What is the term used to describe the final stage of digital forensic investigation that refers to the facts of the case quizlet?

Chapter 1

1. Provide two reasons why it is very important for a police investigator to routinely critically assess all of the information they encounter.
   • Because every investigation is an accountable process, and because every investigation involves making decisions that could significantly affect people’s lives.
2. Provide two reasons why evidence gathered as part of an investigation must be collected in a structured way?
   • Because there are legal rules and processes that must be followed in order for evidence to be accepted by the court, and because the investigator must always be ready to articulate their thinking and justify their actions taken in court.
3. What do we mean when we say that an investigator must be “switched on”?
   • “Switched on” means approaching and working through an investigation with an intentionally high level of vigilance in terms of the collection, assessment, and validation of information and evidence.”
4. In a single sentence, summarize “Locard’s Exchange Theory”?
   • Locard’s Exchange Theory states that a person always leaves some trace of themselves at a crime scene, and always takes some trace of the crime scene when they leave.
5. List seven characteristics commonly found in good investigators.
   • Being passionate about following the truth, being detailed oriented, patient, tenacious, objective, conscious of own thinking and biases, and being knowledgeable about the skills needed to conduct evidence and present that evidence in court.
6. What are the skills a modern-day officer must achieve to respond to events and investigate crimes?
   1. Critical Incident Response
   2. Interpretation of criminal law and offence recognition
   3. Crime scene management
   4. Evidence identification and preservation
   5. Engaging forensic tools for evidence analysis
   6. Witness assessment and interviewing
   7. Suspect questioning and interrogation
   8. Case preparation and documentation
   9. Evidence presentation in court
7. What is the first step in developing an investigative mind-set?
   • Becoming intentionally aware of, and intentionally engaged in, your own investigative thinking processes.
8. What is the level of forensic knowledge that a modern day investigator must achieve to become an effective investigator?
   • The modern day investigator must strive to be a forensic resource generalist with an understanding of the tools available and must be specialist in the deployment of those tools to build the forensic case.
9. Why must police investigators be mindful of the heuristic shortcuts discussed by Shaw and Oppenheimer (2008)?
   •  Because mental shortcuts can lead to the assessment of evidence using thinking that is not evidence based.
10. In addition to heuristic shortcuts, what are the other three negative investigative tendencies that can become obstacles to successful investigative outcomes?
    1. Tunnel vision
    2. Excessive secrecy
    3. Exclusive case ownership
11.  Why must investigators be mindful of excessive secrecy?
    • Because excessive secrecy can lead to missed opportunities to share information with persons who could make connections and reveal additional evidence.

