Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

CITP Exam 4 QUESTIONS WITH COMPLETE 100% VERIFIED SOLUTIONS 2024/2025, Exams of Security Analysis

CITP Exam 4 QUESTIONS WITH COMPLETE 100% VERIFIED SOLUTIONS 2024/2025

Typology: Exams

2023/2024

Available from 07/08/2024

TheHub
TheHub 🇺🇸

3.5

(13)

3K documents

1 / 12

Toggle sidebar

Related documents


Partial preview of the text

Download CITP Exam 4 QUESTIONS WITH COMPLETE 100% VERIFIED SOLUTIONS 2024/2025 and more Exams Security Analysis in PDF only on Docsity! CITP Exam 4 QUESTIONS WITH COMPLETE 100% VERIFIED SOLUTIONS 2024/2025 INTRODUCTION TO MOBILE DEVICE INVESTIGATIONS EPO #1: Determine types of technology and the unique identifiers associated with a mobile device. · IMEI - International mobile equipment ID. Perm 15-17 digit #. Is a permanent number. · CDMA - MEID = Mobile Equipment ID. Can lookup make/model · SIM - Subscriber Identity Module. Authentication of device to cell network. ICCID is the serial number for your SIM card. · MSISDN - Mobile Directory Number AND MIN - Mobile ID Number is another name for a phone number · The Call Detail Records (CDR) needs to know what tower the cellphone is connected to. Provides list of calls or other types of transmissions INTRODUCTION TO MOBILE DEVICE INVESTIGATIONS EPO #2: Use forensic hardware and software tools to extract and analyze digital data from a seized mobile device. · Different types of extractions include manual, logical, and physical o Manual: must take photographs of all screens o Logical: usually using Cellebrite. Utilizes the built-in backup feature found in the device's operating system (OS). o Physical: Provides access to ALL data, basically a replica of the whole phone, usually requires forensic software FIRST RESPONDERS TO DIGITAL EVIDENCE EPO #1: Define the uses and roles of electronic devices in criminal activity. · Three Major Rolls o Computers as a target of an illegal scheme: system intrusion, hacking, DDOS attacks, or ransomware to name a few. o Computers used as the instrument or tool to facilitate criminal activity: ex solicitation of minors, electronic stalking, credit card scams, tax or benefit fraud, ID theft o Computers and other electronic devices as repositories of evidence and other information: may contain photos, PII, or certain types of software FIRST RESPONDERS TO DIGITAL EVIDENCE EPO #2: Identify electronic devices that may be or may contain evidence. · Permanent files as well as temporary internet files. Search terms from web browsers · Phone SIM cards · Removable media - optical CDs, DVDs, and Blu-Ray or external drives, flash memory cards, or USB drives. · Cloud computing can contain evidence and needs an additional warrant. FIRST RESPONDERS TO DIGITAL EVIDENCE EPO #3: Describe how electronic evidence may be altered or destroyed. · The "two enemies" are physical or external damage and software or internal alteration. · All media can be altered through brute force, extreme temps, water/ condensation, or fire. Seize it anyway, the data may still be recoverable FIRST RESPONDERS TO DIGITAL EVIDENCE EPO #4: Identify non-electronic items that may be important in the investigation of an electronic crime. · Hardware: may contain DNA evidence or bodily fluids · Printed documents or reports · Scraps of paper with codes or passwords · Indicators of ownership like receipts, mail, manuals FIRST RESPONDERS TO DIGITAL EVIDENCE EPO #5: Identify the proper procedures in collecting, preserving, and transporting computers and electronic items seized as evidence. · Use Faraday bags or wrap in foil if none are available. · Secure crime scene both physically and electronically. Sever network connectivity. Unplug desktop. · Conduct electronics sweep. · Leave phone how you found it, on or off. Isolate phones in Faraday bag. FIRST RESPONDERS TO DIGITAL EVIDENCE EPO #6: Identify the proper procedures for RAM Capture and uses for recovered data. · Random Access Memory (RAM) - is the storage area of everything the computer processes. Capture it especially if you cannot remove the actual device or cannot get the password. - enables investigators and examiners to do a full memory analysis and access data ELECTRONIC SURVEILLANCE TECHNIQUES EPO #1: Identify the various types of Electronic Surveillance Equipment, technologies, and their characteristics used in investigations and operations. · Audio recordings: modern devices are small, and battery operated. May be a cellphone app, key fob, or small hidden device. · Tracking devices: GPS or RF tracking devices make surveillance easier, but US vs. Jones 2012 determined that a search warrant is needed. · Vehicle surveillance: o caravan/line is a