain credentials and compromise the vulnerable system via the
use of the NTLM Relay Attack.
DDos:
During a DDoS attack, users are unable to connect to the
targeted service. During a distributed denial of service attack,
all of an app's available resources are used up. Attackers flood a
site with fake users to slow it down or bring it down entirely.
(Gomez & Valdez, 2006) The frequency and severity of these
episodes are both rising. According to statistics compiled by
Azure Networking, DDoS assaults will raise by 25% in the first
half of 2021 compared to the last quarter of 2020. In 2021,
Azure prevented 359.713 assaults on its worldwide
infrastructure, up 43 percent from the previous year. (Wu &
Sun, 2010) Regardless of industry or location, businesses of any
size are vulnerable to DDoS attacks. Internet gambling sites,
online stores, and telecommunication companies are frequent
targets of cybercriminals.
2. 2. Following are the main 5 concerns;
Initial Breach Targets: Nobody hacks IT. Built Active Directory
forests are clean and updated. New OSes and programs emerge
throughout time. As Active Directory's administrative
advantages are recognized, more information is provided, more
PCs or programs are connected, and domains are altered to suit
new Windows capabilities. Even when new infrastructure is
introduced, other elements may not be maintained as well,
systems and applications may be neglected, and organizations
may forget they still have legacy infrastructure. Older, bigger,
more complex ecosystems are more vulnerable.
Disabling Security Features: Many businesses don't utilize
Windows Firewall with Advanced Security (WFAS) because
they feel it's too complicated to set up. Starting with Windows
Server 2008, the Windows Firewall is automatically configured
to provide just the minimum permissions required for each role
or functionality to function. When WFAS is turned off (and no
other host-based firewall is used), Windows becomes more
vulnerable. Firewalls at the network's perimeter protect against
attacks from the Internet but not from drive-by downloads or
compromised intranet systems.
Gaps in antivirus & Antimalware Deployments: Most
workstations in a company will have antivirus and antimalware
software installed, activated, and up-to-date, according to an
analysis of antivirus and antimalware deployments. With a few
notable exceptions, such as seldom connected workstations and
staff devices, antivirus and antimalware software is often easily
deployed, configured, and updated across the board.
Incomplete patching: Microsoft publishes security updates
regularly on the second Tuesday of every month, however in
severe circumstances when vulnerability is believed to represent
an imminent hazard to client systems, an update may be
delivered outside of the monthly security update schedule.
Whether a company is small and uses Windows Update to
handle system and application patching or large and uses
management software like System Center Configuration
3. Manager (SCCM) to deploy patches according to detailed,
hierarchical plans, a large number of customers patch their
Windows infrastructures in a timely fashion.
Misconfiguration: Even in environments where systems are
often kept up to date and patched, we regularly discover
vulnerabilities or misconfigurations in the operating system,
applications, and Active Directory. Depending on the nature of
the configuration problem, the attack may just affect the local
workstation, but in many cases, an attacker may actively seek to
"manage" further systems and eventually get access to Active
Directory.
3. There are three essential parts to every network;
Routers
Switches
Firewalls
Switches:
A switch is required to connect many computers together. While
PCs are the most common device that switches link, they are not
the only device that switches may connect. After a device is
connected to a switch, its Media Access Control (MAC) address
is revealed and used for routing. The switch includes the MAC
address in outgoing packets so that other network nodes may
determine which device generated them.
Routers:
In order to connect local area networks to the wider web,
routers are required. Packets with an IP address are sent further
by this L3 device. A router is a device that allows for
communication across different networks. With the help of
Dynamic Host Configuration Protocol, a router may give out IP
addresses to computers and other devices that are linked to it.
After then, the information may enter and leave the network as
needed. In order to connect to the web, NAT is essential.
Firewalls:
When a firewall is set up, it may either allow or prevent
information from accessing a network. As an example, a
firewall may be set up to allow only traffic from a limited range
4. of IP addresses and ports that have been verified as secure.
(Archiveddocs , nd) On the other hand, a firewall may monitor
the IP address of the source of a packet that is being sent
several times per second. Maybe there was a distributed denial
of service attack that would be weird (DDoS)
References:
Kumar, S., & Surisetty, S. (2011). Microsoft vs. Apple:
Resilience against distributed denial-of-service attacks.
IEEE Security & Privacy,
10(2), 60-64.
Kumar, S., Azad, M., Gomez, O., & Valdez, R. (2006,
February). Can microsoft's Service Pack2 (SP2) security
software prevent SMURF attacks?. In
Advanced Int'l Conference on Telecommunications
and Int'l Conference on Internet and Web Applications and
Services (AICT-ICIW'06) (pp. 89-89). IEEE.
Lobo, D., Watters, P., Wu, X. W., & Sun, L. (2010, July).
Windows rootkits: Attacks and countermeasures. In
2010 Second Cybercrime and Trustworthy
Computing Workshop (pp. 69-78). IEEE.
Archiveddocs. (n.d.).
Install and Deploy Windows Server 2012 R2 and
Windows Server 2012. Learn.microsoft.com. Retrieved
November 8, 2022, from https://learn.microsoft.com/en-
us/previous-versions/windows/it-pro/windows-server-2012-r2-
and-2012/hh831620(v=ws.11)#windows-server-2012-r2
5. The Role and
Documentation of
Evidence in Criminal
Investigations
Gary w. Green/Orlando sentinel/MCT
OBJECTIVES
After reading this chapter you will be able to:
• Discuss the investigation of the
death of Stanley van Wagner.
Identify the most significant
evidence in the case and the
reasons why Amy Van Wagner
was found guilty in the trial.
• Explain the various levels or
standards of proof.
• Discuss the reasons for the
hearsay rule and the exceptions
to it.
• Compare direct evidence with
indirect evidence and give an
example of each.
• Compare the role of lay witnesses
with that of expert witnesses.
6. • Differentiate between judicial
evidence and extrajudicial
evidence and between
exculpatory evidence and
inculpatory evidence.
• Identify the various forms of
circumstantial evidence.
• Provide examples of corpus
delicti evidence, corroborative
evidence, cumulative evidence,
associative evidence,
identification evidence, and
behavioral evidence.
• Define testimonial evidence, real
evidence, documentary evidence,
and demonstrative evidence.
From the CASE FILE
The Murder of Stanley van Wagner
Sometime on or around Friday, May 15, 2015, Stanley
van Wagner was murdered. He was shot multiple
times in his home office. He was shot from the back
through his neck and in his shoulder. His body was
found on Sunday, May 17, at approximately 7:00 p.m.
in the basement of his house in a locked supply room
by his wife, Amy. Stanley's body was covered with a
tarp. Next to his body was his computer, which had
been struck by a bullet, and a pillow that also had a
bullet hole through it. There were two shell casings on
the floor of Stanley's office, a bloodstain on the carpet,
and a bullet hole in the drywall of one of the walls. Two
7. .380 caliber bullets were recovered. There was a gun
safe in the office from which some, but not all, of the
guns were missing. An empty leather handgun holster
was found near the safe. Amy had a concealed carry
permit. Her gun was a .380 caliber handgun. These
were the undisputed facts of the case.
Based on the evidence in the case, Amy was arrested
for the murder of her husband. All the evidence against
her was circumstantial. The inculpatory evidence that
led to Amy being identified as the killer consisted of
the following:
• On Friday morning, May 15, Stanley's cell phone had
been placed/tracked near the cell tower in the city
where Amy worked, which was a different city than
the one in which the couple lived. From this location,
Stanley's coworker received a text from Stanley's
phone indicating he was not feeling well and would not
be at work. It was one of the few times in thirty years
Stanley had called out sick. The cell phone location
information was obtained from cell phone provider
records; Stanley's cell phone was never found.
• Stanley had a rug in his office that was displayed
but never placed on the floor. When investigators
arrived at the scene after Stanley's body had been
discovered, the rug was on the floor. Under the rug
was a bloodstain. on the morning of May 15, while
Amy was at work, she had used her phone to text her
sixteen-year-old son, who was at home in bed. In the
text she asked her son if he saw the rug on the floor
and if he thought it looked good. In another text to her
son sent around the same time, she stated there was
no need to worry about Stanley, that he would not be
8. home after work. (The son was at home that morning
because earlier in the week he had been expelled
from school, and Stanley was not happy about it.)
• Amy had a concealed carry gun permit, and her gun
was a .380 caliber handgun. on occasion, she and
Stanley had conducted target practice at a friend's
house. Investigators linked .380 caliber shell casings
recovered from the friend's house to the shell
casings found on Stanley's office floor. The
.380 caliber handgun was never recovered.
38
• Guns missing from the gun safe in Stanley's office
were found by investigators in a pond near the
couple's house.
• On May 15 Amy had performed a Google search for
"rental carpet cleaner" on her work computer using
the in-private browser function.
• Amy had previously taken money out of Stanley's
checking account without his permission by writing
checks to "cash" and forging Stanley's signature.
Stanley had threated to divorce Amy because of
this.
• Between May 15 and May 18, Amy had made
several cash withdrawals from Stanley's checking
account using his ATM card.
• The medical examiner who conducted the autopsy of
the body and an expert witness stated that Stanley
9. was most likely killed on May 15 or May 16. The
computer found next to Stanley's body that was
stuck by a bullet had its clock stop at 5:30 a.m. on
Friday, May 15.
Along with this inculpatory evidence, however,
exculpatory evidence also existed that could lead one
to believe Amy was not the perpetrator:
• Like every other day, on Friday, May 15, Amy had
gone to work. She also went to the Department
CRIMINAL INVESTIGATION
of Motor Vehicles and completed other normal
activities. coworkers testified Amy had acted
normally at work that day. On Saturday she had
posted on Facebook that if anyone saw Stanley they
should tell him to come home. On that day she also
went to an out-of-town graduation party and bought
and planted flowers at home.
• There were no fingerprints or DNA on the computer
found next to Stanley's body, and no DNA from Amy
on the tarp. There were no fibers on the steps from
the tarp. There was no physical evidence that linked
Amy to the murder.
• A witness, a neighbor, reported with confidence that
she had seen and spoken with Stanley on Friday
afternoon. Another witness stated she had seen
Stanley on Saturday.
• Witnesses testified that Stanley and Amy appeared
to be a happy couple and that Amy killing her
husband was incomprehensible.