Chapter 2

1. What exactly do we mean when we refer to “fundamental justice” for people who are charged with a criminal offence in Canada?
   • We mean that whoever alleges an offence to have taken place must prove it, the person accused of an offence has the right to see the evidence against them, the accused person of an offence has the right to answer to the charge and provide a defence, the trier of fact must not be biased, the trier of fact must base their decision upon evidence, and they must articulate the evidence considered when handing down a decision.
2. What protection regarding life, liberty and security is provided by Sec 7 of the Canadian Charter of Rights and Freedoms?
   • Everyone has the right to life, liberty and security and the right not to be deprived therefore except in accordance with the principles of fundamental justice.
3. What protection regarding search and seizure is provided by Sec 8 of the Canadian Charter of Rights and Freedoms?
   • Everyone has the right to be secure against unreasonable search and seizure.
4. What protection regarding detention or imprisonment is provided by Sec 9 of the Canadian Charter of Rights and Freedoms?
   • Everyone has the right not to be arbitrarily detained or imprisoned.
5. What protection on arrest or detention is provided by Sec 10 of the Canadian Charter of Rights and Freedoms?
   • Everyone has the right on arrest or detention to be informed promptly of the reasons for the arrest or detention, to retain and instruct counsel without delay and be informed of that right, and to have the validity of the detention determined by way of habeas corpus and to be released if the detention is not lawful.
6. What protection to witnesses is provided by Section 13 of the Canadian Charter of Rights and Freedoms?
   • A witness who testifies in any proceedings has the right to not have any incriminating evidence given used to incriminate them in any other proceedings, except in a prosecution for perjury or the giving of contradictory evidence.
7. What language protections are provided by Section 14 of the Canadian Charter of Rights and Freedoms?
   • A party or witness in any proceedings who does not understand or speak the language in which the proceedings are conducted or who is deaf have the right to the assistance of an interpreter.
8. What is the difference between “proof within a balance of probabilities” and “proof beyond a reasonable doubt”?
   • “Proof within a balance of probabilities” relates to civil cases and administrative law, and only requires a determination that one side is most likely/very probably correct. “Proof beyond a reasonable doubt” requires a determination that there is virtually no doubt that the accused is guilty. It does not involve proof to an absolute certainty, but more proof than the accused is probably guilty.
9. What is the general test for “reasonable grounds to believe”?
   • A reasonable person in the position of the arresting officer must be able to conclude that there were reasonable and probable grounds for the arrest.
10. When must an investigator remain diligent in collecting and preserving evidence, even though they believe they will not be proceeding with a criminal charge?
    • When they have reason to believe that the investigation may lead to a civil action.
11. What is the role of the investigator in court when presenting evidence?
    • The investigator presenting evidence in court is essentially a witness, being careful to present their evidence in an objective, respectful, and balanced manner. Importantly, they are officers of the court and not adversaries to the defence.
12. Why does the police investigator have to be attentive to common law?
    • Common law helps to define limits within statutory authorities and dictate the way the law is administered by, and by extension, helps define the way police investigations should be conducted, suspects should be treated, and the processes for collecting evidence and preserving it for court.
13. Can a police investigator decide whether or not an accused should be afforded the defence of necessity?
    • Not in cases where harm to persons or significant property damage has occurred. In such cases, the investigator may collect evidence respecting the defence of necessity, but the final interpretation of that evidence is to be decided by the court.
14. What common law doctrine can be applied when an accused is found in recent possession of stolen property?
    • The doctrine of recent possession, which allows the inference that unless an accused has a reasonable explanation for being in possession of certain property, it can be presumed that he/she had a role in the theft or related offence involving that property.
15. What evidence must a police investigator gather to demonstrate that an accused was willfully blind?
    • Evidence that demonstrates that the accused knew or should have known the nature of the offence taking place, and deliberately failed to respect the reality of the situation.
16. What does the term “mens rea” mean and why is it important?
    • It means the accused person had the mindful intent to commit the offence, and this is important to establish and state because nearly all crimes are only crimes where the accused can be showed to have had intent.
17. What is a prima facie case?
    • It is the presentation of evidence that, if believed, would establish each of the elements necessary for a prosecution to succeed. This evidence is sworn into a criminal information.
18. What is a criminal information?
    • It is a sworn statement of a police officer, presented in the form of a signed document that contains basic information about the criminal charge to be considered by the court. This is the first document considered by the court for consideration of a judge and includes information about the identity of the accused, the date or time frame in which the offence occurred, the place where the offence occurred, the identification of the offence and associated criminal code of other statute section, and the actions taken by the accused that will show they committed to the offence.
19. Is a police investigator protected from criminal or civil liability if they make an error or cause injury to a person?
    • Yes, except where they are found to have acted with criminal intent, or where they were reckless or criminally negligent in the execution of their duties.
20. In applying his/her discretion to not lay a charge where there is reason to believe a person has committed an indictable offence, what must a police investigator remember?
    • They must remember that they do not have absolute discretion. Rather, the discretion:
      1. Must be justified with concrete reasons,
      2. It has to be proportional to the offence
      3. It must be in the public interest, and
      4. It must not be based on any favouritism or bias.
21. When can a police investigator arrest without a warrant?
    • A police investigator can arrest without warrant, when he/she believes on reasonable grounds that a person has committed or is about to commit an indictable offence, when he/she finds someone committing a criminal offence…
22. When can a police investigator detain a person?
    • When the police investigator has a reasonable suspicion that a suspect is somehow implicated in the offence under investigation.

