Thumbnailsthumbnail.pngCristian DeWeeseDr. Rutherford Har.docx

Thumbnails/thumbnail.png
Cristian DeWeese
Dr. Rutherford
Hardening Operating Systems
11/12/2022
“Attack on Microsoft systems using the Internet ”
1. Following are the some of the Microsoft system attacks;
MItM Attack:
Because of the vulnerability, an off-site attacker is able to get
access to the compromised system. Within the Windows LSA
service is where the vulnerability may be found. (Kumar &
Surisetty, 2011) An adversary operating from a distant location
has the ability to trick a domain controller into providing
NTLM authentication to them by calling a method on the
LSARPC interface. As a consequence of this, an adversary may
gain credentials and compromise the vulnerable system via the
use of the NTLM Relay Attack.
DDos:
During a DDoS attack, users are unable to connect to the
targeted service. During a distributed denial of service attack,
all of an app's available resources are used up. Attackers flood a
site with fake users to slow it down or bring it down entirely.
(Gomez & Valdez, 2006) The frequency and severity of these
episodes are both rising. According to statistics compiled by
Azure Networking, DDoS assaults will raise by 25% in the first
half of 2021 compared to the last quarter of 2020. In 2021,
Azure prevented 359.713 assaults on its worldwide
infrastructure, up 43 percent from the previous year. (Wu &
Sun, 2010) Regardless of industry or location, businesses of any
size are vulnerable to DDoS attacks. Internet gambling sites,
online stores, and telecommunication companies are frequent
targets of cybercriminals.

2. Following are the main 5 concerns;
Initial Breach Targets: Nobody hacks IT. Built Active Directory
forests are clean and updated. New OSes and programs emerge
throughout time. As Active Directory's administrative
advantages are recognized, more information is provided, more
PCs or programs are connected, and domains are altered to suit
new Windows capabilities. Even when new infrastructure is
introduced, other elements may not be maintained as well,
systems and applications may be neglected, and organizations
may forget they still have legacy infrastructure. Older, bigger,
more complex ecosystems are more vulnerable.
Disabling Security Features: Many businesses don't utilize
Windows Firewall with Advanced Security (WFAS) because
they feel it's too complicated to set up. Starting with Windows
Server 2008, the Windows Firewall is automatically configured
to provide just the minimum permissions required for each role
or functionality to function. When WFAS is turned off (and no
other host-based firewall is used), Windows becomes more
vulnerable. Firewalls at the network's perimeter protect against
attacks from the Internet but not from drive-by downloads or
compromised intranet systems.
Gaps in antivirus & Antimalware Deployments: Most
workstations in a company will have antivirus and antimalware
software installed, activated, and up-to-date, according to an
analysis of antivirus and antimalware deployments. With a few
notable exceptions, such as seldom connected workstations and
staff devices, antivirus and antimalware software is often easily
deployed, configured, and updated across the board.
Incomplete patching: Microsoft publishes security updates
regularly on the second Tuesday of every month, however in
severe circumstances when vulnerability is believed to represent
an imminent hazard to client systems, an update may be
delivered outside of the monthly security update schedule.
Whether a company is small and uses Windows Update to
handle system and application patching or large and uses
management software like System Center Configuration

Manager (SCCM) to deploy patches according to detailed,
hierarchical plans, a large number of customers patch their
Windows infrastructures in a timely fashion.
Misconfiguration: Even in environments where systems are
often kept up to date and patched, we regularly discover
vulnerabilities or misconfigurations in the operating system,
applications, and Active Directory. Depending on the nature of
the configuration problem, the attack may just affect the local
workstation, but in many cases, an attacker may actively seek to
"manage" further systems and eventually get access to Active
Directory.
3. There are three essential parts to every network;
Routers
Switches
Firewalls
Switches:
A switch is required to connect many computers together. While
PCs are the most common device that switches link, they are not
the only device that switches may connect. After a device is
connected to a switch, its Media Access Control (MAC) address
is revealed and used for routing. The switch includes the MAC
address in outgoing packets so that other network nodes may
determine which device generated them.
Routers:
In order to connect local area networks to the wider web,
routers are required. Packets with an IP address are sent further
by this L3 device. A router is a device that allows for
communication across different networks. With the help of
Dynamic Host Configuration Protocol, a router may give out IP
addresses to computers and other devices that are linked to it.
After then, the information may enter and leave the network as
needed. In order to connect to the web, NAT is essential.
Firewalls:
When a firewall is set up, it may either allow or prevent
information from accessing a network. As an example, a
firewall may be set up to allow only traffic from a limited range

of IP addresses and ports that have been verified as secure.
(Archiveddocs , nd) On the other hand, a firewall may monitor
the IP address of the source of a packet that is being sent
several times per second. Maybe there was a distributed denial
of service attack that would be weird (DDoS)
References:
Kumar, S., & Surisetty, S. (2011). Microsoft vs. Apple:
Resilience against distributed denial-of-service attacks.
IEEE Security & Privacy,
10(2), 60-64.
Kumar, S., Azad, M., Gomez, O., & Valdez, R. (2006,
February). Can microsoft's Service Pack2 (SP2) security
software prevent SMURF attacks?. In
Advanced Int'l Conference on Telecommunications
and Int'l Conference on Internet and Web Applications and
Services (AICT-ICIW'06) (pp. 89-89). IEEE.
Lobo, D., Watters, P., Wu, X. W., & Sun, L. (2010, July).
Windows rootkits: Attacks and countermeasures. In
2010 Second Cybercrime and Trustworthy
Computing Workshop (pp. 69-78). IEEE.
Archiveddocs. (n.d.).
Install and Deploy Windows Server 2012 R2 and
Windows Server 2012. Learn.microsoft.com. Retrieved
November 8, 2022, from https://learn.microsoft.com/en-
us/previous-versions/windows/it-pro/windows-server-2012-r2-
and-2012/hh831620(v=ws.11)#windows-server-2012-r2

The Role and
Documentation of
Evidence in Criminal
Investigations
Gary w. Green/Orlando sentinel/MCT
OBJECTIVES
After reading this chapter you will be able to:
• Discuss the investigation of the
death of Stanley van Wagner.
Identify the most significant
evidence in the case and the
reasons why Amy Van Wagner
was found guilty in the trial.
• Explain the various levels or
standards of proof.
• Discuss the reasons for the
hearsay rule and the exceptions
to it.
• Compare direct evidence with
indirect evidence and give an
example of each.
• Compare the role of lay witnesses
with that of expert witnesses.

• Differentiate between judicial
evidence and extrajudicial
evidence and between
exculpatory evidence and
inculpatory evidence.
• Identify the various forms of
circumstantial evidence.
• Provide examples of corpus
delicti evidence, corroborative
evidence, cumulative evidence,
associative evidence,
identification evidence, and
behavioral evidence.
• Define testimonial evidence, real
evidence, documentary evidence,
and demonstrative evidence.
From the CASE FILE
The Murder of Stanley van Wagner
Sometime on or around Friday, May 15, 2015, Stanley
van Wagner was murdered. He was shot multiple
times in his home office. He was shot from the back
through his neck and in his shoulder. His body was
found on Sunday, May 17, at approximately 7:00 p.m.
in the basement of his house in a locked supply room
by his wife, Amy. Stanley's body was covered with a
tarp. Next to his body was his computer, which had
been struck by a bullet, and a pillow that also had a
bullet hole through it. There were two shell casings on
the floor of Stanley's office, a bloodstain on the carpet,
and a bullet hole in the drywall of one of the walls. Two

.380 caliber bullets were recovered. There was a gun
safe in the office from which some, but not all, of the
guns were missing. An empty leather handgun holster
was found near the safe. Amy had a concealed carry
permit. Her gun was a .380 caliber handgun. These
were the undisputed facts of the case.
Based on the evidence in the case, Amy was arrested
for the murder of her husband. All the evidence against
her was circumstantial. The inculpatory evidence that
led to Amy being identified as the killer consisted of
the following:
• On Friday morning, May 15, Stanley's cell phone had
been placed/tracked near the cell tower in the city
where Amy worked, which was a different city than
the one in which the couple lived. From this location,
Stanley's coworker received a text from Stanley's
phone indicating he was not feeling well and would not
be at work. It was one of the few times in thirty years
Stanley had called out sick. The cell phone location
information was obtained from cell phone provider
records; Stanley's cell phone was never found.
• Stanley had a rug in his office that was displayed
but never placed on the floor. When investigators
arrived at the scene after Stanley's body had been
discovered, the rug was on the floor. Under the rug
was a bloodstain. on the morning of May 15, while
Amy was at work, she had used her phone to text her
sixteen-year-old son, who was at home in bed. In the
text she asked her son if he saw the rug on the floor
and if he thought it looked good. In another text to her
son sent around the same time, she stated there was
no need to worry about Stanley, that he would not be

home after work. (The son was at home that morning
because earlier in the week he had been expelled
from school, and Stanley was not happy about it.)
• Amy had a concealed carry gun permit, and her gun
was a .380 caliber handgun. on occasion, she and
Stanley had conducted target practice at a friend's
house. Investigators linked .380 caliber shell casings
recovered from the friend's house to the shell
casings found on Stanley's office floor. The
.380 caliber handgun was never recovered.
38
• Guns missing from the gun safe in Stanley's office
were found by investigators in a pond near the
couple's house.
• On May 15 Amy had performed a Google search for
"rental carpet cleaner" on her work computer using
the in-private browser function.
• Amy had previously taken money out of Stanley's
checking account without his permission by writing
checks to "cash" and forging Stanley's signature.
Stanley had threated to divorce Amy because of
this.
• Between May 15 and May 18, Amy had made
several cash withdrawals from Stanley's checking
account using his ATM card.
• The medical examiner who conducted the autopsy of
the body and an expert witness stated that Stanley

was most likely killed on May 15 or May 16. The
computer found next to Stanley's body that was
stuck by a bullet had its clock stop at 5:30 a.m. on
Friday, May 15.
Along with this inculpatory evidence, however,
exculpatory evidence also existed that could lead one
to believe Amy was not the perpetrator:
• Like every other day, on Friday, May 15, Amy had
gone to work. She also went to the Department
CRIMINAL INVESTIGATION
of Motor Vehicles and completed other normal
activities. coworkers testified Amy had acted
normally at work that day. On Saturday she had
posted on Facebook that if anyone saw Stanley they
should tell him to come home. On that day she also
went to an out-of-town graduation party and bought
and planted flowers at home.
• There were no fingerprints or DNA on the computer
found next to Stanley's body, and no DNA from Amy
on the tarp. There were no fibers on the steps from
the tarp. There was no physical evidence that linked
Amy to the murder.
• A witness, a neighbor, reported with confidence that
she had seen and spoken with Stanley on Friday
afternoon. Another witness stated she had seen
Stanley on Saturday.
• Witnesses testified that Stanley and Amy appeared
to be a happy couple and that Amy killing her
husband was incomprehensible.