10. • The couple's son, who was home in bed on Friday,
May 15, reported and later testified that he did not
hear any gunshots in the house that morning.
In early 2017 the case went to trial. Amy van Wagner
did not testify. The jury deliberated for six hours before
finding Amy guilty of first-degree intentional homicide
and hiding a corpse.
case Considerations and Points for Discussion
1. Do you agree with the police, prosecutor, and jury
that Amy van Wagner killed her husband? Based on
the evidence, what do you think happened? What
do you think was a likely motive?
2. If Amy killed her husband, what is the most
significant unanswered question associated with
this case? Explain.
3. If Amy killed her husband, what were the most
significant mistakes she made that led to her
identification and conviction as the killer? Explain.
• • • The Basics of Criminal Evidence
Broadly defined, criminal evidence is any crime-related
information on which an investigator can
base a decision or make a determination. It consists of supposed
facts and knowledge that relate
to a particular crime or perpetrator. Evidence is the product of
investigative activities; investiga-
tive activities are performed to discover and collect evidence. In
turn, evidence is used to establish
proof that a crime was committed and that a particular person
committed that crime.
11. JUDICIAL AND EXTRAJUDICIAL EVIDENCE
Judicial evidence: A basic and fundamental distinction can be
made between judicial evidence and extra judi-
cial evidence. Judicial evidence is evidence that is admissible in
court and that meets the
rules of evidence. As such, it is often referred to as admissible
evidence. In the case discussed
Evidence that meets the
rules of evidence and is
admissible in court.
Chapter 3 • The Role and Documentation of Evidence in
Criminal Investigations
earlier, the cell phone records, the results of the autopsy, the
testimony about time of death,
and the ballistics evidence are all examples of judicial evidence.
Extrajudicial evidence is any information on which an
investigative decision can be based
but that is not allowed in court proceedings. It is often referred
to as inadmissible evidence.
An example of extra judicial evidence may be the results of a
polygraph examination taken
by a suspect. It is certainly not unreasonable that investigators
would consider the results
of a polygraph examination when judging whether a particular
person committed the crime
in question. At the same time, however, this "evidence" would
not be allowed by a judge to
be introduced into court proceedings; it would not meet the
12. rules of evidence. Although
such evidence may not be admissible in court, though, it can
still be quite useful.
EXCULPATORY AND INCULPATORY EVIDENCE
Another basic but important distinction can be made between
exculpatory evidence and
inculpatory evidence. Exculpatory evidence is evidence that
tends to exclude or eliminate
someone from consideration as the perpetrator. As discussed in
the earlier case, if a witness
saw Stanley alive on Saturday, it would tend to call into
question the value of the cell phone
location and Google search made on Friday as evidence of the
murder, which would tend
to exclude Amy as the killer. lnculpatory evidence is evidence
that tends to include or incrim-
inate a person as the perpetrator. For example, the fact that
Stanley was shot with the
.380 caliber handgun that belonged to Amy would tend to
incriminate Amy. Throughout
the course of any investigation, investigators will likely
uncover both inculpatory and
exculpatory evidence in relation to a particular suspect. It is a
legal requirement that the
police and prosecutor share not only the inculpatory evidence
but also the exculpatory
evidence with the defendant's attorney through the discovery
process.
STANDARDS OF PROOF
Evidence is used to establish proof that a crime was committed
or that a particular person
committed that crime. To prove something (e.g., that Amy
13. killed Stanley) is to eliminate uncer-
tainty or some degree of uncertainty regarding the truthfulness
of the conclusion. Proof is not
a one-dimensional phenomenon; there are various levels, or
standards of proof (see Table 3.1).
For example, as discussed in more detail later, the police often
need enough evidence to estab-
lish probable cause to justify a search or an arrest. Probable
cause, then, is a standard of proof.
Probable cause exists when it is more likely than not that a
particular circumstance exists;
generally speaking, the degree of certainty is greater than 50
percent. Probable cause is the
standard of proof of most direct concern and relevance to
investigators in solving crimes.
Another standard of proof is proof beyond a reasonable doubt.
Proof beyond a reasonable
doubt is needed in a trial to conclude that the defendant is
guilty of the crime. With this
level of proof, a jury (or a judge in a bench trial) may have a
doubt about the defendant's
guilt, but this doubt cannot be meaningful or significant.
Beyond a reasonable doubt is the
level of proof of most direct consequence to prosecutors, who
have as their responsibility
presenting evidence in court to obtain a conviction.
A third level of proof is reasonable suspicion. In order for
police to legally stop and frisk a
person, the police have to have a reasonable suspicion about
that person's involvement in
or association with a criminal act.
A fourth major level of proof is preponderance of the evidence.
Preponderance of the evi-
14. dence is the degree of certainty needed to prove and win a civil
case. It is essentially the
equivalent of probable cause but applies only to civil matters.
It is important to understand that all levels of proof are
subjective in nature. The determina-
tion of what constitutes proof depends on the judgments of
people. As a result, what consti-
tutes probable cause for one judge may not constitute probable
cause for another. One jury
may find proof beyond a reasonable doubt, but another may find
reasonable doubt. The
weight and value of evidence in establishing proof are an
individual determination.
39
Extrajudicial
evidence: Any
information upon which
an investigative decision
can be based but the
evidence is not allowed
in court.
Exculpatory
evidence: Evidence
that tends to exclude
a person as the
perpetrator.
lnculpatory
evidence: Evidence
that tends to include
a person as the
perpetrator.
15. Proof: Proof is
certainty that a
particular fact or
circumstance is true.
Standards of proof:
Different levels or
degrees by which
uncertainty about a fact
can be eliminated.
Probable cause:
A standard of proof
necessary to justify
most searches and to
make an arrest.
Beyond a
reasonable doubt:
A standard of proof
necessary to obtain
the conviction of a
defendant at trial.
Reasonable
suspicion: A standard
of proof necessary for
the police to stop and
frisk a person.
Preponderance
of the evidence:
A standard of proof
relevant in civil law
and trials.
16. 40
Direct evidence:
Evidence that directly
demonstrates a fact;
there is no need
for inferences or
presumptions.
CRIMINAL INVESTIGATION
Standards of Proof in Criminal Matters
Reasonable suspicion
Probable cause
Beyond a reasonable doubt
Is there reason to believe that a
particular circumstance exists?
Is it more likely than not that a
particular circumstance exists?
Is the doubt about the
defendant's guilt meaningful or
significant?
To stop and frisk
To make an arrest
To conduct a search
17. To obtain a conviction
THE MEANING AND NATURE OF PROBABLE CAUSE
Probable cause stems directly from the Fourth Amendment to
the U.S. Constitution and
constitutes a critical ingredient needed to justify a legal search,
seizure, or arrest. In gen-
eral, if probable cause does not exist to conduct a search or to
make an arrest, any evi-
dence collected as a result of that search is not admissible in
court, nor is that arrest
considered valid. Probable cause is critical indeed and therefore
is discussed in more detail
here.
According to the decision in Brinegar v. United States (1949),
probable cause exists when
"the facts and circumstances within the officers' knowledge and
of which they had reason-
ably trustworthy information are sufficient in themselves to
warrant a man of reasonable
caution in the belief that an offense has been or is being
committed." This is known as the
"man of reasonable caution" standard or the "reasonable person"
standard. In United
States v. Ortiz (1975), the court ruled police officers can
legitimately draw on their experi-
ence and training in determining whether probable cause exists
in a particular situation. As
a result, what might look like innocent activity to the
"reasonable person" may indeed be
sufficient to establish probable cause for a police officer.
In Aguilar v. Texas (1964), the court established a two-pronged
18. test to determine probable
cause when information is given to the police by an informant.
The two prongs were (1) the
reliability of the informant and (2) the reliability of the
informant's information. This is
particularly relevant when the police obtain information from a
person who has been
engaged in criminal activity and has low credibility. The
Aguilar two-pronged test was
abandoned with Illinois v. Gates (1983) when the court ruled
that the "totality of the cir-
cumstances" must be considered in establishing probable cause.
So in the case of Gates, not
only should the informant's tip be considered in determining
probable cause, but so too
should the corroborating information from other independent
police sources.
• • Types of Evidence
Various types of evidence can be used to establish proof. All
evidence can be classified as being
either direct or indirect, and all evidence can be classified as
either testimonial, real, demonstra-
tive, or documentary. All of these types of evidence are
discussed in the following subsections.
DIRECT VERSUS INDIRECT EVIDENCE
Direct evidence refers to crime-related information that
immediately demonstrates the exis-
tence of a fact in question. As such, no inferences or
presumptions are needed to draw the
associated conclusion. Confessions from perpetrators and
identifications from eyewitnesses
are good examples of direct evidence of guilt (see Case in Point
3.1).
19. Chapter 3 • The Role and Documentat ion of Ev idence in
Criminal Investigations 41
-
CASE in POINT 3· 1 "All This Was Planned When the
First Shot Was Fired"
The following report was written by · Detective Michael
sarenac of the Milwaukee Police Department. It has been
edited for length and clarity.
Background
On Sunday, April 24, 2016, the Milwaukee Police Department
responded to the Tandji convenience store in the City of
Milwaukee regarding an injured person. A citizen contacted
police after locating a person laying in the store. Upon offi-
cer's arrival they located the decedent laying on the floor
with an apparent gunshot wound to his head. Medical per-
sonnel had responded and determined that any resuscitation
efforts were fruitless. The decedent, identified as Chaabane
Tandji, male, black, 01/01/1975, was pronounced dead by
the Milwaukee County medical examiner's office. An autopsy
performed by that office the following day determined a bul-
let travelled from the back to the front of Mr. Tandji's skull
20. and ruled his death a homicide.
Detectives reviewed store video and obseNed that shortly
after 11 p.m. the previous evening a black male and a black
female were allowed entry into the store by the victim after
store hours. At one point the victim removes a handgun and
shows it to the male. The male begins walking around the store
pointing the handgun in different directions. At one point the
male is facing the back of the victim. Video shows this male
extending his arm when about 8 to 10 feet behind the victim.
The victim falls to the floor. This male then walks in front of
the
victim and again extends his arm and appears to fire a second
time into the victim. The male then checks the pockets of the
victim and, as this is occurring, the female is seen in the cashier
area removing items including cigarettes. Both the male and
female then exit the store, leaving the victim on the floor.
Detectives showed a portion of the video to the decedent's
girlfriend, Patricia Long, where she identified both persons in
the video with the decedent as "Trill" and his girlfriend "Shay."
"Trill" is Terrence Hutchinson. "Shay" is Shannon Carson-
Quinn.
Both were arrested without incident at 3357 B N. 2nd St.
In-custody Mirandized interview of
Shannon P. Carson-Quinn on 4-24-16
Quinn stated that about one week ago, she and her boy-
friend, Terrence M. Hutchinson (08-13-88), planned to rob
21. and kill the previous owner of the store, who they called
"Sabu." Carson-Quinn stated they planned to do this because
Sabu got $15,000 to $20,000 from the sale of the store. They
planned on killing him so there were no witnesses. Carson-
Quinn stated that on 04-23-16, she and Hutchinson went to
the store and Sabu was working. Carson-Quinn stated that
they spoke with sabu and planned to meet him back at the
store at 11 :30 p.m. Carson-Quinn stated that they would reg-
ularly hang out at the store with Sabu after it closed because
Sabu was basically living at the store.
Carson-Quinn stated that she and Hutchinson arrived at the
store at about 11:30 p.m. and Sabu let them in. Carson-Quinn
stated that she warmed up some food and ate and they watched
a movie. Carson-Quinn stated that on 04-24-16 at about
1 :00 a.m., Sabu stated that he was tired and she and Hutchinson
began to gather their things. She then heard Hutchinson ask
Sabu to see "the baby," meaning sabu's gun that he carried
in a holster in his pocket. Carson-Quinn stated that she did
not see Sabu give Hutchinson the gun, but Hutchinson walked
past her with a gun in his hand. Carson-Quinn stated that as
Hutchinson walked past her, he gave her a look like go up front
22. and she knew it was about to happen. Hutchinson stated that
she walked to the front of the store and she then heard two
gunshots. Carson-Quinn stated that she then grabbed about
six or seven packs of Newport 100's cigarettes and then went
to the back of the store to get her portable DVD player. carson-
Quinn stated that as she walked past Sabu, she could see that
he was bleeding out. Carson-Quinn stated that after she got
her DVD player she and Hutchinson left the store.
The following report was written by Detective Jeff Sullivan. It
has been edited for length and clarity.
In-Custody Mirandized interview of
Terrence Hutchinson on 4-25-2016
This interrogation was audio/Video recorded and occurred
in room 624 of the Police Administration building. The audio/
video began at 10:02: 13, at which time I read Mr. Hutchinson
his Miranda rights. He indicated to us that he understood
them, knew they were his rights and would answer ques-
tions relative to his arrest.
Hutchinson initially stated, "I made a mistake ... I acciden-
tally." He went on to say that he shouldn't have been playing
(Continued)
23. 42
(Continued)
with the gun. He said that the victim, whom he referred to
as Sabu or "big bro," let him and his girlfriend "Shay" into the
store after hours where they watched DVD movies, drank
and smoked. Hutchinson said that one point Sabu brought
out a revolver, which Hutchinson referred to as "baby."
Hutchinson went on to say that it was an accident, it wasn't
supposed to happen and that he was "goofing around."
Hutchinson said that he fired two gunshots from that gun
at some point and initially indicated the first gunshot was
an accident. He then panicked after that gunshot and got
nervous and scared. Following that first gunshot Hutchinson
indicated that Sabu fell to the ground and was saying
to Hutchinson "Trill, why?" "Trill" is a nickname given to
Hutchinson by an uncle many years ago. He said he fired
the second gunshot because he didn't want to get in trouble
and that during the shots Shay "was doing what she was
24. doing." Hutchinson said following the two gunshots he and
Shay left, at which point Shay called her friend, "Sheena" and
Sheena arrived and drove them both to her house on N 5th
St. Hutchinson said that he and Shay then went to his home
at 6413 N 8th St., changed clothes, and put the clothes he
had been wearing; shirt, shoes, pants and baseball cap in a
garbage bag and threw them in the dumpster.
Hutchinson said that after he shot Sabu he went through
his pockets to see if he had a few dollars for the bus for
him to leave. He said he took the gun with him, thinking he
could hide it. He later indicated that the gun police recovered
was not the gun he used. He said that he used his shirt to
open the store door following the shooting to avoid leaving
fingerprints.
I explained to him that the video shows him pointing the gun
at the victim's back. He indicated that he was unaware that
the gun was loaded when he pulled the trigger. He said he
fired the second shot because he didn't want to victim telling
25. the police on him.
Hutchinson also acknowledged that when they entered the
store that evening he did ask Sabu to "see the baby" (gun).
Hutchinson initially maintained that the gun police recovered
in the house when he was arrested was the gun used in this
offense. When challenged about his intent prior to the gun-
shots he said, "All this was planned when the first shot was
fired." He said he just wanted to hurt Sabu with that first
gunshot. He said that prior to firing the first gunshot, he was
thinking how hard it was to find a job and the fact that he
has a child on the way due in several months. He figured if
CRIMINAL INVESTIGATION
the victim had $400-$500 on him it would help him in his
situation. Hutchinson went on to say that he knew Sabu had
a gun in the store as he has seen it several t imes in the past
and believed it was a .38 caliber revolver.
During the interrogation of Hutchinson, we learned that the
gun recovered by police was not the gun used in this offense.
26. First Hutchinson said that the gun used in this offense was at
a house in the area of N 1st W Keefe, that after the shooting
he gave it to a male he knew as "Jeff" and told him to get
rid of it.
At 11 :38:50 we took a break and returned at 11 :47:05. The
conversation continued as to the location of the gun used
in this offense. We then confronted him about his truthful-
ness as to the location of the gun and then he said the gun
used was in a basement storage area at 6413 N 8th St., an
apartment building that he and his future child's mother
reside in. He said that his soon-to-be child's mother, Sherry
Salon, lives in #2 and a male he knew as "Jeff" lives in #1.
Hutchinson said that following the shooting, he and "Shay"
walked to 6413 N 8th St., where he gave "Jeff" the revolver
and believed "Jeff" put it in the storage area in the basement.
The interrogation ended at 12:11 :25 and the video was
turned off at 12:22:08. I returned Hutchinson to central book-
ing where he asked me to pass a message on to the co-
27. defendant, Shannon Carson-Quinn. He wanted to tell her that
he loved her and that he hoped she was not mad at him for
getting her involved in this situation. I did pass this informa-
tion on to Ms. Carson-Quinn and related her response back
to Hutchinson where she indicated she was not mad at him.
on 4/25/16 Detective Jeff Sullivan and I were notified that the
subject we interviewed earlier in the day wanted to speak to
us again. I made contact with Terrence Hutchinson at his cell
and escorted him to Room 624 again. Hutchison was again
read his constitutional rights. He stated that he understood
these rights and wanted to make a statement. Hutchinson
stated that he wanted to tell us the exact location of the gun
he used.
Hutchinson indicated that the gun was at 6413 N 8th St. in the
basement storage room. He was then able to give a detailed
description of exactly where he placed the gun. Hutchinson
explained the descriptions of boxes and plastic bins in the
area of where he placed the gun. Hutchinson also described
28. that the storage room was never locked. He related that his
friend, Donald, let him come and go from the room. He said
Chapter 3 • The Role and Documentation of Evidence in
Criminal Investigations 43
PHOTO 3.1: This photo shows the inside of the store where
the homicide occurred.
that Donald is married but he couldn't remember Donald's
wife's name.
PHOTO 3.2 : Investigators searched for the fingerprints of the
suspects at the store to support their confessions and to
confirm their presence at the crime scene. Here it can be seen
that the microwave oven at the store was examined for
fingerprints.
Note: Photos 3.4, 3.5, 3.6, and 3.7 also relate to this
investigation.
He then informed us that he had dropped the victim's
keys into a hole with water in it in the basement. From the
description, the "hole" described may be a sump pump hole.
He again gave a very distinctive description of the location
and description of the hole. From his description, this hole or
sump pump was in a "common area" of the basement.
29. The interview ended at approximately 3:50 p.m. I then
escorted Hutchinson back to the central booking area. No
further information at this time.
On the other hand, indirect evidence, which is also known as
circumstantial evidence, con-
sists of crime-related information in which inferences and
probabilities are needed to draw
an associated conclusion. For example, in the Stanley Van
Wagner case, the fact that the gun
used to kill Stanley was the same caliber gun as the one owned
by his wife is best considered
circumstantial evidence that Amy killed Stanley; it does not
necessarily mean that Amy
definitively killed Stanley. If a witness saw Amy shoot Stanley,
that information would be
direct evidence that Amy killed her husband because no
inferences would be needed to
draw the conclusion.
Of course, from an investigator's perspective, the ultimate
conclusions that need to be
drawn are that a crime occurred and that the suspect committed
the crime; however, there
may be other conclusions that would be useful to establish as
well. As a result, when deter-
mining whether evidence is direct or circumstantial, an
investigator needs to consider the
conclusion he or she is trying to establish. Consider Case in
Point 3.1. Some items in the
store had Shannon Carson-Quinn's and Terrence Hutchinson's
fingerprints on them. Were
the fingerprints direct evidence or circumstantial evidence? It
depends on the conclusion the
investigator is trying to establish. The fingerprints on the
30. microwave oven would be best
considered direct evidence that the suspects were in the store
and touched the microwave
but circumstantial evidence they were responsible for the
murder.
It is important to understand that the distinction between direct
and indirect evidence
depends entirely on the need for inferences to draw the
associated conclusion; it does not
depend on the likelihood that the evidence is valid. For
example, a statement from an eye-
witness claiming she saw the victim alive on Saturday is best
considered direct evidence that
the victim was alive on Saturday, regardless of the possibility
that the eyewitness is mistaken.
The possibility that the witness is wrong does not make the
evidence circumstantial.
Indirect evidence:
Evidence that requires
inferences in order to
draw a conclusion; also
known as circumstantial
evidence.
44 CRIMINAL INVESTIGATION
Circumstantial Evidence Is Not Very useful
Circumstantial evidence is often viewed as less valuable
than direct evidence in establishing proof. It is sometimes
believed that a person cannot be convicted of a crime based
31. on circumstantial evidence alone. This is not true. In fact, cir-
cumstantial evidence can be quite powerful in establishing
proof-perhaps even more influential than direct evidence,
especially if there is a sizable amount of circumstantial evi-
dence that can be presented. As shown in the chapter intro-
duction case, a defendant can certainly be convicted of a
crime based only on circumstantial evidence.