Chapter 3

1. What do we mean when we say that evidence will be considered by the court on its “probative value”?
   • “Probative value” refers to the weight or persuasiveness that the court assigns to a particular piece of evidence when considering its value towards proving a point in fact of the charge.
2. What is direct evidence, and
   •  Direct evidence is any evidence that proves the point in fact without the   interpretation of circumstances.
3. Provide three examples of direct evidence?
   • Examples being, an eye witness account, video tape evidence of the crime in progress, or the confession of a suspect.
4. Can an accused be convicted of circumstantial evidence alone?
   • Yes, so long as it leads to only one logical conclusion that satisfies the court as proof beyond a reasonable doubt.
5. What is inculpatory evidence?
   • Inculpatory evidence is any evidence that will directly or indirectly link an accused person to the offence being investigated.
6. What is exculpatory evidence?
   • Exculpatory evidence is the opposite of inculpatory evidence, in that it shows that the accused did not commit the crime.
7. What is corroborative evidence?
   • Corroborative evidence refers to any type of evidence that supports the meaning, validity, or truthfulness of another piece of evidence that has already been presented to the court.
8. What are the exceptions to the requirement of full disclosure?
   • Where the information involved is clearly irrelevant, considered privileged, risks exposing an ongoing police investigation, or would compromise the safety of a witness.
9. Is hearsay evidence ever admissible in court?
   • Hearsay evidence is admissible if it relates to a dying declaration, a witness is the recipient of a spontaneous utterance, or a witness is testifying to hearsay from a child witness who is not competent.
10. When can evidence be excluded by a court?
    • When the evidence was obtained following the violation of the Charter of Rights and Freedoms, including when police conducted an improper or unauthorized search of a person or a person’s property, when police fail to properly provide the appropriate warning and caution under Section 10 of the Charter, when police fail to provide a proper opportunity for an arrested or detained person to speak with counsel after arrest or detainment, and when failing to properly disclose all of the evidence prior to trial to allow the accused to make a full defence to the charge being considered.
11. If evidence was illegally obtained, is it automatically excluded by the court?
    • No, illegally obtained evidence can be admissible so long as after a careful consideration of the circumstances and consequences involved by the court, it doesn’t bring the administration of justice into disrepute.

Chapter 4

1. What is the difference between investigative tasks and investigative thinking?
   • Investigative tasks relate to the information gathering processes that feed into investigative thinking and the results. Investigative thinking, on the other hand, is the process of analyzing information and theorizing to identify suspects and develop investigative plans.
2. What is the difference between Level One Priorities and Level Two Priorities?
   • Level One Priorities refer to the protection of the lives and safety of people, including all attending officers. Level Two Priorities include protecting property, gathering and preserving evidence, accurately documenting the event, and establishing reasonable grounds to identify and arrest offenders.
3. What is the difference between a Tactical Investigative Response and a Strategic Investigative Response?
   • A Tactical Investigative Response is the response taken by the investigator to an Active Event, while a Strategic Investigative Response is the response taken to an Inactive Event.
4. What is the difference between an Active Event and an Inactive Event?
   • An Active Event is a situation where the criminal act is or may still in progress, the suspect is or may be at the scene, and/or there is or may be a danger to lives and safety of people (including attending officers). An Inactive Event is a situation where the criminal act has concluded at the scene, the suspect or suspects have left the scene or have been arrested or detained, and the scene no longer represents a danger to the life and safety of people, including attending officers.
5. When would an investigator consider the Threat vs. Action Analysis Dilemma?
   • When faced with a decision to enter a dangerous situation alone and take action or to wait for back-up to arrive before taking action.
6. When does an investigator have the authority to enter a dwelling house without a warrant?
   • Under the authority of Sec 529 of the Criminal Code an investigator may enter a dwelling house for the purpose of arresting or apprehending a person if he/she has reasonable grounds to believe that the person is present in the house, or if entry is necessary to prevent imminent bodily harm or death to any person, or if entry is necessary to prevent the imminent loss or imminent destruction of evidence, and if by reasons of exigent circumstances, obtaining a warrant would be impractical.
7. Why is it important for an investigator to thinking about “offence recognition” at the same time they are thinking about whether a situation should be classified as an Active Event or an Inactive Event?
   • It is important because the type of offence will guide the investigator’s mental inventory of the evidence and information they need to collect in support of a justification for an arrest or decision to not arrest.
8. What is the Response Transition Matrix (RMT)?
   • The Response Transition Matrix is a tool to illustrate the considerations for police response when considering the authorities and issues to de-escalate from a Tactical Investigative Response to a Strategic Investigative Response and to consider the need to obtain search warrants once the authorities of exigent circumstances are no longer available.

