(HACF) Handwriting Analysis and Computer Forensics Module Overview

Handwriting Analysis and Computer Forensics Module Overview

A questioned document is any document whose authenticity is in question. The questioned documents unit in a forensic lab will conduct examinations of documents and related materials in all types of criminal cases for local, state, and federal agencies. This includes the examination of writing, ink, paper, impressions, typewriting, faxes, photocopiers, alterations, obliterations, charred, forgeries, and counterfeited items to name a few. Another division of Forensics, known as Computer Forensics, involves the scientific examination and analysis of data held on, or retrieved from, computer storage media in such a way that the information can be used as evidence in a court of law.

Essential Questions

    1. Is handwriting class or individual evidence?
    2. How can ransom notes or suicide letters be helpful to forensics scientists?
    3. What security measures are taken to prevent counterfeiting?
    4. What type of documents can be forged?
    5. What is Computer or Digital Forensics?
    6. How can incriminating data be found on a computer?

Key Terms

  1. Questioned Document - Any document whose authenticity is in question.
  2. Exemplar - A sample of handwriting whose source is known. Used for comparison with question document.
  3. Transmitting Terminal Identifier (TTI) - The name of the owner of the fax machine is printed out at the top of each page that is sent by that machine. This information must be programmed. Also, not all machines are capable of this feature.
  4. Indented Writing - An imprint which may be left on the underlying pages when the top sheet of paper is written upon.
  5. Electro-Static Detection Apparatus (ESDA) - An instrument that uses electrostatic charge as the mechanism to visualize paper fiber disturbances, such as indentations and other latent impressions.
  6. Erasure - A type of alteration where material has been removed from a document by chemical, abrasive, or other means.
  7. Obliteration - A type of alteration involving removal of writing by physical or chemical means.
  8. Alteration - A modification made to a document by physical, chemical, or mechanical means including, but not limited to, obliterations, additions, erasures, etc.
  9. Charred - Any document that has been darkened and brittle due to exposure to excessive heat or fire.
  10. Forgery - The making, adapting, or falsifying of documents or other objects with the intention of deceiving someone.
  11. Fraud - Forgery done for material gain.
  12. Literary Forgery - Refers to writing, such as a manuscript or a literary work, which is either deliberately misattributed to a historical or invented author, or is a purported memoir presented as genuine.
  13. Counterfeiting - The production of imitation currency, works of art, documents, and name-brand look-alikes for the purpose of deception.
  14. Best Evidence Rule - Rule that governs the admissibility of document evidence. Generally, only the original document is admissible.
  15. Computer Forensics - The scientific examination and analysis of data held on, or retrieved from, computer storage media in such a way that the information can be used as evidence in a court of law
  16. IP - Abbreviation meaning Internet protocol address it comes from the internet provider. Means by which data can be routed to the appropriate location. May lead to the identity of the person using the computer.
  17. Internal Cache - Portions of visited Web pages placed on the local hard drive to facilitate quicker retrieval once revisited.
  18. Internet Cookies - Files placed on a computer from a visited Web site track visits and usage of that site.
  19. Visible Data - Data/work product files-- from software, temporary files.
  20. Latent Data - Deleted files, slack space-empty space created by the way files are stored.
  21. Forensic Document Examiner - Involves the analysis and comparison of questioned documents with known material in order to identify, whenever possible, the author or origin of the questioned document.
  22. Ciphers - A message in which letters or symbols replace the actual letters in the message.
  23. Codes - Letter combinations or symbols used to represent words or concepts (ex 911, Code Blue)
  24. Steganography - The art of hiding information or data embedding messages in other forms.
  25. Backdoor - Hole in the security of a computer system deliberately left in place by authorized programmers or repair personnel, but these can also be left behind by malicious intruders to get back into a system after having breached it once. Synonymous to a trap door, which is a hidden software or hardware apparatus used to circumvent security mechanisms.
  26. Honeypot - A lure set up to trap hackers and users with malicious intent as they attempt to gain entry into a computer system.
  27. Hard Disk Drive (HDD) - Typically the main storage location within the computer. It consists of magnetic platters contained in a case (usually 3.5" in a desktop computer and 2.5" in a laptop). The HDD is usually where the operating system, applications, and user data are stored.
  28. Hardware - The physical components of a computer case, keyboard, monitor, motherboard, RAM, HDD, mouse, and so on. Generally speaking, if it is a computer component you can touch, it is hardware.
  29. Motherboard - The main system board of a computer (and many other electronic devices). It delivers power, data, and instructions to the computer's components. Every component in the computer connects to the motherboard, either directly or indirectly.
  30. Operating System - The software that provides the bridge between the system hardware and the user. The OS lets the user interact with the hardware and manages the file system and applications. Some examples are Windows (XP, 2000), Linux, and Mac OS.
  31. Software - A set of instructions compiled into a program that performs a particular task. Software consists of programs and applications that carry out a set of instructions on the hardware.
  32. File Hash - A mathematical calculation made from every byte in a file. It creates a unique digital fingerprint for that file.
  33. Slack Space - Latent data empty space created by the way files are stored.
  34. Digital Image - An image that is stored in numerical form.
  35. Piracy - Downloading to copy; share material protected by copyright.

[CC BY 4.0] UNLESS OTHERWISE NOTED | IMAGES: LICENSED AND USED ACCORDING TO TERMS OF SUBSCRIPTION