There are many different types of circumstantial evidence. First,
a person's physical abil-
ity to commit a crime can be introduced as circumstantial
evidence of guilt or innocence.
For example, consider again the case of Amy Van Wagner. She
knew how to use a gun,
she had access to the gun used to kill the victim (it was her
gun), and the victim was shot
from behind, requiring no extraordinary abilities to fend off the
victim's resistance.
Second, an alibi, or the lack of an alibi, may be best considered
circumstantial evidence. An
alibi is a claim on the part of a suspect that he or she was
somewhere other than at the crime
scene at the time of the crime. The primary issue associated
with an alibi as evidence is its
believability. Because alibis are often established by friends of
the suspect or by the suspect's
own account (e.g., "I was home in bed by myself"), they are
often not believed by investiga-
tors or jurors. An alibi could be considered exculpatory
evidence, or the lack of an alibi
could be considered inculpatory evidence. In either case an alibi
32. (or lack thereof) is best
considered circumstantial evidence. From a suspect's
perspective, one of the problems with
alibis is that they are often difficult to precisely establish and
prove. Yes, Amy Van Wagner
was verified to be at work at 8:00 a.m. on Friday, but as an alibi
that is not useful if the
murder occurred at 5:30 a.m. As another example, consider the
case of Steven Avery (see
Chapter 15). Avery was wrongfully convicted of sexual assault
in 1986 and spent eighteen
years in prison before he was cleared of the crime through DNA
analysis. Avery had sixteen
witnesses (including friends, family, and clerks at a store) and a
store receipt that corrobo-
rated his alibi, but the jurors did not believe this evidence. They
believed the victim who
(incorrectly) identified Avery as the attacker. The Avery case is
not unique. In many wrongful
conviction cases, alibis are presented but not believed.
Third, MO, or the method in which the crime was committed,
may be considered circum-
stantial evidence. In particular, if a series of crimes are
committed in a particular manner,
and a defendant has been linked to one of these crimes through
other evidence, one could
infer that the defendant committed the other, similar crimes as
well. The reasonableness of
the inference may depend strongly on the uniqueness of the MO.
For example, if a series of
house burglaries took place in early afternoons in the same
neighborhood in which entry
was gained by breaking a window and only jewelry was taken, it
might allow investigators
to infer that whoever committed one of the crimes also
33. committed the others.
Fourth, the existence of an identifiable motive (or lack thereof)
may represent circumstan-
tial evidence of guilt or innocence. Motive-a reason why the
crime was committed-is an
important dimension of identifying a perpetrator. If a motive
such as anger, revenge, greed,
or jealousy on the part of the perpetrator can be established, one
may infer that the defen-
dant committed the crime. It was suggested by the prosecutors
in the Amy Van Wagner
murder trial that she killed her husband because he threatened
to divorce her for stealing
his money.
Chap&er 3 • The Role and Documentation of Evidence in
Criminal Investigations
PHOTO 3.3: This subject was apprehended with a pocket full of
cash near a gas station that was just
robbed. This is circumstantial evidence that he committed the
crime.
Fifth, if an individual is found to be in possession of the fruits
of the crime, this evi-
dence could be used to infer that person is guilty of the crime.
For example, if a per-
son is found in possession of a cell phone that was taken in a
robbery, it might
indicate that person committed the robbery. However, that
person could have come
into possession of the cell phone in some way other than being
the one who actually
34. took it.
Sixth, the existence of prior threats made by the suspect or
similar prior behaviors exhibited
by the suspect may be introduced as circumstantial evidence of
that person's guilt in a
crime. If Amy Van Wagner had previously made threats to do
harm to her husband, it
would have been powerful circumstantial evidence that she
killed him.
Seventh, character witnesses can be introduced to help establish
the innocence of the defen-
dant. Character witnesses are used by the defense to bring
evidence to court that the defen-
dant is incapable of committing a crime like the one in question.
For example, witnesses
testified that Amy and Stanley were in love and that she could
never have killed him.
Finally, evidence concerning an individual's attempts to avoid
apprehension after the crime
occurred can be used to infer guilt.
• Testimonial, Real, Demonstrative,
and Documentary Evidence
Just as all evidence can be considered either direct or indirect,
all evidence can be classified
as either testimonial, real, demonstrative, or documentary.
45
46
Kelly Dwyer, twenty-seven, was last seen on a security camera
35. entering her friend Kris zocco's apartment building in October
2013. She was not seen leaving, and she was never seen alive
again. The investigation naturally focused on zocco, and in
the process child pornography and drugs were found in his
possession. He was convicted and sentenced to prison on these
charges, but Dwyer's body was never found. zocco claimed she
had left the building and that he had nothing to do with her dis-
appearance. In May 2015 Dwyer's remains were found along a
roadway about sixty miles from Zocco's former apartment. The
cause of death could not be determined. Subsequent to the
discovery of Dwyer's body, zocco was charged with her mur-
der. As outlined in the criminal complaint, the evidence against
him was entirely circumstantial specifically the following:
• A twenty-six-second video recovered from zocco's cell
phone recorded one month before Dwyer disappeared
depicted a sex act that hampered her breathing.
• zocco had a history of performing violent sexual acts
with girls and women, including bondage and potentially
lethal sexual asphyxia, dating back to when he was
sixteen years old.
• zocco had a history of stalking girls and women who
36. ended relationships with him; he exhibited controlling
behavior toward girls and women and had a short
temper. one witness had sought a restraining order.
Another told her husband that if anything happened to
her the police should look at zocco first.
• Dwyer's friends had observed bruising to Dwyer's neck
and wrists after she spent time with zocco in the weeks
prior to her disappearance.
• A witness said Zocco had a large golf bag in his living
room. It was there about two weeks before Dwyer
TESTIMONIAL EVIDENCE
CRIMINAL INVESTIGATION
disappeared. When a search warrant was executed on
the apartment after Dwyer was reported missing, the
golf bag was gone, but a set of golf clubs remained in the
apartment.
• The SIM card in zocco's phone was removed from
the device for seventeen hours between 7:43 p.m. on
October 11 and 2:41 p.m. on October 12. During this
period the GPS information generated by the phone or
apps could not be collected.
37. • zocco had purchased a pair of new shoes from a Sports
Authority store, about thirteen miles from where Dwyer's
body was found.
• Prosecutors believe zocco had dinner and spent the
night with a woman as Dwyer's body sat inside the golf
bag in the trunk of his car.
• zocco's housekeeper said zocco never cleaned up
after himself. However, cleaning supplies found to have
zocco's, and Dwyer's DNA on them were found in the
apartment. The housekeeper said she hadn't bought the
items or put them there.
• Dwyer's skeletal remains were found facedown and
extremely contorted, with one of her arms bent at a
severe angle behind her back and a leg bent up
under her, indicating that she probably was placed
into some kind of container shortly after death and
her body went into rigor mortis while in that
container.
All of these "circumstances" together raise serious ques-
tions about zocco's responsibility in the death of Dwyer. As
of this writing in October 2017, the case was awaiting trial.
Testimonial
evidence: Evidence
that is in the form of
words spoken in court
38. by a person under oath.
Lay witnesses:
Persons who provide
testimonial evidence
based on facts
personally observed.
Testimonial evidence is evidence presented in court through·
witnesses speaking under oath
who would be committing perjury if they did not state what they
believed to be the truth.
Testimonial evidence often begins as statements made to the
police. Witnesses can be con-
sidered either lay witnesses or expert witnesses. Lay witnesses
are individuals whose testi-
mony is limited to the facts as personally observed. In some
situations lay witnesses may
also offer judgments as they relate to the particular case at hand
(e.g., "In my best judg-
ment, the person I saw running through my backyard was about
6' tall").
Expert witnesses are persons who possess special knowledge
about a particular issue or
phenomenon under examination (e.g., ballistic comparisons,
DNA analysis, estimation of
Chapter 3 • The Role and Documentation of Evidence in
Criminal Investigations
time of death). Expert witnesses often hold academic or
scientific positions and have expert
knowledge of the issue at hand. They are able to express their
39. opinions about the issue in
court and speak about hypothetical cases. Ideally, the function
of expert witnesses is to help
the jury or judge understand the complex issue under
consideration-to basically educate
the jury.
One form of testimonial evidence is hearsay. When someone
repeats information that
someone else said, it is hearsay. Sometimes considered gossip
or secondhand information,
hearsay is most often excluded from consideration in court
proceedings because it is con-
sidered unreliable. The serious concerns about the reliability of
hearsay are that (1) the
person who made the original statement was not under oath and
therefore was not obli-
gated to tell the truth and (2) the person who originally made
the statement cannot be
cross-examined to test his or her perception, memory, veracity,
and ability to be articulate.
To avoid the potential problems of hearsay, investigators need
to get information "from the
horse's mouth." For example, suppose a lawyer has a witness
with critical information
about the crime, but this witness would not likely leave a
favorable impression on the jury
and probably would not be believed by the jury. The witness is
sloppy, not very articulate,
and of questionable mental competence. Without the hearsay
rule that excludes most hear-
say evidence, the lawyer could have this witness meet with
another individual who would
have a much more favorable impression on a jury. This second
potential witness is bright,
articulate, and attractive. The sloppy witness could tell the
40. articulate witness the relevant
points of the testimony and then the lawyer could call the
articulate witness to testify.
Clearly, this hearsay testimony could raise all sorts of questions
about fairness and the
discovery of the "truth."1
As with just about every legal rule, there are exceptions to the
hearsay rule, and there are
instances when hearsay is admissible as testimony in court. For
example, previously recorded
testimony that was provided under oath and was subject to
cross-examination is admissible
as hearsay as long as the witness is no longer available. Dying
declarations of a victim may
be admissible in court through hearsay. Statements made by a
defendant can be admitted in
court as hearsay; especially useful in this regard are admissions
and confessions. An admis-
sion involves acknowledging some aspect of involvement in the
crime (e.g., "I was at the gas
station at about midnight"), whereas a confession involves
acknowledging the actual involve-
ment in the crime (e.g., "I robbed the gas station at about
midnight"). Given a defendant's
right to remain silent, unless he or she chooses to testify, the
only way a defendant's state-
ments may be presented in court is through hearsay.