Chapter 5

1. What are the three most common errors investigators make in applying the Strategic Investigative Response?
   • The three most common errors include failing to identify and collect all of the available evidence and information, failing to effectively analyze the evidence and information collected to identify suspects and form reasonable grounds to take action, and becoming too quickly focused on one suspect or one theory of events and ignoring evidence of other viable suspects or theories that should be considered.
2. What five groups of tasks must an investigator follow through on to complete a thorough investigation?
   • The five groups include identifying and collecting all available evidence, identifying all the significant people involved (witnesses, victims, and possible suspects), accurately documenting the criminal event, accurately documenting the investigative actions, and formulating a reasonable investigative plan to identify a suspect and make an arrest.
3. What categories of tasks are involved in the Situation component of the STAIR tool?
   • The categories include breaking out the known facts of the event, classifying the offence as an Active event or an Inactive event, identifying all of people involved (witnesses, victims, and suspects), and completing an offence recognition.
4. What categories of tasks are involved in the Tasks component of the STAIR tool?
   • The categories include engaging either a Tactical Investigative Response or a Strategic Investigative Response, crime scene management, canvassing and interviewing witnesses, profiling the people involved, and documenting the event.
5. What categories of tasks are involved in the Analysis component of the STAIR tool?
   • The categories include:
     – Making observations and connections between people places, and circumstances
     – Enhancing the meaning of physical evidence by forensic analysis
     – Determining evidence of the motive, opportunity, and means to commit the offence
     – Creating timelines of activities
     – Developing assumptions and theories that will guide the investigative process
     – Developing investigative plans based on theories, and
     – Using existing evidence to validate or disconfirm the theories
6. What categories of tasks are involved in the Investigation component of the STAIR tool?
   • The categories include prioritizing the best investigative plans based on the most likely theory, testing theories against information and evidence discovered through investigation to identify suspects and form reasonable grounds, and possibly returning to ANALYSIS to form new theories or modify theories as new facts are found.
7. What categories of tasks are involved in the Results component of the STAIR tool?
   • The categories include protecting the lives and safety of the people involved, protecting property, gathering and preserving evidence, accurately documenting the event, and establishing reasonable grounds to identify and arrest suspects.

Chapter 6

1. Why must the investigator have the Results in mind at the outset of an investigation?
   • Because if the investigator knows where he/she is going and what the results need to be, he/she can know how to prioritize their actions to reach those results. Setting and monitoring those priorities is a critical piece of the mental mapping process.
2. What are five reasons some people reporting a criminal event lie, fabricate, embellish, or misrepresent the facts?
   • Some of the reasons are that the person is doing it for a personal gain such as a financial reward (e.g. insurance fraud), attempting to take revenge on someone, covering up personal involvement in the crime, attempting to shift responsibility for a crime to someone else, and covering up the involvement of an associate to divert prosecution.
3. What are four key questions an investigator should consider in authenticating a crime report?
   • The investigator should ask – Does the evidence support the report that an offence occurred, and if an offence did occur, did it happen at the time reported, did it happen at the place reported, and did it happen the way the fact pattern being reported suggests?
4. What is meant by evidence transfer?
   • Evidence transfer means that the evidence will transfer from a suspect to a crime scene, a suspect to a victim, from the crime scene to the victims, and/or from the crime scene to a suspect.
5. What is spatial relationship evidence?
   • It is evidence from circumstantial links that demonstrates a connection or relationship between objects, times, events, and people.
6. What is timeline evidence?
   • It is evidence that demonstrates a time alignment of the suspect to the criminal event or to the victim.

