Notifications

Clear all

Examination Notes / Case Notes / Contemporaneous Notes

Merriora · 2017-05-27T19:40:47Z

I’m wondering if anyone has or is working on creating standards in relation to taking forensic examination notes.Thus far, I haven’t found a standard and it appears to vary a lot depending on the individual or agency. For example, some examiners- destroy all notes once a final report is created- believe that their notes should be editable so they use Word or OneNote- write everything in a paper notebook (write once – no delete) - and others simply don’t document at allPersonally, I strongly believe in a write-once system that timestamps each note so that the date & time can be proven if required and that notes should be kept and provided to the courts for full disclosure.I believe this to be especially true as warrants become more restrictive and concerns regarding privileged communication is increasingly argued by the defense in criminal cases. But that is my view… I’m looking for feedback on what is currently the best-practice in regards to examination notes?Assuming you should keep notes for court purposes, do you have concerns when the notes can be edited or changed?Do you see current standards changing in the future as the courts begin to question our processes and the steps we take to get to the final outcome?It is true that the “data is the data” in DFE, but if you look at DUI investigations, the trial is rarely about the overwhelming evidence. Instead it is about the steps an officer took to get the evidence with the officer often being questioned for extended periods on the stand about exactly what he did at the scene or in the lab. For DUI cases, this often leads to a non-conviction.I think this is an important subject, so hopefully we can get a good discussion going. With replies, please include if you do civil or criminal work as I believe this does change perspective of this discussion.Thank you.

Page 3 / 3 Prev

General (Technical, Procedural, Software, Hardware etc.)

Last Post by Merriora 8 years ago

22 Posts

10 Users

0 Reactions

7,636 Views

RSS

jaclaz

(@jaclaz)

Illustrious Member

Joined: 18 years ago

Posts: 5133

13/07/2017 12:16 am

Once said this - and again with all due respect - the idea of having *anything* of actual value accessible "from everywhere" (as is - at least partially and if I get it right - on the cloud) via Facebook, Google or similar is very different from what I would envision as "safe" or "protected".
Working on an air-gapped PC inside a faraday cage in an underground rebar concrete bunker with 5" thick steel doors is more like it wink .

To make more clear the above note, there is most probably no issue whatever in the actual implementation of the crypto/protocols/whatever of the service/tool, but a Google or Facebook login (which are handy means to get access easily with a "same" ID/password to many services) should not be used for anything exception made for personal, not professional, stuff of the lowest importance.

Raise your hand (if you are either a Google or Facebook user) if you NEVER have used that id/login on a non-secure machine, or on another people PC/phone/device or when connected to an unsecure wi-fi network.

And those that raised your hand, please lower it IF you EVER used that login/password by mistake when attempting to access ANY other site.

Good, I see that no hands are in the air. )

Sure, if you have a "dedicated" Google or Facebook account that you ALWAYS and ONLY access from a (hopefully) secure connection you are good to go.

And - as a side note - the underground rebar concrete bunker is pleasantly fresh at around 22° in these days of exceptionally high temperature. wink

jaclaz

ReplyQuote

Merriora

(@merriora)

Eminent Member

Joined: 12 years ago

Posts: 44

Topic starter 13/07/2017 7:24 am

but a Google or Facebook login (which are handy means to get access easily with a "same" ID/password to many services) should not be used for anything exception made for personal, not professional, stuff of the lowest importance.

Jaclaz,

Thank you for clarifying your statement and I do agree that a dedicated email with a complex password not used for any other services would provide an extra level of security.

In our case, Multi-factor authentication is mandatory on all our accounts (except Enterprise within a secured VPN on dedicated hosts) and this does offer an extra layer of security, but the first weakness in any account compromise is often a compromised password from a situation like you describe.

No matter what application is used, be it online or offline, security of your data should be the #1 priority.

ReplyQuote

Page 3 / 3 Prev

8 Forums
15.7 K Topics
92.3 K Posts
210 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed