Monthly Archives

October 2018

MS Word and OneNote should NEVER be used for Contemporaneous Notes

by robAdmin

This Won’t Go to Court!
SOP’s Essential During Cross-Examination
Current Views on Note-Taking
Experts Agree – Documenting DFIR Investigations is Important
Lawyers View on Contemporaneous Notes
Destroy Notes After an Examination is Complete?
Restrictive Warrants
I’ll Remember It!
Current Solutions

Conclusion

There are contradicting views on what Contemporaneous Examination Notes are and how they should be written.

Some Digital Forensic Examiners even question if they are actually required when conducting Digital Forensics and Incident Response (DFIR) investigations.

Not Required?

You might be thinking…. THIS IS GREAT!

Well, not exactly.

I believe that most professionals within the DFIR community understand that Contemporaneous Notes are a requirement based on professional training and recommendations by Digital Forensic Guides and leading DFIR Organizations.

The reality is that contemporaneous notes are often not completed nor are questions raised about their absence. As a result, some DFIR Examiners say they aren’t really required if no one asks for them.

But as a professional, should you be looking for shortcuts to complete your DFIR investigations?

And would failing to create documentation even save time in the long run?

At some point during your investigation, you will likely have to write a report explaining your findings which is a lot easier to complete when you have detailed notes to refer to.

This is especially true if those notes include screen captures of results during the investigation.

And if you are going to make notes, they should be made contemporaneously to the examination as this has more weight within criminal and civil court should you find yourself on the stand.

In fact, …

If you didn’t write your notes contemporaneously, the judge may rule that you are not able to refer to your notes while on the stand. (see case law below)

If this happens, will you be able to remember the details of an investigation that occurred 12 – 36 months prior?

Will your evidence have any credibility without notes?

As discussed below, it likely won’t.

And when it comes to court, even lawyers are expected to take contemporaneous notes.

In the court case below, a prosecutor had taken the stand to defend her actions to charge two officers for ‘attempt to obstruct justice’.

The judge scolded the prosecutor for failing to take detailed notes at the time of an important conversation with these two officers.

R v. Clark et al - 2012 MBQB 246

~ R. v. Clark et al – 2012 MBQB 246

We have to remember that the reliability of a testimony is not binary, in that it is believed or not believed. It is up to the judge or jury to determine how much ‘weight’ they are going to put on the testimony you provide which will be based on how credible you appear while testifying.

Judge

This Won’t Go to Court!

 

Those of us who have been in law enforcement for a number of years quickly realize that we are horrible at predicting what investigations will end up in court and which ones will be decided without our involvement.

Nearly all investigations I thought would end up in court have failed to result in that outcome with those investigations either ending in a Stay of Proceedings or Guilty Plea.

The reality is that you can’t predict which investigations will require you to testify and have the pleasure of being cross-examined by an opposing legal counsel.

So, you should treat every investigation as if you will have to defend your work in Supreme Court.

Female investigator testifying in court

Even when Contemporaneous Notes are completed by DFIR examiners, many have different definitions of “Contemporaneous Notes”.  The most concerning is the belief that notes taken at any time will suffice as “contemporaneous”.

But as we will see below, this couldn’t be farther from the truth.

SOP’s Essential During Cross-Examination

 

Failing to complete tasks you were either trained or instructed to do may not cause any issues 97% of the time.  However, it’s the files that matter where the 3% could greatly affect the outcome of the investigations as well as your professional reputation.

If you gathered solid evidence against a suspect, what approach will the defense take to defend their client?

You guessed it, they will question your qualifications as an expert and whether you followed your training.

Were you trained to take contemporaneous notes during an investigation?

If yes, how do you plan to defend yourself against a defense expert questioning your professionalism if you clearly didn’t follow the training you were provided or the Standard Operating Procedures (SOPs) written by your organization?

Don’t believe this will happen?

This is exactly what one leading defense counsel suggests…

Defense Lawyer - Cross Examination Techniques regarding Notes

Going on to provide an example of a typical cross-examination on police note taking…

Defense Lawyer - Cross Examination Techniques regarding Notes

The article is well worth a read if you want to see how defense lawyers think when they are defending a client.

Current Views on Note-Taking

 

Recently, a number of leaders in DFIR such as Brett Shavers’s and Harlan Carvey provided their opinions on note-taking after @mattnotmax brought up the subject in his blog.

In Brett’s article, he believes that investigators fail to make notes for one of the following reasons:

  • Laziness
  • Fearfulness
  • A belief that they are unimportant
    and
  • No one else makes them, so why should I?