• The couple's son, who was home in bed on Friday,
May 15, reported and later testified that he did not
hear any gunshots in the house that morning.
In early 2017 the case went to trial. Amy van Wagner
did not testify. The jury deliberated for six hours before
finding Amy guilty of first-degree intentional homicide
and hiding a corpse.
case Considerations and Points for Discussion
1. Do you agree with the police, prosecutor, and jury
that Amy van Wagner killed her husband? Based on
the evidence, what do you think happened? What
do you think was a likely motive?
2. If Amy killed her husband, what is the most
significant unanswered question associated with
this case? Explain.
3. If Amy killed her husband, what were the most
significant mistakes she made that led to her
identification and conviction as the killer? Explain.
• • • The Basics of Criminal Evidence
Broadly defined, criminal evidence is any crime-related
information on which an investigator can
base a decision or make a determination. It consists of supposed
facts and knowledge that relate
to a particular crime or perpetrator. Evidence is the product of
investigative activities; investiga-
tive activities are performed to discover and collect evidence. In
turn, evidence is used to establish
proof that a crime was committed and that a particular person
committed that crime.

JUDICIAL AND EXTRAJUDICIAL EVIDENCE
Judicial evidence: A basic and fundamental distinction can be
made between judicial evidence and extra judi-
cial evidence. Judicial evidence is evidence that is admissible in
court and that meets the
rules of evidence. As such, it is often referred to as admissible
evidence. In the case discussed
Evidence that meets the
rules of evidence and is
admissible in court.
Chapter 3 • The Role and Documentation of Evidence in
Criminal Investigations
earlier, the cell phone records, the results of the autopsy, the
testimony about time of death,
and the ballistics evidence are all examples of judicial evidence.
Extrajudicial evidence is any information on which an
investigative decision can be based
but that is not allowed in court proceedings. It is often referred
to as inadmissible evidence.
An example of extra judicial evidence may be the results of a
polygraph examination taken
by a suspect. It is certainly not unreasonable that investigators
would consider the results
of a polygraph examination when judging whether a particular
person committed the crime
in question. At the same time, however, this "evidence" would
not be allowed by a judge to
be introduced into court proceedings; it would not meet the

rules of evidence. Although
such evidence may not be admissible in court, though, it can
still be quite useful.
EXCULPATORY AND INCULPATORY EVIDENCE
Another basic but important distinction can be made between
exculpatory evidence and
inculpatory evidence. Exculpatory evidence is evidence that
tends to exclude or eliminate
someone from consideration as the perpetrator. As discussed in
the earlier case, if a witness
saw Stanley alive on Saturday, it would tend to call into
question the value of the cell phone
location and Google search made on Friday as evidence of the
murder, which would tend
to exclude Amy as the killer. lnculpatory evidence is evidence
that tends to include or incrim-
inate a person as the perpetrator. For example, the fact that
Stanley was shot with the
.380 caliber handgun that belonged to Amy would tend to
incriminate Amy. Throughout
the course of any investigation, investigators will likely
uncover both inculpatory and
exculpatory evidence in relation to a particular suspect. It is a
legal requirement that the
police and prosecutor share not only the inculpatory evidence
but also the exculpatory
evidence with the defendant's attorney through the discovery
process.
STANDARDS OF PROOF
Evidence is used to establish proof that a crime was committed
or that a particular person
committed that crime. To prove something (e.g., that Amy

killed Stanley) is to eliminate uncer-
tainty or some degree of uncertainty regarding the truthfulness
of the conclusion. Proof is not
a one-dimensional phenomenon; there are various levels, or
standards of proof (see Table 3.1).
For example, as discussed in more detail later, the police often
need enough evidence to estab-
lish probable cause to justify a search or an arrest. Probable
cause, then, is a standard of proof.
Probable cause exists when it is more likely than not that a
particular circumstance exists;
generally speaking, the degree of certainty is greater than 50
percent. Probable cause is the
standard of proof of most direct concern and relevance to
investigators in solving crimes.
Another standard of proof is proof beyond a reasonable doubt.
Proof beyond a reasonable
doubt is needed in a trial to conclude that the defendant is
guilty of the crime. With this
level of proof, a jury (or a judge in a bench trial) may have a
doubt about the defendant's
guilt, but this doubt cannot be meaningful or significant.
Beyond a reasonable doubt is the
level of proof of most direct consequence to prosecutors, who
have as their responsibility
presenting evidence in court to obtain a conviction.
A third level of proof is reasonable suspicion. In order for
police to legally stop and frisk a
person, the police have to have a reasonable suspicion about
that person's involvement in
or association with a criminal act.
A fourth major level of proof is preponderance of the evidence.
Preponderance of the evi-

dence is the degree of certainty needed to prove and win a civil
case. It is essentially the
equivalent of probable cause but applies only to civil matters.
It is important to understand that all levels of proof are
subjective in nature. The determina-
tion of what constitutes proof depends on the judgments of
people. As a result, what consti-
tutes probable cause for one judge may not constitute probable
cause for another. One jury
may find proof beyond a reasonable doubt, but another may find
reasonable doubt. The
weight and value of evidence in establishing proof are an
individual determination.
39
Extrajudicial
evidence: Any
information upon which
an investigative decision
can be based but the
evidence is not allowed
in court.
Exculpatory
evidence: Evidence
that tends to exclude
a person as the
perpetrator.
lnculpatory
evidence: Evidence
that tends to include
a person as the
perpetrator.

Proof: Proof is
certainty that a
particular fact or
circumstance is true.
Standards of proof:
Different levels or
degrees by which
uncertainty about a fact
can be eliminated.
Probable cause:
A standard of proof
necessary to justify
most searches and to
make an arrest.
Beyond a
reasonable doubt:
A standard of proof
necessary to obtain
the conviction of a
defendant at trial.
Reasonable
suspicion: A standard
of proof necessary for
the police to stop and
frisk a person.
Preponderance
of the evidence:
A standard of proof
relevant in civil law
and trials.

40
Direct evidence:
Evidence that directly
demonstrates a fact;
there is no need
for inferences or
presumptions.
Standards of Proof in Criminal Matters
Reasonable suspicion
Probable cause
Beyond a reasonable doubt
Is there reason to believe that a
particular circumstance exists?
Is it more likely than not that a
particular circumstance exists?
Is the doubt about the
defendant's guilt meaningful or
significant?
To stop and frisk
To make an arrest
To conduct a search

To obtain a conviction
THE MEANING AND NATURE OF PROBABLE CAUSE
Probable cause stems directly from the Fourth Amendment to
the U.S. Constitution and
constitutes a critical ingredient needed to justify a legal search,
seizure, or arrest. In gen-
eral, if probable cause does not exist to conduct a search or to
make an arrest, any evi-
dence collected as a result of that search is not admissible in
court, nor is that arrest
considered valid. Probable cause is critical indeed and therefore
is discussed in more detail
here.
According to the decision in Brinegar v. United States (1949),
probable cause exists when
"the facts and circumstances within the officers' knowledge and
of which they had reason-
ably trustworthy information are sufficient in themselves to
warrant a man of reasonable
caution in the belief that an offense has been or is being
committed." This is known as the
"man of reasonable caution" standard or the "reasonable person"
standard. In United
States v. Ortiz (1975), the court ruled police officers can
legitimately draw on their experi-
ence and training in determining whether probable cause exists
in a particular situation. As
a result, what might look like innocent activity to the
"reasonable person" may indeed be
sufficient to establish probable cause for a police officer.
In Aguilar v. Texas (1964), the court established a two-pronged

test to determine probable
cause when information is given to the police by an informant.
The two prongs were (1) the
reliability of the informant and (2) the reliability of the
informant's information. This is
particularly relevant when the police obtain information from a
person who has been
engaged in criminal activity and has low credibility. The
Aguilar two-pronged test was
abandoned with Illinois v. Gates (1983) when the court ruled
that the "totality of the cir-
cumstances" must be considered in establishing probable cause.
So in the case of Gates, not
only should the informant's tip be considered in determining
probable cause, but so too
should the corroborating information from other independent
police sources.
• • Types of Evidence
Various types of evidence can be used to establish proof. All
evidence can be classified as being
either direct or indirect, and all evidence can be classified as
either testimonial, real, demonstra-
tive, or documentary. All of these types of evidence are
discussed in the following subsections.
DIRECT VERSUS INDIRECT EVIDENCE
Direct evidence refers to crime-related information that
immediately demonstrates the exis-
tence of a fact in question. As such, no inferences or
presumptions are needed to draw the
associated conclusion. Confessions from perpetrators and
identifications from eyewitnesses
are good examples of direct evidence of guilt (see Case in Point
3.1).