Furthermore, if the defendant chooses
not to testify, a claim on his or her part that the statements were
not subject to cross-examina-
tion would be odd (the statements were not subject to cross-
examination because the defendant
chose not to testify). There are several other, seldom
encountered exceptions to the hearsay
rule.2 See Case in Point 3.3 for an example of unusual hearsay
41. evidence that played a critical
role at trial.
REAL EVIDENCE
Real evidence is also known as physical evidence, scientific
evidence, or forensic evidence.
Real evidence refers to tangible objects that can be held or seen
and that are produced as
the direct result of the commission of a crime. Examples of real
evidence include blood
splatters on a wall, semen recovered from a victim, and the
knife used to kill a victim. In the
Amy Van Wagner case, the blood on the carpet and the shell
casings on the floor were real
evidence. All real evidence introduced in court must be
accompanied by testimony that
demonstrates the evidence complies with the rules of evidence
(see Chapter 4).
DEMONSTRATIVE EVIDENCE
Demonstrative evidence refers to tangible objects produced
indirectly from a crime that
relate to the crime or the perpetrator. For example, diagrams or
videos of the crime scene
Expert witnesses:
Persons who provide
test imonial evidence
based on expert
knowledge of a
particular issue.
Hearsay: A form of
testimonial evidence
that is secondhand or
repeated information.
42. Real evidence:
Evidence produced as
the direct result of the
crime having occurred;
it can be held or seen.
47
Demonstrative
evidence: Tangible
objects produced
indirectly from a crime
that relate to the crime
or the perpetrator.
48 CRIMINAL INVESTIGATION
CASE in POINT 3·3 . A Homicide Victimls
' Letter to the Police
A husband was accused of killing his wife by poisoning her.
She had suspected he was going to kill her, so she had writ-
ten a letter to a detective at the local police department. She
gave the letter to her neighbor with instructions to give it to
the detective if she were to die. The letter was written on
November 21; the woman was found dead in her home on
December 3. The letter was admitted at trial as evidence as
43. an exception to the hearsay rule. The letter read as follows:
the brief affair I had with that creep seven years ago.
Mark lives for work + the kids; he's an avid surfer of
the Internet.
Anyway-I do not smoke or drink. My mother was an
alcoholic, so I limit my drinking to one or two a week.
Mark wants me to drink more with him in the evenings.
I don't. I would never take my life because of my kids-
they are everything to me! I regularly take Tylenol +
multi-vitamins; occassionally [sic] take OTC stuff for
colds; zantac, or lmmodium; have one prescription for
migraine tablets, which more use more than I.
Pleasant Prairie Police Department, Ron Kosman
or Detective Ratzenburg-1 took this picture+ am
writing this on Saturday 11-21-98 at 7am. This "list"
was in my husband's business daily planner-not
meant for me to see. I don't know what it means,
but if anything happens to me, he would be my first
suspect. Our relationship has deteriorated to the
polite superficial. I know he's never forgiven me for
I pray I'm wrong + nothing happens ... but I am
suspicious of Mark's suspicious behaviors +fear for
my early demise. However I will not leave [my two
44. sons]. My life's greatest love, accomplishment and
wish: My 3 D's-Daddy (Mark), [deleted] +[deleted].
Documentary
evidence: Evidence
that is in some form of a
document.
Julie c. Jensen
may be produced by investigators for evidentiary reasons and
used in court, photographs
of a victim (or a victim's injuries) may be produced and used in
court, and radiographs
showing injuries to a viCtim may be introduced in court.
Photographs, videos, diagrams,
and medical records are all common forms of demonstrative
evidence.
DOCUMENTARY EVIDENCE
As the name suggests, documentary evidence refers to any
evidence in the form of a
document or to evidence that documents some issue related to
the crime. Examples
would be printed e-mails or other documents relating to the
crime, bank statements,
and surveillance video. Evidence extracted from electronic
devices, such as cell phone
text messages, would also usually be best considered
documentary evidence. This evi-
dence is also referred to as digital evidence. The evidentiary
value of documentary
evidence is limited to the content of the document. For example,
if a cell phone is intro-
45. duced as evidence because of the fingerprints on the phone, the
phone (and fingerprints)
would be best considered real, not documentary, evidence.
However, if the phone is
evidence because of photos on it, the photos would best be
considered documentary
evidence. ·
Sometimes the lines are blurred between testimonial evidence,
documentary evidence, real
evidence, and demonstrative evidence. For instance, in Case in
Point 3.3, the actual letter
written by the decedent would be best considered documentary
evidence, but what was said
in the letter would best be considered testimonial evidence
(hearsay). If there was a question
about whether the victim actually wrote the letter, the
handwriting would best be consid-
ered forensic (real) evidence. A video that captured a crime as it
occurred would best be
Chapter 3 • The Role and Documentation of Evidence in
Criminal Investigations
PHOTO 3.4: Bullets are best considered real evidence. Shown
here is one of the bullets recovered from
the convenience store homicide discussed in Case in Point 3.1.
Notice its deformity as the result of
striking the floor.
PHOTO 3.5: Crime scene photographs are best considered
demonstrative evidence. The photograph
here shows some of the clothes worn by the victim in Case in
Point 3.1.
46. considered documentary evidence because the video was
produced as a direct result of the
crime. A crime scene sketch would be demonstrative evidence,
not documentary evidence,
because that evidence was produced only indirectly as a result
of the crime and only after
the crime occurred.
49
50
Corpus delicti
evidence: Evidence
that helps establish that
a crime occurred.
Corroborative
evidence: Evidence
that supplements and
strengthens already-
existing evidence.
Cumulative
evidence: Evidence
that duplicates but
does not necessarily
strengthen already-
existing evidence.
Associative
evidence: Evidence
that links people, places,
47. and things to each other.
Identification
evidence: Evidence
that has as its purpose
the identification of a
person.
Behavioral evidence:
Evidence that provides
a basis on which to
identify the type of
person who committed
a crime.
CRIMINAL INVESTIGATION
• • • The Functions of Evidence
Evidence, be it testimonial, real, demonstrative, documentary,
circumstantial, or direct, may
serve various purposes or functions in establishing proof. In this
sense, evidence can be
classified as corpus delicti evidence, corroborative evidence,
cumulative evidence, associa-
tive evidence, identification evidence, or behavioral evidence.
CORPUS DELICTI EVIDENCE
Corpus delicti evidence refers to evidence that establishes a
crime actually occurred. For
example, a dead body with knife in its back is best considered
corpus delicti evidence that
a homicide occurred. The presence of semen recovered from a
victim may help establish
that a rape occurred (of course, the presence of semen does not
always prove that a rape
48. occurred, just as the absence of semen does not always prove
that a rape did not occur). A
victim's statement that property is missing from his or her house
and that no one had per-
mission to take it establishes that a burglary occurred. In cases
such as these, the dead body,
the semen, and the victim's statement constitute corpus delicti
evidence.
CORROBORATIVE EVIDENCE
Corroborative evidence is evidence that is supplementary to the
evidence already available
and that strengthens or confirms that available evidence. For
example, a male suspect is
apprehended near a burglary scene and his fingerprints are
collected from the scene. The
fingerprints would corroborate the statements of a witness who
saw the suspect running
from the house with a television.
CUMULATIVE EVIDENCE
Cumulative evidence is evidence that duplicates but does not
necessarily strengthen
already-existing evidence. For example, when investigators find
five witnesses (as opposed
to just one) who can provide the same details about the same
incident, this constitutes
cumulative evidence.
ASSOCIATIVE EVIDENCE
Associative evidence is evidence that can be used to make links
among crimes, crime scenes,
victims, suspects, and tools or instruments. Evidence may also
prove to be dissociative,
showing a lack of association between crime scenes, victims,
and so forth. Most evidence
49. in criminal investigations is used to establish associations.
IDENTIFICATION EVIDENCE
Evidence that leads to the identification of a person is
considered identification evidence.
Fingerprints and DNA most commonly serve this purpose.
Fingerprints and DNA may be
recovered from a crime scene, and through the use of an
automated computerized search,
the perpetrator may be identified. Dental evidence can also be
used to make identifications,
usually of dead bodies.
BEHAVIORAL EVIDENCE
Behavioral evidence provides a basis on which to identify the
type of person who might be
responsible for a particular crime and considers directly the
nature of the crime and how it
was committed. Behavioral evidence constitutes the basis on
which a psychological/crime
scene or geographical profile may be built or on which
linguistic analysis may be con-
ducted. Behavioral evidence is discussed in more detail in
Chapter 8.
Chapter 3 • The Role and Documentation of Evidence in
Criminal Investigations
PHOTO 3.6: An empty box of cigarettes located at the
convenience store crime scene from Case in
Point 3.1 .
PHOTO 3.7: Upon conducting a search of the house of one of
the suspects, several packs of cigarettes
50. were found in the corner of the bedroom by the bed. The
cigarettes associated the suspect to the crime
scene and served as associate evidence.
• • Documenting Evidence: The Value
and Importance of Investigative Reports
Reports are written documents that contain information relating
to a criminal incident and
its investigation. As illustrated in the police report excerpts
provided in Case in Point 3.1 in
51
52 CRIMINAL INVESTIGATION
PHOTO 3.8: In the process of being attacked in a vehicle, a
woman broke her fingernail.
PHOTO 3. 9: When the vehicle was recovered, a broken
fingernail was discovered. The fingernail
associated the victim with the vehicle.
this chapter, as well as in the police reports included in
Chapters 6, 10, 11, 12, and 13,
investigative reports contain information about the criminal
incident (e.g., who, what,
where, when, and sometimes why and how). They are used to
document the activities per-
formed in the investigation and the information uncovered as a
result of those activities.
This could include, for example, witness statements and
identifications, the presence of
physical evidence recovered from the crime scene, and/or the
confession obtained from the
51. Chapter 3 • The Role and Documentation of Evidence in
Criminal Investigations
perpetrator. Investigative reports may also include details on the
offender's MO and
descriptions of the suspect, the suspect's vehicle, and the
property taken. Incident reports
are most often written by patrol officers at the conclusion of the
initial investigation.
Supplementary reports typically consist of a narrative that
describes in more detail the leads
in the case, the sources of the leads, the results of the leads, and
statements from witnesses
and suspects. Supplementary reports are most often completed
by detectives on an ongoing
basis throughout a follow-up investigation.