 

Brett goes into detail on his point about the “Belief they are unimportant” stating…

Brett Shavers : Digital forensics practitioner, author, and instructor.

 If you don’t believe notes are important, one day you will find out just how important they are.
This could be due to personal embarrassment or a hit on your professional reputation when all you had to do was take a few notes a few months earlier on one of those few cases you were working.
Regret sucks, let me tell you… 

Brett Shavers
Digital Forensics Practitioner, Author, and Instructor
Author of “Placing the Suspect Behind the Keyboard”, “Hiding Behind the Keyboard”, and the “X-Ways Forensics Practitioner’s Guide”.
Brett Shavers Blog

I think this is a great list, but I would also add:

  • Confusion

The DFIR community is constantly expanding with new examiners entering the field every year. Many of these new examiners are young and ambitious, but also overwhelmed at the amount of information they have to learn and go through.

When it comes to note-taking, they know they should, but how?

As a result, they try several different ways to document their examination during the same investigation resulting in a mis-mash of notes which are hard to put together.

Further confusion results when a senior examiner says “Don’t worry about it. You don’t have to disclose that stuff as its just ‘working copy’.

If you are told that you don’t need to include some information because it is just working copy, ask them where they heard that. Often it will be from a fellow member when they started in the section.

This is called “Hearsay” and won’t help you in court.

When in doubt, ask a trusted lawyer in your area for advice on what is considered ‘working copy’.

Brett goes on to provide some useful tips on Note Taking, including:

  • use technology to take notes, not a pen…if you are a messy writer
  • Keep your notepads. Don’t tear out sheets. Keep all of them. Store them in a box when full..forever *
  • Date/time stamp your notes

Key Tip to Remember

* “Keep your notepads. Don’t tear out sheets…”

Keep this last point in mind when we discuss MS Word and OneNote since when you use word processing applications to take notes, you are essentially removing your ability to prove that you didn’t make changes or remove notes you previously made.

Brett also provides some real-life Win/Fail Scenario’s involving note-taking which is well worth a read.

So what do the experts say?

Experts Agree
Documenting DFIR Investigations is Important

 

Recently, experts and influential leaders in Digital Forensics provided quotes on the Importance of Documentation.

Greg Smith : Mobile Forensics & Telecomms Consultant : Institute for Digital Forensics (IDF)

 Contemporaneous Notes are unavoidable, thus inescapable, when it comes to examining evidence and are akin to the standard of Ethics.

They hold the examiner to their own account of conduct when no one else is around to witness what is happening. 

Greg Smith
Mobile Forensics & Telecomms Consultant : Institute for Digital Forensics (IDF)
31+ years of experience in handling digital and mobile telephone evidence in criminal and civil investigations.
Principal Consulting Forensic Engineer DEEU, Institute for Digital Forensics (IDF), Chief Training Officer Mobile Telephone Examination Board (MTEB), Principal Trainer Trew MTE.
Greg Smith Blog
LinkedIn Profile

Harlan Carvey

 I have been in situation[s] where having case notes “saved” me, and seen where not having them has led to issues for others. 
Harlan Carvey
Computer Forensics Author, Researcher & Practitioner
Author of “Windows Registry Forensics” and “Windows Forensic Analysis Toolkit”. Developer of RegRipper.
Windows Incident Response Blog

You may never need to defend your DFIR investigation in court, but you should complete every case as if you would be testifying as an expert in Supreme Court.

Why?

Because, you will never know which files are going to end up in court. By the time you are notified, it will be too late to create Contemporaneous Notes.

Since we just brought up court, what do lawyers have to say about Contemporaneous Notes?

Lawyers View on Contemporaneous Notes

 

 

I recently interviewed Stuart Rudner for his legal opinion regarding Contemporaneous Notes. Stuart stated:

Stuart Rudner - Employment Lawyer : Forensic Notes Software

 As an Employment Lawyer, I know that documentation is critical. …cases will be decided based upon the evidence, and not necessarily the truth. 
Stuart Rudner
Lawyer & Mediator
RudnerLaw

Stuart goes on to discuss the need to keep original copies of digital notes and not alter those notes unless you can show the changes that were made.

Stuart Rudner - Notes should NOT be changed

 

Changing notes and failing to properly disclose what changes were made while claiming the notes to be contemporaneously made could lead to legal issues and questions about your credibility.

 Modifying contemporaneous notes would be an example of witness impeachment.
Stuart Rudner
Lawyer & Mediator

 

When thinking about court, always remember the following quote.

Court of Law, NOT a court of Justice - Oliver Wendell Homes Jr.