Chapter 3 • The Role and Documentat ion of Ev idence in
Criminal Investigations 41
-
CASE in POINT 3· 1 "All This Was Planned When the
First Shot Was Fired"
The following report was written by · Detective Michael
sarenac of the Milwaukee Police Department. It has been
edited for length and clarity.
Background
On Sunday, April 24, 2016, the Milwaukee Police Department
responded to the Tandji convenience store in the City of
Milwaukee regarding an injured person. A citizen contacted
police after locating a person laying in the store. Upon offi-
cer's arrival they located the decedent laying on the floor
with an apparent gunshot wound to his head. Medical per-
sonnel had responded and determined that any resuscitation
efforts were fruitless. The decedent, identified as Chaabane
Tandji, male, black, 01/01/1975, was pronounced dead by
the Milwaukee County medical examiner's office. An autopsy
performed by that office the following day determined a bul-
let travelled from the back to the front of Mr. Tandji's skull

and ruled his death a homicide.
Detectives reviewed store video and obseNed that shortly
after 11 p.m. the previous evening a black male and a black
female were allowed entry into the store by the victim after
store hours. At one point the victim removes a handgun and
shows it to the male. The male begins walking around the store
pointing the handgun in different directions. At one point the
male is facing the back of the victim. Video shows this male
extending his arm when about 8 to 10 feet behind the victim.
The victim falls to the floor. This male then walks in front of
the
victim and again extends his arm and appears to fire a second
time into the victim. The male then checks the pockets of the
victim and, as this is occurring, the female is seen in the cashier
area removing items including cigarettes. Both the male and
female then exit the store, leaving the victim on the floor.
Detectives showed a portion of the video to the decedent's
girlfriend, Patricia Long, where she identified both persons in
the video with the decedent as "Trill" and his girlfriend "Shay."
"Trill" is Terrence Hutchinson. "Shay" is Shannon Carson-
Quinn.
Both were arrested without incident at 3357 B N. 2nd St.
In-custody Mirandized interview of
Shannon P. Carson-Quinn on 4-24-16
Quinn stated that about one week ago, she and her boy-
friend, Terrence M. Hutchinson (08-13-88), planned to rob

and kill the previous owner of the store, who they called
"Sabu." Carson-Quinn stated they planned to do this because
Sabu got $15,000 to $20,000 from the sale of the store. They
planned on killing him so there were no witnesses. Carson-
Quinn stated that on 04-23-16, she and Hutchinson went to
the store and Sabu was working. Carson-Quinn stated that
they spoke with sabu and planned to meet him back at the
store at 11 :30 p.m. Carson-Quinn stated that they would reg-
ularly hang out at the store with Sabu after it closed because
Sabu was basically living at the store.
Carson-Quinn stated that she and Hutchinson arrived at the
store at about 11:30 p.m. and Sabu let them in. Carson-Quinn
stated that she warmed up some food and ate and they watched
a movie. Carson-Quinn stated that on 04-24-16 at about
1 :00 a.m., Sabu stated that he was tired and she and Hutchinson
began to gather their things. She then heard Hutchinson ask
Sabu to see "the baby," meaning sabu's gun that he carried
in a holster in his pocket. Carson-Quinn stated that she did
not see Sabu give Hutchinson the gun, but Hutchinson walked
past her with a gun in his hand. Carson-Quinn stated that as
Hutchinson walked past her, he gave her a look like go up front

and she knew it was about to happen. Hutchinson stated that
she walked to the front of the store and she then heard two
gunshots. Carson-Quinn stated that she then grabbed about
six or seven packs of Newport 100's cigarettes and then went
to the back of the store to get her portable DVD player. carson-
Quinn stated that as she walked past Sabu, she could see that
he was bleeding out. Carson-Quinn stated that after she got
her DVD player she and Hutchinson left the store.
The following report was written by Detective Jeff Sullivan. It
has been edited for length and clarity.
In-Custody Mirandized interview of
Terrence Hutchinson on 4-25-2016
This interrogation was audio/Video recorded and occurred
in room 624 of the Police Administration building. The audio/
video began at 10:02: 13, at which time I read Mr. Hutchinson
his Miranda rights. He indicated to us that he understood
them, knew they were his rights and would answer ques-
tions relative to his arrest.
Hutchinson initially stated, "I made a mistake ... I acciden-
tally." He went on to say that he shouldn't have been playing
(Continued)

42
(Continued)
with the gun. He said that the victim, whom he referred to
as Sabu or "big bro," let him and his girlfriend "Shay" into the
store after hours where they watched DVD movies, drank
and smoked. Hutchinson said that one point Sabu brought
out a revolver, which Hutchinson referred to as "baby."
Hutchinson went on to say that it was an accident, it wasn't
supposed to happen and that he was "goofing around."
Hutchinson said that he fired two gunshots from that gun
at some point and initially indicated the first gunshot was
an accident. He then panicked after that gunshot and got
nervous and scared. Following that first gunshot Hutchinson
indicated that Sabu fell to the ground and was saying
to Hutchinson "Trill, why?" "Trill" is a nickname given to
Hutchinson by an uncle many years ago. He said he fired
the second gunshot because he didn't want to get in trouble
and that during the shots Shay "was doing what she was

doing." Hutchinson said following the two gunshots he and
Shay left, at which point Shay called her friend, "Sheena" and
Sheena arrived and drove them both to her house on N 5th
St. Hutchinson said that he and Shay then went to his home
at 6413 N 8th St., changed clothes, and put the clothes he
had been wearing; shirt, shoes, pants and baseball cap in a
garbage bag and threw them in the dumpster.
Hutchinson said that after he shot Sabu he went through
his pockets to see if he had a few dollars for the bus for
him to leave. He said he took the gun with him, thinking he
could hide it. He later indicated that the gun police recovered
was not the gun he used. He said that he used his shirt to
open the store door following the shooting to avoid leaving
fingerprints.
I explained to him that the video shows him pointing the gun
at the victim's back. He indicated that he was unaware that
the gun was loaded when he pulled the trigger. He said he
fired the second shot because he didn't want to victim telling

the police on him.
Hutchinson also acknowledged that when they entered the
store that evening he did ask Sabu to "see the baby" (gun).
Hutchinson initially maintained that the gun police recovered
in the house when he was arrested was the gun used in this
offense. When challenged about his intent prior to the gun-
shots he said, "All this was planned when the first shot was
fired." He said he just wanted to hurt Sabu with that first
gunshot. He said that prior to firing the first gunshot, he was
thinking how hard it was to find a job and the fact that he
has a child on the way due in several months. He figured if
the victim had $400-$500 on him it would help him in his
situation. Hutchinson went on to say that he knew Sabu had
a gun in the store as he has seen it several t imes in the past
and believed it was a .38 caliber revolver.
During the interrogation of Hutchinson, we learned that the
gun recovered by police was not the gun used in this offense.

First Hutchinson said that the gun used in this offense was at
a house in the area of N 1st W Keefe, that after the shooting
he gave it to a male he knew as "Jeff" and told him to get
rid of it.
At 11 :38:50 we took a break and returned at 11 :47:05. The
conversation continued as to the location of the gun used
in this offense. We then confronted him about his truthful-
ness as to the location of the gun and then he said the gun
used was in a basement storage area at 6413 N 8th St., an
apartment building that he and his future child's mother
reside in. He said that his soon-to-be child's mother, Sherry
Salon, lives in #2 and a male he knew as "Jeff" lives in #1.
Hutchinson said that following the shooting, he and "Shay"
walked to 6413 N 8th St., where he gave "Jeff" the revolver
and believed "Jeff" put it in the storage area in the basement.
The interrogation ended at 12:11 :25 and the video was
turned off at 12:22:08. I returned Hutchinson to central book-
ing where he asked me to pass a message on to the co-

defendant, Shannon Carson-Quinn. He wanted to tell her that
he loved her and that he hoped she was not mad at him for
getting her involved in this situation. I did pass this informa-
tion on to Ms. Carson-Quinn and related her response back
to Hutchinson where she indicated she was not mad at him.
on 4/25/16 Detective Jeff Sullivan and I were notified that the
subject we interviewed earlier in the day wanted to speak to
us again. I made contact with Terrence Hutchinson at his cell
and escorted him to Room 624 again. Hutchison was again
read his constitutional rights. He stated that he understood
these rights and wanted to make a statement. Hutchinson
stated that he wanted to tell us the exact location of the gun
he used.
Hutchinson indicated that the gun was at 6413 N 8th St. in the
basement storage room. He was then able to give a detailed
description of exactly where he placed the gun. Hutchinson
explained the descriptions of boxes and plastic bins in the
area of where he placed the gun. Hutchinson also described

that the storage room was never locked. He related that his
friend, Donald, let him come and go from the room. He said
PHOTO 3.1: This photo shows the inside of the store where
the homicide occurred.
that Donald is married but he couldn't remember Donald's
wife's name.
PHOTO 3.2 : Investigators searched for the fingerprints of the
suspects at the store to support their confessions and to
confirm their presence at the crime scene. Here it can be seen
that the microwave oven at the store was examined for
fingerprints.
Note: Photos 3.4, 3.5, 3.6, and 3.7 also relate to this
investigation.
He then informed us that he had dropped the victim's
keys into a hole with water in it in the basement. From the
description, the "hole" described may be a sump pump hole.
He again gave a very distinctive description of the location
and description of the hole. From his description, this hole or
sump pump was in a "common area" of the basement.

The interview ended at approximately 3:50 p.m. I then
escorted Hutchinson back to the central booking area. No
further information at this time.
On the other hand, indirect evidence, which is also known as
circumstantial evidence, con-
sists of crime-related information in which inferences and
probabilities are needed to draw
an associated conclusion. For example, in the Stanley Van
Wagner case, the fact that the gun
used to kill Stanley was the same caliber gun as the one owned
by his wife is best considered
circumstantial evidence that Amy killed Stanley; it does not
necessarily mean that Amy
definitively killed Stanley. If a witness saw Amy shoot Stanley,
that information would be
direct evidence that Amy killed her husband because no
inferences would be needed to
draw the conclusion.
Of course, from an investigator's perspective, the ultimate
conclusions that need to be
drawn are that a crime occurred and that the suspect committed
the crime; however, there
may be other conclusions that would be useful to establish as
well. As a result, when deter-
mining whether evidence is direct or circumstantial, an
investigator needs to consider the
conclusion he or she is trying to establish. Consider Case in
Point 3.1. Some items in the
store had Shannon Carson-Quinn's and Terrence Hutchinson's
fingerprints on them. Were
the fingerprints direct evidence or circumstantial evidence? It
depends on the conclusion the
investigator is trying to establish. The fingerprints on the

microwave oven would be best
considered direct evidence that the suspects were in the store
and touched the microwave
but circumstantial evidence they were responsible for the
murder.
It is important to understand that the distinction between direct
and indirect evidence
depends entirely on the need for inferences to draw the
associated conclusion; it does not
depend on the likelihood that the evidence is valid. For
example, a statement from an eye-
witness claiming she saw the victim alive on Saturday is best
considered direct evidence that
the victim was alive on Saturday, regardless of the possibility
that the eyewitness is mistaken.
The possibility that the witness is wrong does not make the
evidence circumstantial.
Indirect evidence:
Evidence that requires
inferences in order to
draw a conclusion; also
known as circumstantial
evidence.
44 CRIMINAL INVESTIGATION
Circumstantial Evidence Is Not Very useful
Circumstantial evidence is often viewed as less valuable
than direct evidence in establishing proof. It is sometimes
believed that a person cannot be convicted of a crime based

on circumstantial evidence alone. This is not true. In fact, cir-
cumstantial evidence can be quite powerful in establishing
proof-perhaps even more influential than direct evidence,
especially if there is a sizable amount of circumstantial evi-
dence that can be presented. As shown in the chapter intro-
duction case, a defendant can certainly be convicted of a
crime based only on circumstantial evidence.
There are many different types of circumstantial evidence. First,
a person's physical abil-
ity to commit a crime can be introduced as circumstantial
evidence of guilt or innocence.
For example, consider again the case of Amy Van Wagner. She
knew how to use a gun,
she had access to the gun used to kill the victim (it was her
gun), and the victim was shot
from behind, requiring no extraordinary abilities to fend off the
victim's resistance.
Second, an alibi, or the lack of an alibi, may be best considered
circumstantial evidence. An
alibi is a claim on the part of a suspect that he or she was
somewhere other than at the crime
scene at the time of the crime. The primary issue associated
with an alibi as evidence is its
believability. Because alibis are often established by friends of
the suspect or by the suspect's
own account (e.g., "I was home in bed by myself"), they are
often not believed by investiga-
tors or jurors. An alibi could be considered exculpatory
evidence, or the lack of an alibi
could be considered inculpatory evidence. In either case an alibi

(or lack thereof) is best
considered circumstantial evidence. From a suspect's
perspective, one of the problems with
alibis is that they are often difficult to precisely establish and
prove. Yes, Amy Van Wagner
was verified to be at work at 8:00 a.m. on Friday, but as an alibi
that is not useful if the
murder occurred at 5:30 a.m. As another example, consider the
case of Steven Avery (see
Chapter 15). Avery was wrongfully convicted of sexual assault
in 1986 and spent eighteen
years in prison before he was cleared of the crime through DNA
analysis. Avery had sixteen
witnesses (including friends, family, and clerks at a store) and a
store receipt that corrobo-
rated his alibi, but the jurors did not believe this evidence. They
believed the victim who
(incorrectly) identified Avery as the attacker. The Avery case is
not unique. In many wrongful
conviction cases, alibis are presented but not believed.
Third, MO, or the method in which the crime was committed,
may be considered circum-
stantial evidence. In particular, if a series of crimes are
committed in a particular manner,
and a defendant has been linked to one of these crimes through
other evidence, one could
infer that the defendant committed the other, similar crimes as
well. The reasonableness of
the inference may depend strongly on the uniqueness of the MO.
For example, if a series of
house burglaries took place in early afternoons in the same
neighborhood in which entry
was gained by breaking a window and only jewelry was taken, it
might allow investigators
to infer that whoever committed one of the crimes also

committed the others.
Fourth, the existence of an identifiable motive (or lack thereof)
may represent circumstan-
tial evidence of guilt or innocence. Motive-a reason why the
crime was committed-is an
important dimension of identifying a perpetrator. If a motive
such as anger, revenge, greed,
or jealousy on the part of the perpetrator can be established, one
may infer that the defen-
dant committed the crime. It was suggested by the prosecutors
in the Amy Van Wagner
murder trial that she killed her husband because he threatened
to divorce her for stealing
his money.
Chap&er 3 • The Role and Documentation of Evidence in
PHOTO 3.3: This subject was apprehended with a pocket full of
cash near a gas station that was just
robbed. This is circumstantial evidence that he committed the
crime.
Fifth, if an individual is found to be in possession of the fruits
of the crime, this evi-
dence could be used to infer that person is guilty of the crime.
For example, if a per-
son is found in possession of a cell phone that was taken in a
robbery, it might
indicate that person committed the robbery. However, that
person could have come
into possession of the cell phone in some way other than being
the one who actually

took it.
Sixth, the existence of prior threats made by the suspect or
similar prior behaviors exhibited
by the suspect may be introduced as circumstantial evidence of
that person's guilt in a
crime. If Amy Van Wagner had previously made threats to do
harm to her husband, it
would have been powerful circumstantial evidence that she
killed him.
Seventh, character witnesses can be introduced to help establish
the innocence of the defen-
dant. Character witnesses are used by the defense to bring
evidence to court that the defen-
dant is incapable of committing a crime like the one in question.
For example, witnesses
testified that Amy and Stanley were in love and that she could
never have killed him.
Finally, evidence concerning an individual's attempts to avoid
apprehension after the crime
occurred can be used to infer guilt.
• Testimonial, Real, Demonstrative,
and Documentary Evidence
Just as all evidence can be considered either direct or indirect,
all evidence can be classified
as either testimonial, real, demonstrative, or documentary.
45
46
Kelly Dwyer, twenty-seven, was last seen on a security camera

entering her friend Kris zocco's apartment building in October
2013. She was not seen leaving, and she was never seen alive
again. The investigation naturally focused on zocco, and in
the process child pornography and drugs were found in his
possession. He was convicted and sentenced to prison on these
charges, but Dwyer's body was never found. zocco claimed she
had left the building and that he had nothing to do with her dis-
appearance. In May 2015 Dwyer's remains were found along a
roadway about sixty miles from Zocco's former apartment. The
cause of death could not be determined. Subsequent to the
discovery of Dwyer's body, zocco was charged with her mur-
der. As outlined in the criminal complaint, the evidence against
him was entirely circumstantial specifically the following:
• A twenty-six-second video recovered from zocco's cell
phone recorded one month before Dwyer disappeared
depicted a sex act that hampered her breathing.
• zocco had a history of performing violent sexual acts
with girls and women, including bondage and potentially
lethal sexual asphyxia, dating back to when he was
sixteen years old.
• zocco had a history of stalking girls and women who

ended relationships with him; he exhibited controlling
behavior toward girls and women and had a short
temper. one witness had sought a restraining order.
Another told her husband that if anything happened to
her the police should look at zocco first.
• Dwyer's friends had observed bruising to Dwyer's neck
and wrists after she spent time with zocco in the weeks
prior to her disappearance.
• A witness said Zocco had a large golf bag in his living
room. It was there about two weeks before Dwyer
TESTIMONIAL EVIDENCE
disappeared. When a search warrant was executed on
the apartment after Dwyer was reported missing, the
golf bag was gone, but a set of golf clubs remained in the
apartment.
• The SIM card in zocco's phone was removed from
the device for seventeen hours between 7:43 p.m. on
October 11 and 2:41 p.m. on October 12. During this
period the GPS information generated by the phone or
apps could not be collected.

• zocco had purchased a pair of new shoes from a Sports
Authority store, about thirteen miles from where Dwyer's
body was found.
• Prosecutors believe zocco had dinner and spent the
night with a woman as Dwyer's body sat inside the golf
bag in the trunk of his car.
• zocco's housekeeper said zocco never cleaned up
after himself. However, cleaning supplies found to have
zocco's, and Dwyer's DNA on them were found in the
apartment. The housekeeper said she hadn't bought the
items or put them there.
• Dwyer's skeletal remains were found facedown and
extremely contorted, with one of her arms bent at a
severe angle behind her back and a leg bent up
under her, indicating that she probably was placed
into some kind of container shortly after death and
her body went into rigor mortis while in that
container.
All of these "circumstances" together raise serious ques-
tions about zocco's responsibility in the death of Dwyer. As
of this writing in October 2017, the case was awaiting trial.
Testimonial
evidence: Evidence
that is in the form of
words spoken in court

by a person under oath.
Lay witnesses:
Persons who provide
testimonial evidence
based on facts
personally observed.
Testimonial evidence is evidence presented in court through·
witnesses speaking under oath
who would be committing perjury if they did not state what they
believed to be the truth.
Testimonial evidence often begins as statements made to the
police. Witnesses can be con-
sidered either lay witnesses or expert witnesses. Lay witnesses
are individuals whose testi-
mony is limited to the facts as personally observed. In some
situations lay witnesses may
also offer judgments as they relate to the particular case at hand
(e.g., "In my best judg-
ment, the person I saw running through my backyard was about
6' tall").
Expert witnesses are persons who possess special knowledge
about a particular issue or
phenomenon under examination (e.g., ballistic comparisons,
DNA analysis, estimation of
time of death). Expert witnesses often hold academic or
scientific positions and have expert
knowledge of the issue at hand. They are able to express their

opinions about the issue in
court and speak about hypothetical cases. Ideally, the function
of expert witnesses is to help
the jury or judge understand the complex issue under
consideration-to basically educate
the jury.
One form of testimonial evidence is hearsay. When someone
repeats information that
someone else said, it is hearsay. Sometimes considered gossip
or secondhand information,
hearsay is most often excluded from consideration in court
proceedings because it is con-
sidered unreliable. The serious concerns about the reliability of
hearsay are that (1) the
person who made the original statement was not under oath and
therefore was not obli-
gated to tell the truth and (2) the person who originally made
the statement cannot be
cross-examined to test his or her perception, memory, veracity,
and ability to be articulate.
To avoid the potential problems of hearsay, investigators need
to get information "from the
horse's mouth." For example, suppose a lawyer has a witness
with critical information
about the crime, but this witness would not likely leave a
favorable impression on the jury
and probably would not be believed by the jury. The witness is
sloppy, not very articulate,
and of questionable mental competence. Without the hearsay
rule that excludes most hear-
say evidence, the lawyer could have this witness meet with
another individual who would
have a much more favorable impression on a jury. This second
potential witness is bright,
articulate, and attractive. The sloppy witness could tell the

articulate witness the relevant
points of the testimony and then the lawyer could call the
articulate witness to testify.
Clearly, this hearsay testimony could raise all sorts of questions
about fairness and the
discovery of the "truth."1
As with just about every legal rule, there are exceptions to the
hearsay rule, and there are
instances when hearsay is admissible as testimony in court. For
example, previously recorded
testimony that was provided under oath and was subject to
cross-examination is admissible
as hearsay as long as the witness is no longer available. Dying
declarations of a victim may
be admissible in court through hearsay. Statements made by a
defendant can be admitted in
court as hearsay; especially useful in this regard are admissions
and confessions. An admis-
sion involves acknowledging some aspect of involvement in the
crime (e.g., "I was at the gas
station at about midnight"), whereas a confession involves
acknowledging the actual involve-
ment in the crime (e.g., "I robbed the gas station at about
midnight"). Given a defendant's
right to remain silent, unless he or she chooses to testify, the
only way a defendant's state-
ments may be presented in court is through hearsay.
Furthermore, if the defendant chooses
not to testify, a claim on his or her part that the statements were
not subject to cross-examina-
tion would be odd (the statements were not subject to cross-
examination because the defendant
chose not to testify). There are several other, seldom
encountered exceptions to the hearsay
rule.2 See Case in Point 3.3 for an example of unusual hearsay

evidence that played a critical
role at trial.
REAL EVIDENCE
Real evidence is also known as physical evidence, scientific
evidence, or forensic evidence.
Real evidence refers to tangible objects that can be held or seen
and that are produced as
the direct result of the commission of a crime. Examples of real
evidence include blood
splatters on a wall, semen recovered from a victim, and the
knife used to kill a victim. In the
Amy Van Wagner case, the blood on the carpet and the shell
casings on the floor were real
evidence. All real evidence introduced in court must be
accompanied by testimony that
demonstrates the evidence complies with the rules of evidence
(see Chapter 4).
DEMONSTRATIVE EVIDENCE
Demonstrative evidence refers to tangible objects produced
indirectly from a crime that
relate to the crime or the perpetrator. For example, diagrams or
videos of the crime scene
Expert witnesses:
Persons who provide
test imonial evidence
based on expert
knowledge of a
particular issue.
Hearsay: A form of
testimonial evidence
that is secondhand or
repeated information.