It is difficult to overemphasize the importance and value of
well-written and thorough
reports in investigations. Report writing is an extremely
important skill and activity for
police officers and detectives. Investigative reports reflect the
writer's education, intellect,
training, and competence as an investigator, similar to how the
papers you write in college
are a reflection of your capabilities as a student. Most police
departments do not "grade"
officers' reports; however, reports are usually reviewed by
supervisors for style, form, com-
pleteness, and accuracy. Indeed, contrary to what is portrayed in
television detective dra-
mas, a considerable amount of investigators' time is spent
simply reading and writing
52. reports.
Investigative reports may be read by numerous people for
various reasons. Other police
officers, investigators, and supervisors certainly read reports,
and so do prosecuting attor-
neys, defense attorneys, judges, citizens, the media, and others.
Each person who reads a
report may have a different reason for doing so. Police
supervisors may read reports in
order to determine whether a case should receive a follow-up
investigation or to manage
progress and activities in investigations. Investigators may read
reports to determine what
has been done in the investigation and what activities still need
to be performed.
Investigators often review their own reports when testifying in
court to refresh their mem-
ory of the crime and the investigation. Prosecutors read reports
to become familiar with the
conduct of the investigation and the evidence in the case. They
use reports in order to
determine whether charges should be pursued against a suspect
and, if so, what those
charges should be. They also use them to prepare cases for trial.
Like prosecuting attorneys,
defense attorneys read investigators' reports to become familiar
with the investigation and
the evidence in the case. Defense attorneys often question
investigators about their reports
when the investigators testify in court. Finally, judges may
review reports to familiarize
themselves with the evidence in the case, to understand how the
investigation was con-
ducted, and to review the legality of officers' and investigators'
conduct.
53. For all these reasons, it is critically important that reports be
well written, accurate, com-
plete, and in proper form. Police officers and investigators
typically receive numerous hours
of training regarding the technical aspects and requirements of
report writing in their
respective agencies. Briefly, several basic rules can be
identified for writing good reports: 3
• Reports should be well organized. The
narrative of the report should identify,
in chronological order, the activities
performed by the investigator who
wrote the report, and it should identify
the information/evidence obtained as a
result of those activities.
• Reports should be factual, specific,
and detailed. Opinions, personal
beliefs, and summary conclusions
should not be included in reports.
Conclusions may not be justified,
may be ambiguous, and may be
misinterpreted. For example, instead
of writing, "She then confessed to the
crime," the words actually spoken
should be included in the report.
• Reports should be written in past
tense, first person, and active voice.
For example, "I then spoke with
Mr. Roberts. He stated that he was at
home with his two children between
6:00 p.m. and 7:00 p.m." is preferred
54. over "Mr. Roberts was then spoken
to. He states that between 6:00 p.m.
and 7:00 p.m., he was at home with
his two children." In addition to the
second statement being awkwardly
written, it is not even clear who spoke
with Mr. Roberts.
53
54
• Reports should be accurate. Details
matter. Details minimize the possibility
for misinterpretation and confusion.
Even basic errors, such as misspellings
of names, incorrect date of births, and
wrong addresses, can be significant,
especially when the report is in the
hands of a defense attorney who
wishes to question the competency of
an investigator. Little errors can lead
to big problems.
• Reports should be objective. All
facts that appear relevant should be
included, regardless if they support
the case or not. In addition, the
words used in the report should also
CRI MINAL INVESTIGATION
be objective. The best way to ensure
objectivity in word choice is to be as
55. factual as possible. Instead of writing
" Mr. Roberts had the appearance of a
gang member," write "Mr. Roberts had
a tattoo that read 'Vice Lords' on his
chest." Instead of writing "Mr. Roberts
claimed that he was at home," write
simply "Mr. Roberts stated that he
was at home." Interestingly, the word
stated is probably the most common
word included in investigative reports.
• Reports should be written in Standard
English. The rules of the English
language apply to investigative
reports. 4
Reporting and record-keeping processes and policies vary
considerably across agencies, as
do the actual reports completed by investigators. In most
agencies the process is computer
automated, so reports can be typed on computers or dictated. In
some agencies reports are
handwritten. Some agencies store and process reports
electronically, others manually. The
one consistent dimension across agencies regarding
investigative reports is that much of
investigators' time is spent reading and writing them.
MAIN POINTS
1. Criminal evidence is any crime-related information
on which an investigator can base a decision
or make a determination. Evidence is used to
establish proof that a crime was committed and
56. that a particular person committed that crime.
2. Judicial evidence is evidence that is admissible in
court and meets the rules of evidence; it is often
referred to as admissible evidence. Extrajudicial
evidence is any information on which an
investigative decision can be based but that is not
allowed in court proceedings; it is often referred to
as inadmissible evidence.
3. Exculpatory evidence is evidence that tends to
exclude or eliminate someone from consideration
as a suspect. lnculpatory evidence is evidence that
tends to include or incriminate a person as the
perpetrator.
4. Probable cause exists when it is more likely
than not that a particular circumstance exists.
Probable cause is the standard of proof of most
direct relevance to investigators in solving crimes,
especially when conducting searches and making
arrests. Proof beyond a reasonable doubt is the
standard of proof needed in a trial to conclude that
a defendant is guilty of a crime. In order for police to
legally stop and frisk an individual, the police have
to have a reasonable suspicion about that person's
involvement in or association with a criminal act.
s. Direct evidence refers to crime-related information
that immediately demonstrates the existence
of a fact in question. As such, no inferences or
57. presumptions are needed to draw the associated
conclusion. On the other hand, indirect evidence,
which is also known as circumstantial evidence,
consists of crime-related information in which
inferences and probabilities are needed to draw an
associated conclusion.
6. Testimonial evidence is evidence that is presented
in court through witnesses speaking under oath.
Testimonial evidence often begins as statements
made to the police.
Chapter 3 • The Role and Documentation of Evidence in
Criminal Investigations 55
7. Lay witnesses are individuals whose testimony
is limited to the facts as personally observed.
Expert witnesses are persons who possess special
knowledge about a particular issue or phenomenon
under examination. Expert witnesses are able to
express their opinions about the issue in court and
speak about hypothetical cases.
8. When someone repeats information that someone
else said, it is hearsay. Hearsay is most often
excluded from consideration in court proceedings
because it is considered unreliable, although there
are several exceptions to the hearsay rule.
58. 9. Real evidence is also known as physical evidence,
scientific evidence, or forensic evidence. Real
evidence refers to tangible objects that can be held
or seen and that are produced as a direct result
of the commission of the crime. Demonstrative
evidence refers to tangible objects that relate to
the crime or the perpetrator and that are produced
indirectly from the crime. Documentary evidence
refers to any evidence in the form of a document
or to evidence that documents some issue directly
related to the crime.
10. corpus delicti evidence refers to evidence that
establishes that a crime actually occurred.
IMPORTANT TERMS
Corroborative evidence is evidence that is
supplementary to the evidence already available
and that strengthens or confirms it. cumulative
evidence is evidence that duplicates but does not
necessarily strengthen already-existing evidence.
Associative evidence is evidence that can be used
to link crimes, crime scenes, victims, suspects,
and tools or instruments. Evidence that can be
used to identify a perpetrator is considered to
be identification evidence. Behavioral evidence
provides a basis on which to identify the type of
59. person who may be responsible for a particular
crime and considers directly the nature of the
crime and how it was committed.
11. Reports are written documents that contain
information relating to a criminal incident and
its investigation. They are used to document
the particulars of a crime and the investigation.
Investigative reports may be read by numerous
people for different purposes.
12. Reports should be well organized; they should
be factual, specific, and detailed; they should be
written in past tense, first person, and active voice;
they should be accurate and objective; and they
should be written in Standard English.
Associative evidence, 50
Behavioral evidence, 50
Beyond a reasonable doubt, 39
Corpus delicti evidence, 50
Corroborative evidence, 50
Cumulative evidence, 50
Demonstrative evidence, 47
Direct evidence, 40
60. Documentary evidence, 48
Exculpatory evidence, 39
Expert witnesses, 46
Extrajudicial evidence, 39
Hearsay, 47
Preponderance of the evidence, 39
Probable cause, 39
Proof, 39
Real evidence, 47
Reasonable suspicion, 39
Standards of proof, 39
Testimonial evidence, 46
Identification evidence, 50
lnculpatory evidence, 39
Indirect evidence, 43
Judicial evidence, 38
Lay witnesses, 46
QUESTIONS FOR DISCUSSION AND REVIEW
1. What is the difference between judicial evidence
61. and extrajudicial evidence?
2. What is the difference between exculpatory
evidence and inculpatory evidence?
3. What is proof? What are the various levels or
standards of proof?
4. What is the difference between direct evidence and
indirect evidence? Is one type of evidence more
56
useful than the other? What are various types of
circumstantial evidence?
5. What are the differences between testimonial
evidence, real evidence, documentary evidence,
and demonstrative evidence?
6. What is hearsay? What is the hearsay rule? What
are the major exceptions to the hearsay rule?
7. What are lay witnesses and expert witnesses?
What is the role of each in court?
~SAGE edge™
Give your students the SAGE edge!
CRIM INAL INVESTIGATION
8. What are corpus delicti evidence, corroborative
62. evidence, cumulative evidence, associative
evidence, identification evidence, and behavioral
evidence?
9. Why are accurate, thorough, and well-written
investigative reports so important in criminal
investigations?
10. What are the rules to follow when writing
investigative reports?
SAGE edge offers a robust online environment featuring an
impressive array of free tools and resources for review, study,
and further exploration,
keeping both instructors and students on the cutting edge of
teaching and learning. Learn more at
edge.sagepub.com/brandl4e.
CHECK YOUR COMPREHENSION ON
THE STUDY SITE WITH:
• eFlashcards to strengthen your
understanding of key terms.
• Practice quizzes to test your
comprehension of key concepts.
• Videos and multimedia content to
enhance your exploration of key
63. topics
Yhffi Lffiww ffiffire# ffiffiffiffimrremffi
trffiwffiffiffififfiffiffififfircffi
Joe Raedle/cetty lmages News/cetty lmages
OBJECTIVES
After reading this chapter you will be able to:
• Discuss the qualities that
evidence must have in order for
it to be admissible in court.
• Explain the chain of custody, its
purpose, and why it is important.