Destroy Notes After an Examination Is Complete?

 

In some American states, it is common practice to destroy both paper and electronic notes once a final examination report has been written.

If the destruction of examination notes is currently allowed or mandated where you work, you should ask yourself:

  • What happens if the accuracy or credibility of the report is questioned?
  • What reasoning will you provide if questioned on why you felt it was necessary to destroy your notes?
    • The opposing party may ask “What were you trying to hide in those notes that it was so important that you destroy them prior to court?”
    • Are you 100% sure that you copied them exactly as you had written them?

These questions formed the argument by defense in a New Jersey Supreme Court Decision in which a new trial was ordered in a previous murder conviction.

Destroying Notes - Question this practice before it is too late!

Destroying Notes - SOP - Question it
~ NJ Supreme Court – State v. Dabas (FindLaw.com)

 

As you can see from the above decision, even though Investigator Dando followed police practices at the time, his decision to destroy the notes still caused issues at trial.

Let me be clear…

You should FOLLOW your department’s Standard Operating Procedures (SOP) or documented procedures.

But if your department does encourage the destruction of notes, then I would suggest you send them this article, confirm with them that they want this practice to continue and document your discussion.

Restrictive Warrants

 

In many regions, warrants authorizing forensic examinations are becoming restrictive with respect to the type of data that can be analyzed and included in forensic reports.

In practice, you may observe other evidence in plain view (eg: Child abuse material) that does not fit within the restrictions of the warrant.

In this case, it is suggested that you immediately stop your current examination and re-apply for a new warrant that includes the evidence you observed in plain view.

If you fail to take proper contemporaneous notes or destroy your notes upon completion of a report, would you be able to properly articulate how you came across the images or data that you weren’t authorized to have searched which resulted in a more comprehensive warrant being sought?

If not, you risk having all your evidence excluded from the trial.

Many investigators fail to recognize that obtaining a new warrant is easy in comparison to defending the merits of the new warrant at trial.

Are you willing to lose all your evidence due to a lack of proper documentation?

I’ll Remember It!

 

 

You might be thinking…

I don’t need to take notes, I’ll remember this!

But as R. v. Sharma (2014] O.J. No. 1289 indicated, as an investigator you can NOT rely on your memory for key facts during an investigation.

The Honourable Justice Aston J. Hall said for the police constable to come to court and testify that he simply did not record in his notes, something as important and significant as right to counsel, because he was multi-tasking was concerning and he could not place any weight on his viva voce evidence that the defendant asked to speak to duty counsel. 

 

The judge also stated that…

 case law is quite clear that absence of notes by a police officer in relation to pivotal issues diminishes the weight attached to their evidence.

 

The following relevant cases were discussed:

 In this day of full disclosure, it cannot be an acceptable explanation for an officer to say ‘I did not note it because I would remember it. 
~ R. v. Zack, [1999] O.J. No. 5747
 It is important to the proper functioning of the judicial fact finding role that significant facts be recorded by the police and not left to the whim of memory. 
~ R. v. Lozanovski, [2005] O.C.J. 112
 It goes without saying that the absence of notes on an important factor is relevant to an officer’s credibility. As a result, the courts have on occasion been reluctant to attribute much weight to evidence adduced viva voce by an officer, in the absence of corroborating written references in that officer’s notebook. 
~ R. v. Odgers, [2009] O.J. No. 2592
 [T]he notes, and in particular the absence of the important fact as to the origin of the odor of alcohol, were relevant to the officer’s credibility. 
~ R. v. Fisher, [2005] O.J. No. 1899

And …

 For an officer to come to court and simply say I have an independent recollection doesn’t cut it in this court. Not in front of me. Not in front of Justice Duncan and I suspect probably not in front of very many judges anymore. 
~ R. v. Hayes, [2005] O.J. No. 5057

At this point, I hope it is CLEAR that you MUST document your DFIR investigations contemporaneously.

So, what tools should you use to document?

The rest of this article will explain HOW to properly create Contemporaneous Notes during your investigation.

Current Solutions

 

DFIR Investigations will be documented in one of several ways:

  • Scrap pieces of paper
  • Bound paper notebook and pen
  • Word processing applications such as MS Word or OneNote (and notepad)
  • Purpose built electronic note-taking system such as Forensic Notes

Scrap Pieces of Paper

 

Although it’s common to use scrap pieces of paper to quickly jot down information, they should not be used as a place to write notes during an examination unless other options discussed below are not available.

If scrap pieces of paper are used to document important information, this should be transcribed into your proper notes as soon as possible. Often, if done in a reasonable time frame, these transcribed notes will be considered contemporaneously written.

