This final Discussion deals with the final issue any computer forensics examiner, or any other witness to an event will face - testifying under oath to what you know. Each person who testifies is a witness and as we discussed several weeks ago will present testimonial evidence. As an expert witness, which is how a computer forensic examiner will be generally be presented, you are not providing eye-witness testimony to a crime, but are testifying about what you as an expert found or did not find during your collection, preservation, and examination of physical evidence.
When you testify on behalf of the government (normally this would be a prosecutor or district attorney), or could be the defense counsel, you will first testify on direct examination - that means the attorney who called you to the stand has to lay certain groundwork to get your testimony about your examination of the evidence before the jury as an expert (known as Voir Dire). Once the preliminary questions have been asked and answered, the attorney handling the direct examination will then turn over examination to the defense. This is often done before you are allowed to answer questions about the actual evidence or case before the court.
The reason this is done in this matter is that you are first being presented to the court as an expert in some field. The opposing counsel gets to cross-examine you (Voir Dire) to try to defeat your being named as an expert. In cases where you have already been determined to be an expert by the court on previous occasions and testimony, there is less of a chance the opposing counsel will be successful in discrediting your testimony admissible as an expert. But, for a new examiner, the first couple of times before the court will be more demanding as to your expertise.
After both sides had a chance to question your bone fides as an expert, the counsel wishing you to be accepted will make a motion that you be accepted as an expert. Once that is complete, you will be asked about the matter at hand, and will testify to your collection, preservation, and examination of physical evidence. This is also where the opposing counsel will be especially alert for any weakness or contradictions in your testimony.
For this week’s discussion, complete the following questions below in detail. Please discuss thoroughly and substantively in your post. Additionally, respond in a thorough, substantive, intelligent way to at least two of your fellow classmates that adds to our discussion and learning of this week’s topic!
1) What are some questions you think that you would be asked initially on direct examination being qualified to testify as an expert?
2) What kind of questions do you think the opposing counsel during Voir Dire will ask you? Remember on cross examination, opposing counsel can ask leading questions to challenge your expertise.
3) Describe why it is important, and how you would testify to limit any contradictions?
Now I want you to think like a sleuth again……here’s your scenario.
You are working as a team with a criminal investigator and have investigated a case against a subject, Max Beanwell. Max is down the criminal defendant in the case State of Utah v Max Beanwell. The trial is scheduled for next week. Max is charged with harassment and stalking of a 19 year-old woman in St. George, Utah (Nancy Hogan). He stalked her, according to the investigative file, numerous times by following her to work, walking around her and up to her in a threatening manner in the grocery store she shops at several times, and once confronted her at her place of employment. Additional evidence was seized by you at Max’s listed residence, 323 Mount Purdy Rd., St. George, Utah. This residence is listed to a Stephanie and Max Beanwell. Additionally, the investigation revealed, through school records and interviews with neighbors, that three additional individuals live at this location, Stephanie’s mother, Janet (age 64), and their two children, Jeffrey (age 19) and Julie (age 15). Max and Stephanie are in their early 40s.
The evidence you seized, with the investigator, was all lawfully seized pursuant to a warrant that clearly established probable cause for the crime and that Max was the individual who had physically been seen by witnesses and the victim, Nancy Hogan. Nancy had also told the investigator that she had received numerous threatening emails during the time of the harassment by Max. She received a total of 35 emails during a two week period. 33 emails were not signed, but clearly threatening. Two additional emails were signed “Your soul mate, Max” and were similar in tone and writing style to the other 33. The warrant for evidence at the house, therefore, included any and all digital evidence that might relate to the emails in question as well as logs, internet search history and, well, virtually everything. The search warrant affidavit was very thorough and no legal issues resulted from the search warrant and your seizure of computer and equipment.
When you entered the residence, you had minimal information regarding computer usage in the household. When you and the investigator and search team entered the residence, you located only one PC in a room that appeared to be an office area. The room had general office items including receipts for bills that were sent to Max and Stephanie Beanwell at that address. In the office was also an area within five feet of the desk where the PC was located that had a Sony Play station. The bookshelves contained all types of books including those on quilting, mysteries, Hardy Boy series and a Nancy Drew series of books.
You are thinking about your testimony for the coming trial. You will testify to all the data you located and there will be no legal challenge to your testimony regarding your data extraction and analysis – you are a professional and did a great job. After testifying to the fact that you did locate 35 emails sent to Nancy Hogan (and these are identical to the ones introduced by the prosecutor through the testimony of Nancy Hogan regarding her receipt of these emails), you anticipate being asked the following question: “Agent 321, can you tell us who sent the emails that you have testified to you located on the hard drive?”
1.)What is your answer?
2.)What evidence did you recover that might assist in your answer?
3.)What are your concerns and what do you think the prosecutor should be thinking about?