Real evidence:
Evidence produced as
the direct result of the
crime having occurred;
it can be held or seen.
47
Demonstrative
evidence: Tangible
objects produced
indirectly from a crime
that relate to the crime
or the perpetrator.
CASE in POINT 3·3 . A Homicide Victimls
' Letter to the Police
A husband was accused of killing his wife by poisoning her.
She had suspected he was going to kill her, so she had writ-
ten a letter to a detective at the local police department. She
gave the letter to her neighbor with instructions to give it to
the detective if she were to die. The letter was written on
November 21; the woman was found dead in her home on
December 3. The letter was admitted at trial as evidence as

an exception to the hearsay rule. The letter read as follows:
the brief affair I had with that creep seven years ago.
Mark lives for work + the kids; he's an avid surfer of
the Internet.
Anyway-I do not smoke or drink. My mother was an
alcoholic, so I limit my drinking to one or two a week.
Mark wants me to drink more with him in the evenings.
I don't. I would never take my life because of my kids-
they are everything to me! I regularly take Tylenol +
multi-vitamins; occassionally [sic] take OTC stuff for
colds; zantac, or lmmodium; have one prescription for
migraine tablets, which more use more than I.
Pleasant Prairie Police Department, Ron Kosman
or Detective Ratzenburg-1 took this picture+ am
writing this on Saturday 11-21-98 at 7am. This "list"
was in my husband's business daily planner-not
meant for me to see. I don't know what it means,
but if anything happens to me, he would be my first
suspect. Our relationship has deteriorated to the
polite superficial. I know he's never forgiven me for
I pray I'm wrong + nothing happens ... but I am
suspicious of Mark's suspicious behaviors +fear for
my early demise. However I will not leave [my two

sons]. My life's greatest love, accomplishment and
wish: My 3 D's-Daddy (Mark), [deleted] +[deleted].
Documentary
evidence: Evidence
that is in some form of a
document.
Julie c. Jensen
may be produced by investigators for evidentiary reasons and
used in court, photographs
of a victim (or a victim's injuries) may be produced and used in
court, and radiographs
showing injuries to a viCtim may be introduced in court.
Photographs, videos, diagrams,
and medical records are all common forms of demonstrative
evidence.
DOCUMENTARY EVIDENCE
As the name suggests, documentary evidence refers to any
evidence in the form of a
document or to evidence that documents some issue related to
the crime. Examples
would be printed e-mails or other documents relating to the
crime, bank statements,
and surveillance video. Evidence extracted from electronic
devices, such as cell phone
text messages, would also usually be best considered
documentary evidence. This evi-
dence is also referred to as digital evidence. The evidentiary
value of documentary
evidence is limited to the content of the document. For example,
if a cell phone is intro-

duced as evidence because of the fingerprints on the phone, the
phone (and fingerprints)
would be best considered real, not documentary, evidence.
However, if the phone is
evidence because of photos on it, the photos would best be
considered documentary
evidence. ·
Sometimes the lines are blurred between testimonial evidence,
documentary evidence, real
evidence, and demonstrative evidence. For instance, in Case in
Point 3.3, the actual letter
written by the decedent would be best considered documentary
evidence, but what was said
in the letter would best be considered testimonial evidence
(hearsay). If there was a question
about whether the victim actually wrote the letter, the
handwriting would best be consid-
ered forensic (real) evidence. A video that captured a crime as it
occurred would best be
PHOTO 3.4: Bullets are best considered real evidence. Shown
here is one of the bullets recovered from
the convenience store homicide discussed in Case in Point 3.1.
Notice its deformity as the result of
striking the floor.
PHOTO 3.5: Crime scene photographs are best considered
demonstrative evidence. The photograph
here shows some of the clothes worn by the victim in Case in
Point 3.1.

considered documentary evidence because the video was
produced as a direct result of the
crime. A crime scene sketch would be demonstrative evidence,
not documentary evidence,
because that evidence was produced only indirectly as a result
of the crime and only after
the crime occurred.
49
50
Corpus delicti
evidence: Evidence
that helps establish that
a crime occurred.
Corroborative
evidence: Evidence
that supplements and
strengthens already-
existing evidence.
Cumulative
evidence: Evidence
that duplicates but
does not necessarily
strengthen already-
existing evidence.
Associative
evidence: Evidence
that links people, places,

and things to each other.
Identification
evidence: Evidence
that has as its purpose
the identification of a
person.
Behavioral evidence:
Evidence that provides
a basis on which to
identify the type of
person who committed
a crime.
• • • The Functions of Evidence
Evidence, be it testimonial, real, demonstrative, documentary,
circumstantial, or direct, may
serve various purposes or functions in establishing proof. In this
sense, evidence can be
classified as corpus delicti evidence, corroborative evidence,
cumulative evidence, associa-
tive evidence, identification evidence, or behavioral evidence.
CORPUS DELICTI EVIDENCE
Corpus delicti evidence refers to evidence that establishes a
crime actually occurred. For
example, a dead body with knife in its back is best considered
corpus delicti evidence that
a homicide occurred. The presence of semen recovered from a
victim may help establish
that a rape occurred (of course, the presence of semen does not
always prove that a rape

occurred, just as the absence of semen does not always prove
that a rape did not occur). A
victim's statement that property is missing from his or her house
and that no one had per-
mission to take it establishes that a burglary occurred. In cases
such as these, the dead body,
the semen, and the victim's statement constitute corpus delicti
evidence.
CORROBORATIVE EVIDENCE
Corroborative evidence is evidence that is supplementary to the
evidence already available
and that strengthens or confirms that available evidence. For
example, a male suspect is
apprehended near a burglary scene and his fingerprints are
collected from the scene. The
fingerprints would corroborate the statements of a witness who
saw the suspect running
from the house with a television.
CUMULATIVE EVIDENCE
Cumulative evidence is evidence that duplicates but does not
necessarily strengthen
already-existing evidence. For example, when investigators find
five witnesses (as opposed
to just one) who can provide the same details about the same
incident, this constitutes
cumulative evidence.
ASSOCIATIVE EVIDENCE
Associative evidence is evidence that can be used to make links
among crimes, crime scenes,
victims, suspects, and tools or instruments. Evidence may also
prove to be dissociative,
showing a lack of association between crime scenes, victims,
and so forth. Most evidence

in criminal investigations is used to establish associations.
IDENTIFICATION EVIDENCE
Evidence that leads to the identification of a person is
considered identification evidence.
Fingerprints and DNA most commonly serve this purpose.
Fingerprints and DNA may be
recovered from a crime scene, and through the use of an
automated computerized search,
the perpetrator may be identified. Dental evidence can also be
used to make identifications,
usually of dead bodies.
BEHAVIORAL EVIDENCE
Behavioral evidence provides a basis on which to identify the
type of person who might be
responsible for a particular crime and considers directly the
nature of the crime and how it
was committed. Behavioral evidence constitutes the basis on
which a psychological/crime
scene or geographical profile may be built or on which
linguistic analysis may be con-
ducted. Behavioral evidence is discussed in more detail in
Chapter 8.
PHOTO 3.6: An empty box of cigarettes located at the
convenience store crime scene from Case in
Point 3.1 .
PHOTO 3.7: Upon conducting a search of the house of one of
the suspects, several packs of cigarettes

were found in the corner of the bedroom by the bed. The
cigarettes associated the suspect to the crime
scene and served as associate evidence.
• • Documenting Evidence: The Value
and Importance of Investigative Reports
Reports are written documents that contain information relating
to a criminal incident and
its investigation. As illustrated in the police report excerpts
provided in Case in Point 3.1 in
51
PHOTO 3.8: In the process of being attacked in a vehicle, a
woman broke her fingernail.
PHOTO 3. 9: When the vehicle was recovered, a broken
fingernail was discovered. The fingernail
associated the victim with the vehicle.
this chapter, as well as in the police reports included in
Chapters 6, 10, 11, 12, and 13,
investigative reports contain information about the criminal
incident (e.g., who, what,
where, when, and sometimes why and how). They are used to
document the activities per-
formed in the investigation and the information uncovered as a
result of those activities.
This could include, for example, witness statements and
identifications, the presence of
physical evidence recovered from the crime scene, and/or the
confession obtained from the

perpetrator. Investigative reports may also include details on the
offender's MO and
descriptions of the suspect, the suspect's vehicle, and the
property taken. Incident reports
are most often written by patrol officers at the conclusion of the
initial investigation.
Supplementary reports typically consist of a narrative that
describes in more detail the leads
in the case, the sources of the leads, the results of the leads, and
statements from witnesses
and suspects. Supplementary reports are most often completed
by detectives on an ongoing
basis throughout a follow-up investigation.
It is difficult to overemphasize the importance and value of
well-written and thorough
reports in investigations. Report writing is an extremely
important skill and activity for
police officers and detectives. Investigative reports reflect the
writer's education, intellect,
training, and competence as an investigator, similar to how the
papers you write in college
are a reflection of your capabilities as a student. Most police
departments do not "grade"
officers' reports; however, reports are usually reviewed by
supervisors for style, form, com-
pleteness, and accuracy. Indeed, contrary to what is portrayed in
television detective dra-
mas, a considerable amount of investigators' time is spent
simply reading and writing

reports.
Investigative reports may be read by numerous people for
various reasons. Other police
officers, investigators, and supervisors certainly read reports,
and so do prosecuting attor-
neys, defense attorneys, judges, citizens, the media, and others.
Each person who reads a
report may have a different reason for doing so. Police
supervisors may read reports in
order to determine whether a case should receive a follow-up
investigation or to manage
progress and activities in investigations. Investigators may read
reports to determine what
has been done in the investigation and what activities still need
to be performed.
Investigators often review their own reports when testifying in
court to refresh their mem-
ory of the crime and the investigation. Prosecutors read reports
to become familiar with the
conduct of the investigation and the evidence in the case. They
use reports in order to
determine whether charges should be pursued against a suspect
and, if so, what those
charges should be. They also use them to prepare cases for trial.
Like prosecuting attorneys,
defense attorneys read investigators' reports to become familiar
with the investigation and
the evidence in the case. Defense attorneys often question
investigators about their reports
when the investigators testify in court. Finally, judges may
review reports to familiarize
themselves with the evidence in the case, to understand how the
investigation was con-
ducted, and to review the legality of officers' and investigators'
conduct.