It is also recommended to keep these pieces of paper should they be requested at a later time.

Bound Paper Notebook and Pen

 

This is the classic way of writing contemporaneous notes, relied upon in law enforcement for decades.

This form of documentation has continued to stand up to the scrutiny of the courts when properly completed.

When using this form of documentation, you must keep in mind the ELBOWS set of rules for writing notes

E – No Erasures

L – No Leaves torn out

B – No Blank spaces

O – No Overwriting

W – No Writing in margins

S – Statements to be written in direct speech

Notes should also be in a bound paper notebook with pre-printed page numbers.

Paper notes have worked for 20+ years. Why change now?

Although widely accepted in courts, this often results in notes that are illegible and incomplete.

For many young examiners that can quickly type out long messages on a virtual mobile keyboard, the idea of handwriting notes seems like a step back in time. This makes it more difficult to convince young examiners to take notes in the first place.

If you correct spelling and grammatic mistakes, you make the notes harder to read resulting in an end product that appears unprofessional to those that need to read them.

I’ve even seen cases were the author of the note had a hard time reading and interpreting their own handwriting.

The issues are further compounded by investigators that believe that their notes are their notes and making them illegible will eliminate the opposing party from asking tough questions in court.

However, several court cases have clarified that this is not true.

Illegible notes do NOT constitute disclosure.

 … Illegible written information does not constitute disclosure. 
~ R. v. Aquino [1999] O.J. No. 5972 (S.C.J.)

 

 

And the following decisions clarify the need to provide a typed copy of officer notes if the original is illegible.

 I disagree with Ms. Stackhouse’s characterization of the Crown’s disclosure obligation. The Crown has a duty to disclose to an accused “all relevant information” in its possession or under its control.

In order to discharge this duty the Crown is under an obligation to request and procure from the police all relevant information and material concerning the case.

As a result, in my view, the provision of a typed version of one of the investigative officer’s notes where that officer’s handwritten notes were illegible was more than simply a courtesy; it was part of the Crown’s disclosure obligation. 
~ R. v. Lalani [2014] O.J. No. 108 (O.C.J.)

 

 I agree that if officer’s notes prove, objectively, to be illegible, the Crown has an obligation on the request of defence counsel to provide a typed version of those notes. 
~ R. v. Guzman [2014] O.J. No. 2946 (O.C.J.)

 

Writing notes this classic way may be convenient, but I find it hard to believe that many would say it is an efficient use of time if you are adhering to all the requirements to write detailed contemporaneous notes that anyone can read and understand as required to satisfy full disclosure.

Given the court decisions discussed above, do you think Notebook Examples #1 (below) would cause any issues for full disclosure or if you wanted to use it in court to refresh your memory?

Paper Notebook - Example #1

 

What issues would you face if you were on the stand and this was your notebook?

Okay, how about this example notebook?

Paper Notebook - Example #2

In Notebook Example #2, wite-out® was used to make a correction to a note.

Do you think the defense attorney would have any issues with the above correction when you are being cross-examined in court, especially if the accused admitted to the crime?

Click here for further information on writing notes with Pen & Paper.

Now that we fully understand the acceptable ways to write notes in a paper notebook, let’s discuss…

MS Word or OneNote (and Notepad)

 

The use of MS Word and OneNote is becoming more common even in traditional settings like law enforcement where pen and paper have been the standard for decades. But…

 NEVER use MS Word or OneNote for creating Contemporaneous Notes during Investigations. 

 

I know this is a strong statement, but I strongly believe this as I will describe below.

If you don’t agree with me, then I encourage you to voice your thoughts in public forums, but please be prepared to prove your points with facts and caselaw examples.

So why wouldn’t I ever trust MS Word or OneNote for Investigations?

It comes down to court disclosure and the requirement to provide accurate and detailed contemporaneous notes, but before we get into the issues of MS Word and OneNote, let’s discuss the many benefits of these great programs.

Great Programs?

Yes, it is true.

MS Word and OneNote are great software applications.

I am actually using MS Word to type up this article and wouldn’t trust any other application for this purpose.

Why?

MS Word is designed to write articles and reports providing all the required tools like spell checker, word count and grammar correction.

OneNote is also an amazing product for quickly recording notes, handwritten sketches and allowing multi-user collaboration.

I am a big fan of both applications, but not if you need to create court-ready documentation.

Software products are designed with a purpose in mind. MS Word and OneNote were NOT designed to create contemporaneous notes for court purposes.