common method if you can avoid highlighting your vehicle and have an idea of where they are going. § Advantages: covers a large distance, cover/concealment, east "escape" § Disadvantages: can be followed home, issues with turns or red lights. o Progressive involves having surveillants along a route. § Advantages: less likely to be detected § Disadvantages: harder to orchestrate SURVEILLANCE EPO #4: Identify methods of countering the common tactics used to detect and evade foot or vehicle surveillance. · Target might: Abruptly turning or reversing course, entering a building and departing from another exit, Dropping something to see who picks it up, Using an associate for countersurveillance, or Changing appearance/clothing. In a vehicle they might make a u turn, turn and then stop, or enter a dead-end street. · To avoid detection or countersurveillance: don't back into parking space or leave engine running, don't all park next to each other, and avoid obvious use of radios. PRISONER PROCESSING EPO #1: Identify data to complete an FD-249 criminal fingerprint card. · Finer tips and slap at 45-degree angle at bottom. Use nail edge to nail edge. · Red card is for suspects, black is for any other · AFIS is auto. Fingerprint id system PRISONER PROCESSING EPO #2: Identify the techniques to record exemplar "major case" prints from the palmar surface of the hand. · Is different than FD-249 because it takes an impression of the whole hand · Minimum of 5 cards will be completed, 5 impressions per finger. · FD-249, then FD-884a, then FD-884b. One card per hand, back of card for additional impressions. FD 884 is for entire finger. For hand print it is best to use a roller, at least three inches. · For additional blocks, "Use Universal Precautions" for violent tendencies, or communicable illnesses. PRISONER PROCESSING EPO #3: Identify the process for collecting and submitting an exemplar DNA sample using an FBI Federal Convicted Offender Program Buccal Collection Kit. · FD936 is the collection kit. Only use one kit at a time. · Facility code is only for probation or BOP · Test kit E is the most currant · Must mail within 24 hours · They put fingerprints on those too. Law requiring fingerprints: DNA fingerprinting act of 2005. RECOGNITION OF CLANDESTINE LABS EPO #1: Recognize the types of clandestine labs. · Clandestine labs may make meth, PCP, or MDMA/Ecstasy. Some consider marijuana grows or turning cocaine to crack too. · Meth labs are the most dangerous operation. There are two main kinds, Pseudoephedrine is used in both: o Red Phosphorus: common source is striker plates off matches. Iodine is used too. Road flares are also a source. o Birch reduction: "Nazi method." Must obtain anhydrous ammonia or have some way to derive it, often used in agriculture or refrigeration. Uses torn lithium batteries, chemical cold packs for ammonium nitrate. RECOGNITION OF CLANDESTINE LABS EPO #2: Identify chemicals used in the manufacture of methamphetamine. · Most types use Pseudoephedrine or ephedrine · Red phosphorous: iodine or hydraulic acid, usually has strong chem odor · Birch reduction/Nazi method: Anhydrous Ammonia, metal, and lithium from batteries. Smells like cat pee. · Shake and bake or one pot: crude methods, less common. Same as birch reduction/Nazi method calls for ammonium nitrate instead of anhydrous ammonia · Brake cleaner · Acetone · Camp Fuel RECOGNITION OF CLANDESTINE LABS EPO #3: Identify courses of action when a clandestine lab is discovered · Be aware of booby traps of surveillance cams · Get assistance from someone qualified to handle labs and share info with them · Get away, preferably upwind. ELECTRONIC LAW AND EVIDENCE ; basic case law · Federal Communications Act (FCA) of 1932. No warrantless wire taps · Omnibus Safe Streets & Crime Control Act (1968) - T3 · Electronic Communications Privacy Act (1986) - digital storage explosion · *If you can get a search warrant you can get anything in a lower category of protection. ELECTRONIC LAW AND EVIDENCE EPO #1: Identify the federal requirements governing the use of electronic devices that intercept wire, oral, and electronic communications. What is a TIII Order and how do you get one? · T3 Order required to intercept/capture: must be from US District Judge. 