For all these reasons, it is critically important that reports be
well written, accurate, com-
plete, and in proper form. Police officers and investigators
typically receive numerous hours
of training regarding the technical aspects and requirements of
report writing in their
respective agencies. Briefly, several basic rules can be
identified for writing good reports: 3
• Reports should be well organized. The
narrative of the report should identify,
in chronological order, the activities
performed by the investigator who
wrote the report, and it should identify
the information/evidence obtained as a
result of those activities.
• Reports should be factual, specific,
and detailed. Opinions, personal
beliefs, and summary conclusions
should not be included in reports.
Conclusions may not be justified,
may be ambiguous, and may be
misinterpreted. For example, instead
of writing, "She then confessed to the
crime," the words actually spoken
should be included in the report.
• Reports should be written in past
tense, first person, and active voice.
For example, "I then spoke with
Mr. Roberts. He stated that he was at
home with his two children between
6:00 p.m. and 7:00 p.m." is preferred

over "Mr. Roberts was then spoken
to. He states that between 6:00 p.m.
and 7:00 p.m., he was at home with
his two children." In addition to the
second statement being awkwardly
written, it is not even clear who spoke
with Mr. Roberts.
53
54
• Reports should be accurate. Details
matter. Details minimize the possibility
for misinterpretation and confusion.
Even basic errors, such as misspellings
of names, incorrect date of births, and
wrong addresses, can be significant,
especially when the report is in the
hands of a defense attorney who
wishes to question the competency of
an investigator. Little errors can lead
to big problems.
• Reports should be objective. All
facts that appear relevant should be
included, regardless if they support
the case or not. In addition, the
words used in the report should also
CRI MINAL INVESTIGATION
be objective. The best way to ensure
objectivity in word choice is to be as

factual as possible. Instead of writing
" Mr. Roberts had the appearance of a
gang member," write "Mr. Roberts had
a tattoo that read 'Vice Lords' on his
chest." Instead of writing "Mr. Roberts
claimed that he was at home," write
simply "Mr. Roberts stated that he
was at home." Interestingly, the word
stated is probably the most common
word included in investigative reports.
• Reports should be written in Standard
English. The rules of the English
language apply to investigative
reports. 4
Reporting and record-keeping processes and policies vary
considerably across agencies, as
do the actual reports completed by investigators. In most
agencies the process is computer
automated, so reports can be typed on computers or dictated. In
some agencies reports are
handwritten. Some agencies store and process reports
electronically, others manually. The
one consistent dimension across agencies regarding
investigative reports is that much of
investigators' time is spent reading and writing them.
MAIN POINTS
1. Criminal evidence is any crime-related information
on which an investigator can base a decision
or make a determination. Evidence is used to
establish proof that a crime was committed and

that a particular person committed that crime.
2. Judicial evidence is evidence that is admissible in
court and meets the rules of evidence; it is often
referred to as admissible evidence. Extrajudicial
evidence is any information on which an
investigative decision can be based but that is not
allowed in court proceedings; it is often referred to
as inadmissible evidence.
3. Exculpatory evidence is evidence that tends to
exclude or eliminate someone from consideration
as a suspect. lnculpatory evidence is evidence that
tends to include or incriminate a person as the
perpetrator.
4. Probable cause exists when it is more likely
than not that a particular circumstance exists.
Probable cause is the standard of proof of most
direct relevance to investigators in solving crimes,
especially when conducting searches and making
arrests. Proof beyond a reasonable doubt is the
standard of proof needed in a trial to conclude that
a defendant is guilty of a crime. In order for police to
legally stop and frisk an individual, the police have
to have a reasonable suspicion about that person's
involvement in or association with a criminal act.
s. Direct evidence refers to crime-related information
that immediately demonstrates the existence
of a fact in question. As such, no inferences or

presumptions are needed to draw the associated
conclusion. On the other hand, indirect evidence,
which is also known as circumstantial evidence,
consists of crime-related information in which
inferences and probabilities are needed to draw an
associated conclusion.
6. Testimonial evidence is evidence that is presented
in court through witnesses speaking under oath.
Testimonial evidence often begins as statements
made to the police.
7. Lay witnesses are individuals whose testimony
is limited to the facts as personally observed.
Expert witnesses are persons who possess special
knowledge about a particular issue or phenomenon
under examination. Expert witnesses are able to
express their opinions about the issue in court and
speak about hypothetical cases.
8. When someone repeats information that someone
else said, it is hearsay. Hearsay is most often
excluded from consideration in court proceedings
because it is considered unreliable, although there
are several exceptions to the hearsay rule.

9. Real evidence is also known as physical evidence,
scientific evidence, or forensic evidence. Real
evidence refers to tangible objects that can be held
or seen and that are produced as a direct result
of the commission of the crime. Demonstrative
evidence refers to tangible objects that relate to
the crime or the perpetrator and that are produced
indirectly from the crime. Documentary evidence
refers to any evidence in the form of a document
or to evidence that documents some issue directly
related to the crime.
10. corpus delicti evidence refers to evidence that
establishes that a crime actually occurred.
IMPORTANT TERMS
Corroborative evidence is evidence that is
supplementary to the evidence already available
and that strengthens or confirms it. cumulative
evidence is evidence that duplicates but does not
necessarily strengthen already-existing evidence.
Associative evidence is evidence that can be used
to link crimes, crime scenes, victims, suspects,
and tools or instruments. Evidence that can be
used to identify a perpetrator is considered to
be identification evidence. Behavioral evidence
provides a basis on which to identify the type of

person who may be responsible for a particular
crime and considers directly the nature of the
crime and how it was committed.
11. Reports are written documents that contain
information relating to a criminal incident and
its investigation. They are used to document
the particulars of a crime and the investigation.
Investigative reports may be read by numerous
people for different purposes.
12. Reports should be well organized; they should
be factual, specific, and detailed; they should be
written in past tense, first person, and active voice;
they should be accurate and objective; and they
should be written in Standard English.
Associative evidence, 50
Behavioral evidence, 50
Beyond a reasonable doubt, 39
Corpus delicti evidence, 50
Corroborative evidence, 50
Cumulative evidence, 50
Demonstrative evidence, 47
Direct evidence, 40

Documentary evidence, 48
Exculpatory evidence, 39
Expert witnesses, 46
Extrajudicial evidence, 39
Hearsay, 47
Preponderance of the evidence, 39
Probable cause, 39
Proof, 39
Real evidence, 47
Reasonable suspicion, 39
Standards of proof, 39
Testimonial evidence, 46
Identification evidence, 50
lnculpatory evidence, 39
Indirect evidence, 43
Judicial evidence, 38
Lay witnesses, 46
QUESTIONS FOR DISCUSSION AND REVIEW
1. What is the difference between judicial evidence

and extrajudicial evidence?
2. What is the difference between exculpatory
evidence and inculpatory evidence?
3. What is proof? What are the various levels or
standards of proof?
4. What is the difference between direct evidence and
indirect evidence? Is one type of evidence more
56
useful than the other? What are various types of
circumstantial evidence?
5. What are the differences between testimonial
evidence, real evidence, documentary evidence,
and demonstrative evidence?
6. What is hearsay? What is the hearsay rule? What
are the major exceptions to the hearsay rule?
7. What are lay witnesses and expert witnesses?
What is the role of each in court?
~SAGE edge™
Give your students the SAGE edge!
CRIM INAL INVESTIGATION
8. What are corpus delicti evidence, corroborative

evidence, cumulative evidence, associative
evidence, identification evidence, and behavioral
evidence?
9. Why are accurate, thorough, and well-written
investigative reports so important in criminal
investigations?
10. What are the rules to follow when writing
investigative reports?
SAGE edge offers a robust online environment featuring an
impressive array of free tools and resources for review, study,
and further exploration,
keeping both instructors and students on the cutting edge of
teaching and learning. Learn more at
edge.sagepub.com/brandl4e.
CHECK YOUR COMPREHENSION ON
THE STUDY SITE WITH:
• eFlashcards to strengthen your
understanding of key terms.
• Practice quizzes to test your
comprehension of key concepts.
• Videos and multimedia content to
enhance your exploration of key

topics
Yhffi Lffiww ffiffire# ffiffiffiffimrremffi
trffiwffiffiffififfiffiffififfircffi
Joe Raedle/cetty lmages News/cetty lmages
OBJECTIVES
After reading this chapter you will be able to:
• Discuss the qualities that
evidence must have in order for
it to be admissible in court.
• Explain the chain of custody, its
purpose, and why it is important.
• Define the exclusionary rule and
explain its impact on criminal
investigations and the criminal
justice process.
• Identify the Miranda warnings
and describe circumstances
under which the police must
notify suspects of their Miranda
rights.