Chapter 7

1. What is a collaborative witness?
   • A collaborative witness is a person who can only provide circumstantial or indirect evidence of the events surrounding the crime. 
2. What is an independent witness?
   • An independent witness is someone not related to or associated in any way to the victim, the accused person(s), or the criminal event.
3. Can an accused person be compelled to testify regarding a crime they have been involved in?
   • Yes, if there is a co-accused they can be compelled to testify against that person. However, the testimony they give can’t be used against them in their own trial.
4. Are all persons considered competent to testify?
   • Yes, with the considered exception of children, persons with low mental capacity, and spouses – where it can be established in court that the person in question from one of these three groups of people is an incompetent witness.
5. What is witness credibility assessment?
   • This is a required task of the investigator whereby he/she seeks to determine the level of confidence that can be attributed to each witness.
6. What concerns should an investigator have about dominant witnesses?
   • Dominant witnesses pose a risk of potentially influencing or otherwise contaminating the statements of other witnesses.
7. What should an investigator do in the case of an active event where immediate in-depth interviews are not possible?
   • The investigator should conduct immediate field interviews of each person at the scene, do an immediate classification of each of these people as victims, witnesses, or suspects, and take appropriate measures to separate them for the purpose of physical security and protection of future testimony from cross-contamination of witness accounts and conformity.
8. Is it possible to have a witness statement in something other than written form?
   • Yes, witnesses can provide audio or video statements so long as they are ultimately transcribed and the witness signs the hard-copy transcription.
9. What are two negative aspects of having a witness attempting to identify a suspect by paging through volumes of criminal file photos?
   • The negative aspects are that the process can take a great deal of time, and a witness can sometimes become confused by being overloaded with too many faces.

Chapter 8

1. Can an investigator make changes (e.g. insert recalled facts) to the notes in his/her notebook when recalling information at a later date?
   • The investigator can’t ever change their notes, but they can record later recalled facts by writing them on a new note page, using the current time and date, and making a reference to the previous case notes, previous time, date, and page number.
2. What actions must an investigator take under the Tasks category of the STAIR tool to protect the integrity of the crime scene?
   • To protect the integrity of the crime scene, the investigator must lock down the scene, set up crime scene perimeters, establish a path of continuity, and establish crime scene security.
3. How is a crime scene perimeter defined?
   •  It is defined by the size of the crime scene as determined by the investigator, who will also ensure the perimeter is clearly marked by tape around its outside edges.
4. What is a path of contamination?
   • The path of contamination is a designated pathway established by the first investigator where authorized personnel can enter and re-enter a crime scene to conduct their investigative duties after the scene has been locked down.
5. What is a Crime Scene Security Log?
   • The Crime Scene Security Log is a document, created and maintained by the assigned crime scene security officer, to provide a running log of who attended the scene, when they attended, why they were there, and when they left the scene.
6. What are the two greatest challenges to evidence management at a crime scene?
   • The two greatest challenges to evidence management at a crime scene are the contamination of evidence and loss of continuity of the evidence.
7. Identify six ways in which the contamination of evidence can take place at a crime scene.
   • Contamination can take place through police or other first responders interfering with evidence during a tactical investigative response, suspects interfering with the crime scene to cover up or remove evidence, victims or witnesses handling evidence, animals causing unwanted transfer or removal of evidence through consumption, weather washing away evidence, or when crime scene investigators fail to follow proper crime scene management procedures.
8. What is the purpose of an Exhibit Log?
   • The Exhibit Log is a document running record, for purposes of maintaining the chain of continuity, of where evidence was found at a crime scene, who found it, and the initials of anyone else who handled that evidence from the crime scene continuously to the main exhibit locker.
9. What are the three possible stages of time where evidence can originate?
   • They are the pre-crime stage, the criminal event stage, and the post-crime stage?
10. What kinds of items could be relevant and need to be considered by the investigator in gathering evidence at a crime scene?
    • Items that either the suspect or victim may have touched, items that the suspect may have brought to the scene, items that may have passed between the suspect and the victim, items that the suspect may have taken from the scene, and items that the suspect may have discarded while leaving the crime scene.
11. Beyond having a path of contamination, how can cross-contamination be avoided or prevented at a crime scene?
    • Cross-contamination can be avoided or prevented by the practice of handling only one exhibit at a time, marking the exhibit, placing it in a secure container, and decontaminating the investigator by changing gloves and discarding any item that could have come in contact with a previous exhibit.
12. What four sets of tasks need to be considered and addressed in every crime scene, regardless of how large or small it is?
    • The crime scene must be secured, preserved, and recorded until evidence is collected, existing contamination must be considered and recorded, cross-contamination must be prevented, and exhibits must be identified, preserved, collected, and secured in a manner that preserves the chain of continuity.

Chapter 9

1. At what point would an investigator move from interviewing a person to questioning them?
   • When evidence is discovered to give the investigator reasonable grounds to suspect that that the person is involved in the event.
2. At what point would an investigator move from questioning a suspect to interrogating them?
   • When evidence is discovered to give the investigator reasonable grounds to believe, and after the suspect has been placed under arrest.
3. What are three common scenarios where an investigator is likely to come across a false confession?
   • When a person has been enlisted by organized crime to take the blame, when a person is protecting a friend or loved one, and where a person is mentally ill.
4. What are two ways in which young offenders must be treated differently than adults by an investigator in the process of questioning them about involvement in a crime?
   • Dealing with young offenders requires that the investigator ensure that their parents or guardians are notified, and that he/she explains Charter Rights to youth in language appropriate to their age and level of understanding.
5. What are six examples of ancillary offences that investigators need to be aware of?
   • These include conspiracy to commit an offence, attempting to commit an offence, being an accessory after the fact to an offence, aiding and abetting an offence, counselling a person to commit an offence, and compounding an indictable offence.
6. What evidence must be provided to show that a person can be charged with being an “accessory after the fact”?
   • There must be evidence to show that the person knew that another person committed the primary offence and that they received, comforted, or assisted that person to enable them to escape justice.
7. How is “aiding and abetting” different from other ancillary offences?
   • It is different from other ancillary offences in that it doesn’t become a separate charge from the primary offence.

Chapter 10

1. In terms of a physical matching, what is the difference between a Level One and a Level Two examination?
   • Level One is an examination of an item for class characteristics, while Level Two is an examination of accidental characteristics (e.g. very unique markings associated to wear and tear).
2. How are latent fingerprints made visible?
   • Latent fingerprints are made visible on most surfaces through the application of coloured fingerprinting powder that adheres to the oils left by our fingers.
3. What is the difference between a Level One and Level Two ballistics examination?
   • A Level One examination is focused on the general characteristics of a firearm (e.g. calibre, firing mechanism), while a Level Two examination would focus on very distinct marking as determine through striations matching, chamber markings, firing pin comparisons, and ejector markings.
4. What is blood spatter analysis?
   • It is detailed examination of how and where blood is distributed inside a crime scene providing indications of how the attack took place as indicated by the distribution patterns.
5. What are four common post-mortem indicators considered in an autopsy?
   • The four most common post-mortem indicators are body temperature loss after death (algor mortis), the degree of stiffening of the body after death (rigor mortis), post-mortem settling of blood and staining of skin (liver mortis), and progress of decomposition.
6. How else can a pathologist be helpful to police besides being able to speak to cause of death?
   • A pathologist can also be helpful in providing an expert opinion on such matters as features of weapons used, the direction of a laceration, distance from which a wound was inflicted, and the angle of the entry and exit point of a wound.
7. What is forensic archeology?
   • Forensic archeology is the use of archeological methods by experts to exhume crime scenes, including bodies.
8. What is forensic entomology?
   • Forensic entomology is the study of the life cycle of bugs coming and going from a dead body with attention to estimating relative time of death.
9. What is criminal profiling?
   • Criminal profiling, also referred to as psychological profiling, is the study of criminal behaviour to develop the most likely social and psychological profile of the person who may have committed a particular crime. It is based on the profile and actions of known criminals who have committed the same type of crime in the past.
10. What is ViCLASS?
    • ViCLASS is a database system that documents the criminal conduct of convicted violent offenders and sex offenders, as well as unsolved cases, with a goal of documenting crime types and criminal conduct into a searchable database where unsolved crimes can be linked to offenders with matching profiles. Developed by the Royal Canadian Mounted Police, there are more than 300,000 cases on the system and since 2007, over 3,200 linkages have been made.