• Define the exclusionary rule and
explain its impact on criminal
investigations and the criminal
justice process.
• Identify the Miranda warnings
and describe circumstances
under which the police must
notify suspects of their Miranda
rights.
64. • Discuss the role of arrest
warrants and search warrants
in the criminal investigation
process.
• Identify the ways the police may
attempt to "get around" the
Fourth Amendment.
• Discuss the impact of the
Miranda requirement on criminal
investigations and the criminal
justice process. • Define interrogation from
the perspective of the Fifth
Amendment.
• Discuss the exceptions to the
search warrant requirement.
From the CASE'; FILE
Ernesto Miranda'§Confession
Miranda v. Arizona (1966) is perhaps the most well-
known U.S. Supreme Court case ever decided. If a
person knows of any Supreme Court case, this is
probably the one. It is also the case most applicable
in law enforcement; in just about every investigation
in which a suspect is identified, Miranda applies.
However, despite being so well known and frequently
cited, the case is often misunderstood. The Miranda
decision was also extremely controversial. When
Miranda warnings were first instituted, the police
thought suspects were never again going to confess
to the crimes they committed. The police and many
law-abiding citizens believed the Supreme court
65. went too far in its protection of criminals' rights. Most
incredibly, there were calls for the impeachment of
the Supreme Court justices who were in favor of the
law; it is difficult to identify another case in which
that happened. Given the prominence of the Miranda
decision in the conduct of criminal investigations, it is
important to consider more closely the details of the
investigation that gave rise to the Miranda warnings.
In the early morning hours of March 3, 1963, in
Phoenix, Arizona, eighteen-year-old Kathy Midare (not
her real name) was on her way home after working
the evening shift at a local movie theater. It was
about 12:10 a.m. when she got off the bus to walk the
remaining short distance to her home. As Kathy was
walking, a car stopped about a block in front of her,
and a man got out of the car and walked toward her.
The man grabbed Kathy, put his hand over her mouth,
and dragged her to his car. Once in the back seat
of the car, the man tied her hands behind her back
and then tied her ankles. He drove for about twenty
minutes to the desert and then raped her in the back
seat of the vehicle. He took $4 from her then drove her
back to the city and let her out of his car a half mile
from her house. He then drove off.
The police were notified of the incident by Kathy's
sister, who was home when Kathy arrived. Kathy told
the police that the man appeared to be in his late
twenties, was Mexican, had a scant mustache, was
about 6' tall, and weighed about 175 pounds. He had
short, black curly hair and was wearing blue jeans,
a white shirt, and glasses. She described the car as
either a Ford or a Chevy and said that it was light
green with brown upholstery. She noted that a loop of
66. rope was hanging from the back of the front seat of
the car. The statement she provided to the police was
confusing, but Kathy was mentally disabled.
on March 11, as the police were looking for the man
who attacked Kathy, her brother-in-law notified the
police that two days earlier he and Kathy had seen a
green car in the neighborhood that Kathy said looked
60
like the one driven by the attacker. He was able to
provide the police with a partial license plate number
and said the make of the car was a Packard. After
some searching the police were able to determine the
owner of the car was a Phoenix resident named
Twila N. Hoffman. Upon checking the address of
the woman, the police learned she and her live-in
boyfriend had just recently moved out of the house. on
March 13 the police tracked down the woman at
her new address and found the green Packard in the
driveway. In looking inside the car, an officer saw a
loop of rope hanging from the back of the front seat,
just as described by Kathy.
The pol ice found Ernesto Miranda asleep in the
house. Miranda was twenty-three years old and, it
was quickly learned, had a long history of delinquent
and criminal behavior. The police arrested Miranda,
transported him to police headquarters, and
placed him in a lineup with three other Mexican
Americans to be viewed by the victim. Kathy could
not positively identify Miranda as the perpetrator. In
the interrogation room, however, police told Ernesto
67. that he had been identified by the victim. After two
hours of questioning, he confessed to the kidnapping
and rape of Kathy Midare as well as two other recent
crimes-a robbery and an attempted rape. Police
then provided a sheet of paper to Miranda on which
to provide a handwritten confession. The following
disclaimer was at the top of the paper: "I, (Ernesto A.
Miranda), do hereby swear that I make this statement
voluntarily and of my own free will, with no threats,
coercion, or promises of immunity, and with full
knowledge of my legal rights, understanding that any
statement may be used against me."1 The confession
provided by Miranda was similar to the account
provided by his victim.
At the trial, which took place June 20, 1963, the
prosecutor presented Miranda's written confession,
along with testimony from the victim, her sister, and
the two police officers who found and questioned
Miranda. The defense did not present any witnesses
or evidence. The confession was admitted in court
despite the objections of Miranda's court-appointed
attorney, who argued to the judge that the confession
was coerced and therefore inadmissible. The judge
ruled that the case of Gideon v. Wainwright (1963)
offered the benefit of defense counsel at trial, not
upon arrest, and therefore the confession was legally
obtained and admissible. The jury found Miranda guilty
of rape and kidnapping, and he was sentenced to
twenty to thirty years in prison.
CRIMINAL INVESTIGATION
Miranda's attorney appealed the conviction to the
Arizona Supreme court with the argument that the
68. confession was not voluntarily offered. Meanwhile,
during this time and while Miranda was serving his
sentence in prison, the U.S. Supreme court ruled in the
case of Escobedo v. Illinois (1964) that defendants have
the right to an attorney at the interrogation stage of
criminal proceedings. However, because Miranda had not
requested an attorney at the time he was questioned by
the police, the Arizona Supreme court ruled the Escobedo
decision did not apply. The court upheld the conviction.
In June 1965 a request for review of the case by the
U.S. Supreme court was made by Miranda's new
defense counsel. In writing the appeal, the attorneys
framed the legal issue of the case as being whether a
suspect needs to be explicitly informed of his or her
right to counsel by the police or if suspects should
simply know those rights without being advised of
them. The court issued its decision on June 13, 1966.
Chief Justice Earl Warren wrote the sixty-page opinion
for the five-member majority. The court ruled that
the person in custody must, prior to
interrogation, be clearly informed that he has the
right to remain silent, and that anything he says
will be used against him in court; he must be
clearly informed that he has the right to consult
with a lawyer and to have the lawyer with him
during interrogation, and that, if he is indigent, a
lawyer will be appointed to represent him.
As a result of this decision, the conviction of
Miranda was overturned, but Miranda did not
go free. Prosecutors who won the original case
against Miranda decided to retry him on the rape
and kidnapping without the original confession as
evidence. At the new trial, Miranda's common-law wife
69. provided testimony that Miranda had earlier confessed
to her about the rape. Miranda was convicted again
and received the same sentence of twenty to thirty
years. Miranda was released on parole in 1972 after
serving a total of nine years for the crimes committed
against Kathy Midare.
During the following years, Miranda was cited on
several occasions for driving and traffic violations
and once for being in possession of a firearm. For
this arrest (and violation of parole) he was sent back
to prison for a year. In January 1976, after being
released from prison, Miranda got into a fight in a bar,
apparently over $5, and was stabbed to death. Ernesto
Miranda was thirty-six years old. No arrests for his
murder have been made.2
Chapter 4 • The Law and Criminal Investigations 61
PHOTO 4.1: Ernesto Miranda, the man responsible for the
Miranda warnings.
Case considerations and Points for Discussion
1. With regard to the investigation, what was the most
important evidence in the case that led to the initial
identification of Miranda as a suspect in the rape of
Kathy Midare?
3. How did the two Supreme court decisions of Gideon v.
Wainwright (1963) and Escobedo v. J/linois (1964) relate
70. to the decision made in Miranda v. Arizona (1966)7
2. What role did Miranda's confession to the police
have in solving the crime? How important was the
confession in obtaining the initial conviction?
4. The supreme Court provided two "qualifiers," or
circumstances, as to when the police must inform
suspects of their Fifth Amendment rights. What are
these two circumstances?
• • • Basic Legal Terminology
Before proceeding to a discussion of the qualities of evidence
and the legal procedures
involved in collecting evidence, it is necessary first to
understand some basic legal terminol-
ogy. The concepts of arrest, arrest warrant, search, and search
warrant are discussed here.
First, an arrest occurs when the police take a person into
custody for the purposes of criminal
prosecution and interrogation (Dunaway v. New York, 1979). If
a person is under arrest, that
person is in custody of the police. However, a person can be in
custody of the police but not
under arrest. To be in custody simply means that the person is
deprived of his or her freedom,
if only the freedom to leave. To be in police handcuffs does not
necessarily mean to be under
arrest, but a person in handcuffs is most likely in custody. The
surest way to know if a person
is under arrest is if that person is told by the police he or she is
71. under arrest. To place a person
under arrest, there must be probable cause that a crime occurred
and that the person in cus-
tody committed it. The surest way to know if a person is in
custody is if that person is not free
to leave. Citizens in custody have certain protections from the
police that people who are
under arrest do not have. In addition, citizens who are in
custody or under arrest must be told
of their Fifth Amendment rights (i.e., Miranda rights) prior to
questioning.
Arrest: An arrest
occurs when the
pol ice take a person
into custody for the
purposes of criminal
prosecut ion and
interrogation.
Custody: Generally
speaking, a person is in
custody of the police if
that person is not free
to leave.
62 CRIMINAL INVESTIGATION
To make things even more complicated, a person who is stopped
by the police is also not
free to leave but is not necessarily under arrest or in custody.
And, along with arrests and
stops, there are also encounters, or nonstops. A nonstop is an
encounter, confrontation, or
72. questioning of a subject by a police officer that requires no
justification. However, during
a nonstop the subject is legally free to leave.
There are occasions in which the police speak to prisoners in
jail or in prison. The Supreme
Court has ruled that an inmate is not in custody for Miranda
purposes simply by being incar-
cerated. As in other situations, if the subject is free to end the
questioning and leave the inter-
view, the subject is not in custody, even if he or she is
incarcerated (Howes v.
Fields, 2012).
The Bottom Line Second, an arrest warrant is a document
approved by a judge or magistrate
and provided to a law enforcement officer that authorizes the
arrest of the
named person believed to have committed an identified crime.
The over-
whelming majority of arrests made by the police are made
without an arrest
warrant because they are made in public. An arrest warrant is
required when
( 1) the police must enter a home to make an arrest, although if
there are exi-
gent circumstances or consent is given, the police do not need a
warrant to
enter or to make an arrest, and (2) when the police seek to make
an arrest of
a subject in a third party's home, although, again, if there are
exigent circum-
stances or consent given by the third party to enter the home,
the police do
not need an arrest warrant. By matter of policy, many police
73. departments
require that investigators obtain arrest warrants prior to making
arrests in
situations where time is less of an issue than when an officer is
confronted
with a criminal incident and suspect on the street. In any case,
arrests and
arrest warrants must be based on probable cause that a crime
occurred and
that the person to be arrested committed that crime. The arrest
warrant must
be issued by a neutral and detached magistrate, and it must
name the accused
or provide a specific description of the person so that his or her
identity is not
in question.
When Is an Arrest warrant
Necessary?
An arrest warrant is necessary
when the police enter a home
to make an arrest unless there
are exigent circumstances
that make immediate police
action necessary or the police
obtain consent to enter the
home. When the police enter
the home of a third party to
arrest a suspect, the police are
also required to have a search
warrant to enter that home,
unless exigent circumstances
exist or consent has been
74. obtained by the third party to
enter and search the home.
Third, a search can be defined as a governmental infringement
into a per-
son's reasonable expectation of privacy for the purpose of
discovering
things that could be used as evidence in a criminal prosecution
(Katz v.
Arrest warrant: A
document issued by a
judge that authorizes
the arrest of an
ind ividual.
Search: A
governmental
infringement into a
person's reasonable
expectation of privacy
for the purpose of
discovering things
that could be used as
evidence in a crimina l
prosecution.
Search warrant: A
document issued by a
judge that authorizes
a search of a person,
place, or veh icle for
purposes of seizing
evidence.
United States 1967). A reasonable expectation of privacy exists
75. when a person believes his
or her activity will be private and this belief is reasonable (Katz
v. United States 1967). A
seizure is an act of the police in taking control over a person or
thing (e.g., weapon, evi-
dence). Nearly all searches must be based on probable cause,
although, as discussed later,
there are exceptions.
Last, a search warrant is similar to an arrest warrant except that
it specifies the per-
son, place, or vehicle to be searched and the types of items to be
seized by the law
enforcement authority. Similar to arrests, most searches are
conducted without a
warrant.
When obtaining a valid search warrant, several requirements
must be satisfied:
• The search warrant must be based on
probable cause (Franks v. Delaware, 1978).
• The facts must be truthful (Illinois v.
Gates, 1983).
• Probable cause cannot be based on stale
information (United States v. Leon, 1984).
• Probable cause must be determined
by a neutral and detached magistrate
(Coolidge v. New Hampshire,
1971).
• The search warrant must be served
76. immediately.
• The search warrant must identify
what is to be seized and what is to be
searched (Maryland v. Garrison, 1987;
United States v. Leon, 1984 ).
Chapter 4 • The Law and Criminal Investigations
PHOTO 4.2: The police need a search warrant to conduct a
search unless the search involves a
situation in which a warrant is not necessary. Most searches
involve one of these situations; as a result,
most searches are conducted without a warrant.
63
There are generally three documents in a search warrant
application. First is
the search warrant itself. Second is the affidavit that provides
facts to estab-
lish the probable cause needed to support the warrant. Third is
the search
warrant inventory and return, which are completed after the
search warrant
has been executed and identifies the items seized. These
documents are filed
with the court that issued the warrant.
The Bottom Line
• • • The Rules and
Admissibility of Evidence
All evidence admitted into court for consideration by a judge or
77. jury must
have certain qualities. First, all evidence must be relevant. If
evidence is rele-
vant, then the evidence has some bearing on the case or on some
fact that is
trying to be established. For example, in one case child
pornography discov-
ered on a suspect's computer was considered relevant in a child
kidnaping
case, but "Peeping Tom" videos made by the suspect that
showed adult
women were ruled by the judge to not be relevant to the case.
When Is a search warrant
Necessary?
A search warrant is
necessary whenever an
exception to the search
warrant requirement
does not apply. These
exceptions can include
incidents involving exigent
circumstances, vehicles,
other places and things,
hot pursuit, search incident
to arrest, stop and frisk,
78. plain view, and consent (as
discussed in detail later in
the chapter).
Second, all evidence must be material. Evidence is material if it
is significant. Evidence is
material if it makes the existence of a fact more probable than it
appeared prior to the
introduction of the evidence. If evidence is material, then it may
influence the issue at
hand-the point trying to be established. For example, in the
kidnapping case mentioned
above, testimony about the missing girl's fingerprints being
found in the suspect's house
was ruled to be material as the prints could influence the
determination that the girl was in
the suspect's house. The determination as to relevance and
materiality of evidence is made
by judges and depends heavily on the particular facts of the
case.
Relevant evidence:
Evidence that relates to
the case at hand.
Material evidence:
Evidence that is
significant and can help
prove a fact.
64
79. Competent
evidence: Evidence
that is valid and of
quality.
Frye test: A legal test
to determine whether
scientific evidence is
admissible; evidence
must be generally
accepted by the
scientific community.
Daubert standard: A
legal test to determine
whether scientific
evidence is admissible;
evidence must be based
on scientific knowledge.
Necessary evidence:
Evidence used to
establish a legitimate
point, not to simply
arouse feelings or to
shock.
Chain of custody:
The record of ind iv id ua Is
who maintained control
over the physical
evidence from the time
it was obtained by the
police to when it was
introduced in court.
80. CRIMINAL INVESTIGATION
Third, all evidence must be competent. Incompetent evidence is
of questionable value. It is
considered invalid or untruthful. There are three categories of
incompetent evidence:
(1) evidence wrongfully obtained (e.g., as the result of an
illegal search or an involuntary
confession), (2) statutory incompetency (e.g., when federal or
state law prohibits the intro-
duction of certain forms of evidence, such as polygraph results),
and (3) evidence rendered
incompetent by court-established rule (e.g., hearsay evidence).
If evidence is ruled incompe-
tent, it is not admissible even if it is relevant and material.
With regard to statutory incompetence in particular, the rulings
from two court cases are
of importance. First, the Frye test relates to Frye v. United
States (1923 ), when the U.S.
Court of Appeals refused to admit novel evidence in court that
was not generally accepted
in the scientific community. In 1993, in the case of Daubert v.
Merrell Dow Pharmaceuticals
(1993 ), the U.S. Supreme Court replaced the Frye test for
determining the admissibility of
scientific evidence. The fundamental question for the Daubert
standard is, is the evidence
and corresponding testimony based on scientific knowledge?
Daubert provided some con-
siderations for judges in making this determination:
• Is the theory or technique on which
the testimony is based capable of
being tested?
81. • Does the technique have a known rate
of error in its application?
• Has the theory or technique been
subjected to peer review and
publication?
• What is the level of acceptance in the
relevant scientific community of the
theory or technique?
• What is the extent to which there are
standards to determine acceptable use
of the technique?
In addition to the Daubert decision, another basis on which to
exclude scientific evidence
is constituted by Federal Rule 403 and its state court
equivalents, which allow a trial judge
to exclude evidence that is relatively weak or that may cause
confusion, consume too much
time, or cause unnecessary prejudice to a party.
Fourth and relatedly, the introduction of all evidence at trial
must be necessary. Evidence
must be introduced to establish a point. If the only purpose of
presenting evidence is to
arouse feelings or to be dramatic, the introduction of the
evidence is not necessary and may
only prejudice a jury. Arguments regarding the necessity of
evidence are often raised by
defense attorneys with regard to the introduction of gruesome
crime scene or autopsy
photos.
82. Finally, with regard to physical evidence specifically, the chain
of custody must be main-
tained. The chain of custody refers to the record of individuals
who maintained control
(custody) over the evidence from the time it was obtained by the
police to when it was
introduced in court. At minimum it would likely include details
about the collection of the
evidence from the crime scene, the storage of the evidence in
the police evidence room, and
the transfer of the evidence to court for trial. The chain of
custody is to ensure the security
of physical evidence. If a chain of custody is not established or
can be questioned, the value
of the evidence itself may be questioned.
• • • Constitutional Requirements
for the Collection of Evidence
In order for evidence to be admissible in court, not only does it
have to have certain quali-
ties, but the police also have to follow certain legal rules in
collecting it. These laws are
intended to protect citizens from unwarranted governmental
intrusion into their lives.
Chapter 4 • The Law and Criminal Investigations
These rules represent the civil liberties of citizens and,
as far as criminal investigation is concerned, relate to
the protections offered by the Fourth, Fifth, and Sixth
Amendments to the U.S. Constitution. The procedures
associated with arrests, searches, and seizures relate to
the Fourth Amendment and courts' interpretation of it.
83. THE LAW OF SEARCH AND
SEIZURE: THE FOURTH AMENDMENT
The Fourth Amendment reads as follows:
The right of the people to be secure in their persons, houses,
papers, and effects, against unreasonable searches and seizures,
shall not be violated, and no warrants shall issue but upon
probable cause, supported by oath or affirmation, and
particularly
describing the place to be searched, and the person or things to
be
seized.
Over the years a multitude of court cases have defined and
inter-
preted the meaning of the Fourth Amendment. In essence, the
intent
of the Fourth Amendment is to protect individuals' privacy and
pro-
tect against arbitrary intrusions into that privacy by government
officials. As such, as interpreted by the courts, the Fourth
Amend-
ment offers protection in a variety of situations.
WHAT IS THE PURPOSE OF THE FOURTH
AMENDMENT TO THE U.S. CONSTITUTION?
The purpose of the Fourth Amendment is to protect individuals'
privacy and protect against arbitrary intrusions into that privacy
by
government officials.
REASONABLE EXPECTATION OF PRIVACY
65
84. Fudging a Chain of Custody
As discussed, there is a legal requirement
that physical evidence be collected and
recorded in accordance with a chain of
custody. The chain of custody is meant to
ensure the integrity of the evidence. Let's
say that in a case the shoes of a subject
were collected as possible evidence, but
a chain of custody was not established at
the time they were seized; the detective
did not think the shoes would be useful
in the investigation, but he was not sure.
Because he had a lot of other work to do,
he put the shoes in his desk drawer and
forgot about them. Later it was determined
by the detective that the shoes and the
possible DNA on them might actually be
very important in the investigation. Upon
realizing that he should have created a
chain of custody for the shoes at the time
they were seized, the detective made one