• Discuss the role of arrest
warrants and search warrants
in the criminal investigation
process.
• Identify the ways the police may
attempt to "get around" the
Fourth Amendment.
• Discuss the impact of the
Miranda requirement on criminal
investigations and the criminal
justice process. • Define interrogation from
the perspective of the Fifth
Amendment.
• Discuss the exceptions to the
search warrant requirement.
From the CASE'; FILE
Ernesto Miranda'§Confession
Miranda v. Arizona (1966) is perhaps the most well-
known U.S. Supreme Court case ever decided. If a
person knows of any Supreme Court case, this is
probably the one. It is also the case most applicable
in law enforcement; in just about every investigation
in which a suspect is identified, Miranda applies.
However, despite being so well known and frequently
cited, the case is often misunderstood. The Miranda
decision was also extremely controversial. When
Miranda warnings were first instituted, the police
thought suspects were never again going to confess
to the crimes they committed. The police and many
law-abiding citizens believed the Supreme court

went too far in its protection of criminals' rights. Most
incredibly, there were calls for the impeachment of
the Supreme Court justices who were in favor of the
law; it is difficult to identify another case in which
that happened. Given the prominence of the Miranda
decision in the conduct of criminal investigations, it is
important to consider more closely the details of the
investigation that gave rise to the Miranda warnings.
In the early morning hours of March 3, 1963, in
Phoenix, Arizona, eighteen-year-old Kathy Midare (not
her real name) was on her way home after working
the evening shift at a local movie theater. It was
about 12:10 a.m. when she got off the bus to walk the
remaining short distance to her home. As Kathy was
walking, a car stopped about a block in front of her,
and a man got out of the car and walked toward her.
The man grabbed Kathy, put his hand over her mouth,
and dragged her to his car. Once in the back seat
of the car, the man tied her hands behind her back
and then tied her ankles. He drove for about twenty
minutes to the desert and then raped her in the back
seat of the vehicle. He took $4 from her then drove her
back to the city and let her out of his car a half mile
from her house. He then drove off.
The police were notified of the incident by Kathy's
sister, who was home when Kathy arrived. Kathy told
the police that the man appeared to be in his late
twenties, was Mexican, had a scant mustache, was
about 6' tall, and weighed about 175 pounds. He had
short, black curly hair and was wearing blue jeans,
a white shirt, and glasses. She described the car as
either a Ford or a Chevy and said that it was light
green with brown upholstery. She noted that a loop of

rope was hanging from the back of the front seat of
the car. The statement she provided to the police was
confusing, but Kathy was mentally disabled.
on March 11, as the police were looking for the man
who attacked Kathy, her brother-in-law notified the
police that two days earlier he and Kathy had seen a
green car in the neighborhood that Kathy said looked
60
like the one driven by the attacker. He was able to
provide the police with a partial license plate number
and said the make of the car was a Packard. After
some searching the police were able to determine the
owner of the car was a Phoenix resident named
Twila N. Hoffman. Upon checking the address of
the woman, the police learned she and her live-in
boyfriend had just recently moved out of the house. on
March 13 the police tracked down the woman at
her new address and found the green Packard in the
driveway. In looking inside the car, an officer saw a
loop of rope hanging from the back of the front seat,
just as described by Kathy.
The pol ice found Ernesto Miranda asleep in the
house. Miranda was twenty-three years old and, it
was quickly learned, had a long history of delinquent
and criminal behavior. The police arrested Miranda,
transported him to police headquarters, and
placed him in a lineup with three other Mexican
Americans to be viewed by the victim. Kathy could
not positively identify Miranda as the perpetrator. In
the interrogation room, however, police told Ernesto

that he had been identified by the victim. After two
hours of questioning, he confessed to the kidnapping
and rape of Kathy Midare as well as two other recent
crimes-a robbery and an attempted rape. Police
then provided a sheet of paper to Miranda on which
to provide a handwritten confession. The following
disclaimer was at the top of the paper: "I, (Ernesto A.
Miranda), do hereby swear that I make this statement
voluntarily and of my own free will, with no threats,
coercion, or promises of immunity, and with full
knowledge of my legal rights, understanding that any
statement may be used against me."1 The confession
provided by Miranda was similar to the account
provided by his victim.
At the trial, which took place June 20, 1963, the
prosecutor presented Miranda's written confession,
along with testimony from the victim, her sister, and
the two police officers who found and questioned
Miranda. The defense did not present any witnesses
or evidence. The confession was admitted in court
despite the objections of Miranda's court-appointed
attorney, who argued to the judge that the confession
was coerced and therefore inadmissible. The judge
ruled that the case of Gideon v. Wainwright (1963)
offered the benefit of defense counsel at trial, not
upon arrest, and therefore the confession was legally
obtained and admissible. The jury found Miranda guilty
of rape and kidnapping, and he was sentenced to
twenty to thirty years in prison.
Miranda's attorney appealed the conviction to the
Arizona Supreme court with the argument that the

confession was not voluntarily offered. Meanwhile,
during this time and while Miranda was serving his
sentence in prison, the U.S. Supreme court ruled in the
case of Escobedo v. Illinois (1964) that defendants have
the right to an attorney at the interrogation stage of
criminal proceedings. However, because Miranda had not
requested an attorney at the time he was questioned by
the police, the Arizona Supreme court ruled the Escobedo
decision did not apply. The court upheld the conviction.
In June 1965 a request for review of the case by the
U.S. Supreme court was made by Miranda's new
defense counsel. In writing the appeal, the attorneys
framed the legal issue of the case as being whether a
suspect needs to be explicitly informed of his or her
right to counsel by the police or if suspects should
simply know those rights without being advised of
them. The court issued its decision on June 13, 1966.
Chief Justice Earl Warren wrote the sixty-page opinion
for the five-member majority. The court ruled that
the person in custody must, prior to
interrogation, be clearly informed that he has the
right to remain silent, and that anything he says
will be used against him in court; he must be
clearly informed that he has the right to consult
with a lawyer and to have the lawyer with him
during interrogation, and that, if he is indigent, a
lawyer will be appointed to represent him.
As a result of this decision, the conviction of
Miranda was overturned, but Miranda did not
go free. Prosecutors who won the original case
against Miranda decided to retry him on the rape
and kidnapping without the original confession as
evidence. At the new trial, Miranda's common-law wife

provided testimony that Miranda had earlier confessed
to her about the rape. Miranda was convicted again
and received the same sentence of twenty to thirty
years. Miranda was released on parole in 1972 after
serving a total of nine years for the crimes committed
against Kathy Midare.
During the following years, Miranda was cited on
several occasions for driving and traffic violations
and once for being in possession of a firearm. For
this arrest (and violation of parole) he was sent back
to prison for a year. In January 1976, after being
released from prison, Miranda got into a fight in a bar,
apparently over $5, and was stabbed to death. Ernesto
Miranda was thirty-six years old. No arrests for his
murder have been made.2
Chapter 4 • The Law and Criminal Investigations 61
PHOTO 4.1: Ernesto Miranda, the man responsible for the
Miranda warnings.
Case considerations and Points for Discussion
1. With regard to the investigation, what was the most
important evidence in the case that led to the initial
identification of Miranda as a suspect in the rape of
Kathy Midare?
3. How did the two Supreme court decisions of Gideon v.
Wainwright (1963) and Escobedo v. J/linois (1964) relate

to the decision made in Miranda v. Arizona (1966)7
2. What role did Miranda's confession to the police
have in solving the crime? How important was the
confession in obtaining the initial conviction?
4. The supreme Court provided two "qualifiers," or
circumstances, as to when the police must inform
suspects of their Fifth Amendment rights. What are
these two circumstances?
• • • Basic Legal Terminology
Before proceeding to a discussion of the qualities of evidence
and the legal procedures
involved in collecting evidence, it is necessary first to
understand some basic legal terminol-
ogy. The concepts of arrest, arrest warrant, search, and search
warrant are discussed here.
First, an arrest occurs when the police take a person into
custody for the purposes of criminal
prosecution and interrogation (Dunaway v. New York, 1979). If
a person is under arrest, that
person is in custody of the police. However, a person can be in
custody of the police but not
under arrest. To be in custody simply means that the person is
deprived of his or her freedom,
if only the freedom to leave. To be in police handcuffs does not
necessarily mean to be under
arrest, but a person in handcuffs is most likely in custody. The
surest way to know if a person
is under arrest is if that person is told by the police he or she is

under arrest. To place a person
under arrest, there must be probable cause that a crime occurred
and that the person in cus-
tody committed it. The surest way to know if a person is in
custody is if that person is not free
to leave. Citizens in custody have certain protections from the
police that people who are
under arrest do not have. In addition, citizens who are in
custody or under arrest must be told
of their Fifth Amendment rights (i.e., Miranda rights) prior to
questioning.
Arrest: An arrest
occurs when the
pol ice take a person
into custody for the
purposes of criminal
prosecut ion and
interrogation.
Custody: Generally
speaking, a person is in
custody of the police if
that person is not free
to leave.
To make things even more complicated, a person who is stopped
by the police is also not
free to leave but is not necessarily under arrest or in custody.
And, along with arrests and
stops, there are also encounters, or nonstops. A nonstop is an
encounter, confrontation, or

questioning of a subject by a police officer that requires no
justification. However, during
a nonstop the subject is legally free to leave.
There are occasions in which the police speak to prisoners in
jail or in prison. The Supreme
Court has ruled that an inmate is not in custody for Miranda
purposes simply by being incar-
cerated. As in other situations, if the subject is free to end the
questioning and leave the inter-
view, the subject is not in custody, even if he or she is
incarcerated (Howes v.
Fields, 2012).
The Bottom Line Second, an arrest warrant is a document
approved by a judge or magistrate
and provided to a law enforcement officer that authorizes the
arrest of the
named person believed to have committed an identified crime.
The over-
whelming majority of arrests made by the police are made
without an arrest
warrant because they are made in public. An arrest warrant is
required when
( 1) the police must enter a home to make an arrest, although if
there are exi-
gent circumstances or consent is given, the police do not need a
warrant to
enter or to make an arrest, and (2) when the police seek to make
an arrest of
a subject in a third party's home, although, again, if there are
exigent circum-
stances or consent given by the third party to enter the home,
the police do
not need an arrest warrant. By matter of policy, many police