4 factors: Is real time, includes content of communication, with device, without consent. Not a magistrate judge. o Content includes words spoken, email or text, images and files shared, events on VTC, and contents of a fax. o 3 types of communications include: oral, wire, and electronic. o With device: the device is any mechanical method used to capture sound. The human ear and hearing aids set within normal range are NOT devices. No authorization is needed for info overheard in place you can legally be. o Consent: no T3 is needed if there is consent. For most cases, AUSA consult (not approval) is required. Public corruption - written approval required. § If consenting party leaves the conversation STOP the wiretapping or else, you are committing a crime. ELECTRONIC LAW AND EVIDENCE EPO #1: Identify the federal requirements governing the use of electronic devices that intercept wire, oral, and electronic communications. Legal Requirements · Legal requirements: must be investigator/LEO, PC for underlaying crime, PC to show the location/device/facility will be used to further predicate crime, necessity, and DOJ Deputy Attorney General's written authorization to apply, aka high ranking official with DOJ. · Not necessary for you to exhaust all investigative techniques/possibilities, but should identify if you tried it or not, why it doesn't seem like it would help, and why other techniques are not likely to help. · Time period is 30 days per order, or less. No longer than is needed for investigative necessity. Extensions can be granted. · No T3 needed: oral conversations w/ no REP, consensually monitored, stored content of communications (historical/not real time), general public communications, video-only surveillance, GPS & other tracking devices/beepers/transponders, tone only pagers, and Pen/Trap & Trace ELECTRONIC LAW AND EVIDENCE EPO #2: Identify the federal requirements governing the use of electronic devices that track the movements of suspects. · Holding in Katz and Carpenter people have REP in whole of movements, even in public, for 7 days or more. So a warrant is needed for 7 day or more, 6 day or less is whatever. · Jones Search: physical intrusion to get info. You do not have a Jones search if the property or person being searched is not in the possession of the "bad guy" at the time it is searched. This comes up a lot with cars. If there was no intent to gather info it also didn't count as a search. · Tracking devices can be placed for 45 days but may be renewed, good in any district. ELECTRONIC LAW AND EVIDENCE EPO #3: Identify the federal requirements governing the use of electronic devices that trace telephone calls and electronic communications. 4th Amendment EPO #15: Identify the legal requirements for executing a search warrant, e.g., authority to execute; time of entry; method of entry; locations on premises which may be searched; duration of the search; and inventory. · Usually, must start between 6am and 10pm. Must be reasonable, like not making someone sit outside their house for 48 hours. · Michigan vs. Summers - limited authority to detain someone during a search to prevent flight or destruction of contraband. · The premises covers: premises itself, curtilage, structures/outbuildings, vehicle w/in curtilage, and open/closed containers. 4th Amendment EPO #16: Identify the scope and purpose of a protective sweep. · Immediate: to ensure that the subject does not have any weapons or evidence under their control that could be. Goes beyond the search incident to arrest to immediate areas and ends within time it takes to make arrest. · Extended: Reasonable Suspicion that Other Dangerous Persons are Present · May be defined as visual inspection of those places in which a person might be hiding. Allows LEO to conduct a limited search of the premises if they believe evidence is about to be destroyed or removed as they make an arrest 4th Amendment EPO #17: Identify circumstances in which persons on the premises may or may not be searched for evidence or frisked during the execution of a premises warrant. · General Rule - Occupants May Be Detained During the Execution of a Premises Search Warrant for Contraband. Summers Doctrine allows following three purposes, can be one of these, or multiple: o Minimize risk of harm to officers executing warrant o Ensure orderly completion of search o To keep them from destroying evidence inside, suspects can also be barred from entering premises while a search warrant is being obtained. · LEOs may use reasonable force · A Search Warrant Does Not Permit a Search of All Persons Present During Its Execution 4th Amendment EPO #19: Identify fact situations where warrantless searches are allowed regarding motor vehicles. Searching cars w/o consent or warrant: · Frisk: can be performed on vehicle whenever it's permitted on a person. It is for weapons only - passenger compartment only, not the trunk. Can look in bags that can hold weapons. · Search Incident to Arrest: Arizona v. Gant: may search for evidence of crime apprehended for, but not for traffic warrant types of things or 10 year old warrant (random number of years). Must have probable cause that there is evidence of crime in the vehicle. Can be locked or unlocked containers, but still no truck w/o warrant. · Mobile Conveyance: Carrol doctrine - must be movable conveyance. A vehicle could be searched without a search warrant if there was probable cause to believe that evidence is present in the vehicle, coupled with exigent circumstances to believe that the vehicle could be removed from the area before a warrant could be obtained. · Inventory: effected by agency policy and impounding vehicles. Not an evidentiary search, but for documentation. Cannot remove panels. You are legally in a place you are allowed to be if you find contraband (etc...) during an inventory. · Particularized Probable Cause is generally not required before searching a trunk under some circumstances where certain items are found drugs/drug paraphernalia are located (if odor only, nope), alcohol, weapons, stolen property, or canine alerts. 4th Amendment EPO #18: Identify the circumstances in which evidence may be seized under the plain view doctrine. · Must rightfully/legally be in location seizure occurred, sees/feels item, must be item material to specific crime w/o manipulation, and lawful right to access item. · One example where it doesn't apply is if further inferences are needed, like running serial numbers. 4th Amendment EPO #20: Identify fact situations where warrantless searches are allowed during exigent circumstances, e.g., hot pursuit, destruction or removal of evidence, and emergency scenes. · The government must show the existence of probable cause and existence of an exigent circumstance. · Exigent circumstances: o Hot pursuit: must begin in public place, probable cause to arrest, crime must be serious, and pursuit needs to be continuous. o Destruction/removal of evidence: must have PC that parties are in the dwelling and evidence loss is imminent. Entry must be for serious crime. o Emergency scene: the need to protect or preserve life or avoid serious injury is justification 4th Amendment EPO #21: Identify the requirements and scope of a search incident to a lawful arrest. · Chimel v. California outlined three distinct reasons permitting search incident to arrest: o 1. There must be a custodial arrest where there was probable cause and the arrest occurred. o 2. Must be contemporaneous - needs to happen WITH the arrest o 3. The area being searched has to be currently accessible by the arrestee. Under their immediate control. · The scope: The first is that a search maybe made of the person of the arrestee by virtue of the lawful arrest. The second is that a search may be made of the area within the control of the arrested · strip and visual body cavity searches must be justified by at least a reasonable suspicion that the arrestee is concealing contraband or weapons. · Usually does not cover inside of property suspect was arrested outside of, unless you accompany them inside to obtain clothing or ID. 4th Amendment EPO #22: Identify circumstances where a suspect's consent to search is voluntary. · If it's a couple and one person says yes and the other says no, you cannot. If just one is home and they say yes, you can search all areas they have access to. · Must be voluntary - of age, mental capacity, not coerced, not under duress. · Consent to search may be directly expressed or inferred through words or actions. · Miranda rights are not necessary · The scope is defined by the consent given 4th Amendment EPO #23: Identify the circumstances in which a third party has the actual or apparent authority to grant consent to search a suspect's property. · An Individual who actually owns or controls an item has "Actual" Authority to Consent to a search. "Actual" authority may be obtained "from the individual whose property is searched." · For a 3rd person to give consent, the following criteria must be met: (1) has access to the area searched and (2) has either (a) common authority over the area, (b) a substantial interest in the area, or (c) permission to gain access to the area 4th Amendment EPO #24: Identify the requirements allowing an inventory of lawfully impounded personal property. · Is an except to warrant req. vehicle must be lawfully impounded. · Agency policy must be tailored to accomplish purposes for inventory not evidence · Can search trunk, must make sure a living person isn't in it 4th Amendment EPO #25: Identify the circumstances when an inspection is permitted for real and personal property. · Sobriety checkpoints · Checkpoints to investigate previous crimes · Compliance w/regulatory scheme FFL, OSHA, fire dept. regs. · Airports · Sensitive government facilities