departments
require that investigators obtain arrest warrants prior to making
arrests in
situations where time is less of an issue than when an officer is
confronted
with a criminal incident and suspect on the street. In any case,
arrests and
arrest warrants must be based on probable cause that a crime
occurred and
that the person to be arrested committed that crime. The arrest
warrant must
be issued by a neutral and detached magistrate, and it must
name the accused
or provide a specific description of the person so that his or her
identity is not
in question.
When Is an Arrest warrant
Necessary?
An arrest warrant is necessary
when the police enter a home
to make an arrest unless there
are exigent circumstances
that make immediate police
action necessary or the police
obtain consent to enter the
home. When the police enter
the home of a third party to
arrest a suspect, the police are
also required to have a search
warrant to enter that home,
unless exigent circumstances
exist or consent has been

obtained by the third party to
enter and search the home.
Third, a search can be defined as a governmental infringement
into a per-
son's reasonable expectation of privacy for the purpose of
discovering
things that could be used as evidence in a criminal prosecution
(Katz v.
Arrest warrant: A
document issued by a
judge that authorizes
the arrest of an
ind ividual.
Search: A
governmental
infringement into a
person's reasonable
expectation of privacy
for the purpose of
discovering things
that could be used as
evidence in a crimina l
prosecution.
Search warrant: A
document issued by a
judge that authorizes
a search of a person,
place, or veh icle for
purposes of seizing
evidence.
United States 1967). A reasonable expectation of privacy exists

when a person believes his
or her activity will be private and this belief is reasonable (Katz
v. United States 1967). A
seizure is an act of the police in taking control over a person or
thing (e.g., weapon, evi-
dence). Nearly all searches must be based on probable cause,
although, as discussed later,
there are exceptions.
Last, a search warrant is similar to an arrest warrant except that
it specifies the per-
son, place, or vehicle to be searched and the types of items to be
seized by the law
enforcement authority. Similar to arrests, most searches are
conducted without a
warrant.
When obtaining a valid search warrant, several requirements
must be satisfied:
• The search warrant must be based on
probable cause (Franks v. Delaware, 1978).
• The facts must be truthful (Illinois v.
Gates, 1983).
• Probable cause cannot be based on stale
information (United States v. Leon, 1984).
• Probable cause must be determined
by a neutral and detached magistrate
(Coolidge v. New Hampshire,
1971).
• The search warrant must be served

immediately.
• The search warrant must identify
what is to be seized and what is to be
searched (Maryland v. Garrison, 1987;
United States v. Leon, 1984 ).
Chapter 4 • The Law and Criminal Investigations
PHOTO 4.2: The police need a search warrant to conduct a
search unless the search involves a
situation in which a warrant is not necessary. Most searches
involve one of these situations; as a result,
most searches are conducted without a warrant.
63
There are generally three documents in a search warrant
application. First is
the search warrant itself. Second is the affidavit that provides
facts to estab-
lish the probable cause needed to support the warrant. Third is
the search
warrant inventory and return, which are completed after the
search warrant
has been executed and identifies the items seized. These
documents are filed
with the court that issued the warrant.
The Bottom Line
• • • The Rules and
Admissibility of Evidence
All evidence admitted into court for consideration by a judge or

jury must
have certain qualities. First, all evidence must be relevant. If
evidence is rele-
vant, then the evidence has some bearing on the case or on some
fact that is
trying to be established. For example, in one case child
pornography discov-
ered on a suspect's computer was considered relevant in a child
kidnaping
case, but "Peeping Tom" videos made by the suspect that
showed adult
women were ruled by the judge to not be relevant to the case.
When Is a search warrant
Necessary?
A search warrant is
necessary whenever an
exception to the search
warrant requirement
does not apply. These
exceptions can include
incidents involving exigent
circumstances, vehicles,
other places and things,
hot pursuit, search incident
to arrest, stop and frisk,

plain view, and consent (as
discussed in detail later in
the chapter).
Second, all evidence must be material. Evidence is material if it
is significant. Evidence is
material if it makes the existence of a fact more probable than it
appeared prior to the
introduction of the evidence. If evidence is material, then it may
influence the issue at
hand-the point trying to be established. For example, in the
kidnapping case mentioned
above, testimony about the missing girl's fingerprints being
found in the suspect's house
was ruled to be material as the prints could influence the
determination that the girl was in
the suspect's house. The determination as to relevance and
materiality of evidence is made
by judges and depends heavily on the particular facts of the
case.
Relevant evidence:
Evidence that relates to
the case at hand.
Material evidence:
Evidence that is
significant and can help
prove a fact.
64

Competent
evidence: Evidence
that is valid and of
quality.
Frye test: A legal test
to determine whether
scientific evidence is
admissible; evidence
must be generally
accepted by the
scientific community.
Daubert standard: A
legal test to determine
whether scientific
evidence is admissible;
evidence must be based
on scientific knowledge.
Necessary evidence:
Evidence used to
establish a legitimate
point, not to simply
arouse feelings or to
shock.
Chain of custody:
The record of ind iv id ua Is
who maintained control
over the physical
evidence from the time
it was obtained by the
police to when it was
introduced in court.

Third, all evidence must be competent. Incompetent evidence is
of questionable value. It is
considered invalid or untruthful. There are three categories of
incompetent evidence:
(1) evidence wrongfully obtained (e.g., as the result of an
illegal search or an involuntary
confession), (2) statutory incompetency (e.g., when federal or
state law prohibits the intro-
duction of certain forms of evidence, such as polygraph results),
and (3) evidence rendered
incompetent by court-established rule (e.g., hearsay evidence).
If evidence is ruled incompe-
tent, it is not admissible even if it is relevant and material.
With regard to statutory incompetence in particular, the rulings
from two court cases are
of importance. First, the Frye test relates to Frye v. United
States (1923 ), when the U.S.
Court of Appeals refused to admit novel evidence in court that
was not generally accepted
in the scientific community. In 1993, in the case of Daubert v.
Merrell Dow Pharmaceuticals
(1993 ), the U.S. Supreme Court replaced the Frye test for
determining the admissibility of
scientific evidence. The fundamental question for the Daubert
standard is, is the evidence
and corresponding testimony based on scientific knowledge?
Daubert provided some con-
siderations for judges in making this determination:
• Is the theory or technique on which
the testimony is based capable of
being tested?

• Does the technique have a known rate
of error in its application?
• Has the theory or technique been
subjected to peer review and
publication?
• What is the level of acceptance in the
relevant scientific community of the
theory or technique?
• What is the extent to which there are
standards to determine acceptable use
of the technique?
In addition to the Daubert decision, another basis on which to
exclude scientific evidence
is constituted by Federal Rule 403 and its state court
equivalents, which allow a trial judge
to exclude evidence that is relatively weak or that may cause
confusion, consume too much
time, or cause unnecessary prejudice to a party.
Fourth and relatedly, the introduction of all evidence at trial
must be necessary. Evidence
must be introduced to establish a point. If the only purpose of
presenting evidence is to
arouse feelings or to be dramatic, the introduction of the
evidence is not necessary and may
only prejudice a jury. Arguments regarding the necessity of
evidence are often raised by
defense attorneys with regard to the introduction of gruesome
crime scene or autopsy
photos.

Finally, with regard to physical evidence specifically, the chain
of custody must be main-
tained. The chain of custody refers to the record of individuals
who maintained control
(custody) over the evidence from the time it was obtained by the
police to when it was
introduced in court. At minimum it would likely include details
about the collection of the
evidence from the crime scene, the storage of the evidence in
the police evidence room, and
the transfer of the evidence to court for trial. The chain of
custody is to ensure the security
of physical evidence. If a chain of custody is not established or
can be questioned, the value
of the evidence itself may be questioned.
• • • Constitutional Requirements
for the Collection of Evidence
In order for evidence to be admissible in court, not only does it
have to have certain quali-
ties, but the police also have to follow certain legal rules in
collecting it. These laws are
intended to protect citizens from unwarranted governmental
intrusion into their lives.
Chapter 4 • The Law and Criminal Investigations
These rules represent the civil liberties of citizens and,
as far as criminal investigation is concerned, relate to
the protections offered by the Fourth, Fifth, and Sixth
Amendments to the U.S. Constitution. The procedures
associated with arrests, searches, and seizures relate to
the Fourth Amendment and courts' interpretation of it.

THE LAW OF SEARCH AND
SEIZURE: THE FOURTH AMENDMENT
The Fourth Amendment reads as follows:
The right of the people to be secure in their persons, houses,
papers, and effects, against unreasonable searches and seizures,
shall not be violated, and no warrants shall issue but upon
probable cause, supported by oath or affirmation, and
particularly
describing the place to be searched, and the person or things to
be
seized.
Over the years a multitude of court cases have defined and
inter-
preted the meaning of the Fourth Amendment. In essence, the
intent
of the Fourth Amendment is to protect individuals' privacy and
pro-
tect against arbitrary intrusions into that privacy by government
officials. As such, as interpreted by the courts, the Fourth
Amend-
ment offers protection in a variety of situations.
WHAT IS THE PURPOSE OF THE FOURTH
AMENDMENT TO THE U.S. CONSTITUTION?
The purpose of the Fourth Amendment is to protect individuals'
privacy and protect against arbitrary intrusions into that privacy
by
government officials.
REASONABLE EXPECTATION OF PRIVACY
65

Fudging a Chain of Custody
As discussed, there is a legal requirement
that physical evidence be collected and
recorded in accordance with a chain of
custody. The chain of custody is meant to
ensure the integrity of the evidence. Let's
say that in a case the shoes of a subject
were collected as possible evidence, but
a chain of custody was not established at
the time they were seized; the detective
did not think the shoes would be useful
in the investigation, but he was not sure.
Because he had a lot of other work to do,
he put the shoes in his desk drawer and
forgot about them. Later it was determined
by the detective that the shoes and the
possible DNA on them might actually be
very important in the investigation. Upon
realizing that he should have created a
chain of custody for the shoes at the time
they were seized, the detective made one

Thumbnailsthumbnail.pngCristian DeWeeseDr. Rutherford Har.docx

Thumbnailsthumbnail.pngCristian DeWeeseDr. Rutherford Har.docx

Recommended

Recommended

More Related Content

Similar to Thumbnailsthumbnail.pngCristian DeWeeseDr. Rutherford Har.docx

Similar to Thumbnailsthumbnail.pngCristian DeWeeseDr. Rutherford Har.docx (20)

More from lillie234567

More from lillie234567 (20)

Recently uploaded

Recently uploaded (20)

Thumbnailsthumbnail.pngCristian DeWeeseDr. Rutherford Har.docx