Before I get into the reasons why they shouldn’t be used for investigator notes, let me note the reasons why investigators are using these products currently.

  • Ability to edit notes
  • Professional Presentation: Correct any spelling, grammatical errors or omissions
  • Easily include images or external files
  • Include screen captures from webpages and computer applications

As a result, some investigators feel electronic documentation provides a more professional form of their notes as they are able to correct these issues prior to providing them to colleagues or the courts.

I agree with this statement 100%.

But if notes can be changed at a later date with no previous history of the contents originally entered, can they really be considered and trusted to be contemporaneous?

As we discussed in “Lawyers View on Contemporaneous Notes”, altering contemporaneous notes after the fact could result in witness impeachment if the original note was not kept.

Witness Impeachment: Definition

“Witness impeachment is the process of challenging the credibility of a witness in a trial. There are several ways by which a witness can properly be impeached.”

~ US Legal

And does this open up Pandora’s Box for defense lawyer questioning?

Pandor's Box

MAC Dates & MetaData – Date Information is Easy to Alter!

Video’s showing how easily the Date & Time can be changed on an MS Word & PDF Document.

Will you be able to defend the authenticity of your MS Word or OneNote examination notes in court if questioned?

How will you explain changes?

Are you willing to be named in a judgement where the accused is found not guilty based on your lack of credible evidence?

The best option is to use an electronic note-taking system designed for court purposes so that you are confident in court.

Never Trust Notes Created with MS Word or OneNote?

I never stated that you shouldn’t TRUST notes created with MS Word or OneNote. I said…

 NEVER use MS Word or OneNote for creating Contemporaneous Notes during Investigations. 

 

But like everything in life, there are exceptions.

Your organization may have Document Management Systems (DMS) in place to track, manage and store electronic documents. As a result, MS Word and OneNote documents can be ingested into the DMS and therefore made immutable within the system.

Make MS Word and OneNote immutable with Forensic Notes

To make your MS Word and OneNote documents immutable and court-ready, they can be added as attachments to Forensic Notes or copied into the editor.

Other organizations may have processes in place to Digitally Sign and Timestamp the documents as they are created.

But the reality is that most small and medium sized organization will not have any systems in place and this is why I believe you should never use MS Word or OneNote.

Neither product is designed to create court-ready documentation without using other systems or services to make the documents immutable.

But should you TRUST notes that haven’t been properly saved into a DMS or immutable system like Forensic Notes?

It depends.

If there is no reason to question the credibility of the investigator or witness, then there is no reason to question the credibility of the notes they say they made.

A similar point was recently brought up in a Terrorism case (R. v. Hamdan, 2017 BCSC 676) within the BC Supreme Court (Canada).

The defense expert questioned the tools and systems used to acquire Open-Source (OSINT) evidence on the suspect.

 [40] The defence takes the position that the Crown is unable to establish authenticity because it cannot prove that the Electronic Documents are identical to the digital files that the RCMP analysts were attempting to capture… 

 

The decision then discussed the Canadian Evidence Act.

 [71]        Section 31.5, though not referred to by the parties, allows a court to consider evidence about standards, procedure and usage when determining the admissibility of a document under any rule of law:

31.5     For the purpose of determining under any rule of law whether an electronic document is admissible, evidence may be presented in respect of any standard, procedure, usage or practice concerning the manner in which electronic documents are to be recorded or stored, having regard to the type of business, enterprise or endeavour that used, recorded or stored the electronic document and the nature and purpose of the electronic document. 

 

Within the judges’ decision, he writes…

 [112]     When I consider all of these circumstances, I conclude there is no basis for concluding that evidence was lost through unacceptable negligence…
The defence submission  that the RCMP should have considered better software and techniques has some traction as of that time…
The RCMP understood it had accurate screenshots of those posts and the associated Timelines…
In these circumstances, I find that it was not unreasonable for the RCMP to continue with the process it had in place.
[113]     This decision should not be seen as endorsing the use of less-than-forensic-grade software to capture and preserve social media evidence.
My conclusion that the police conduct did not reach a level of unacceptable negligence at the later stages of the investigation is driven, in large part, by three considerations:
first, the police efforts to preserve the evidence were genuine and extensive;

second, the Crown obligation to disclose relevant information appears to have been satisfied by the considerable material produced…
and third, the collection and preservation of social media evidence by the police is a relatively new process and, prior to this case, there was no established RCMP policy or procedure and no legal standard for doing so.

I expect that, if the police procedures do not improve, subsequent decisions may find the police action to be unreasonable.
[114]     In summary, I conclude that Mr. Hamdan’s s. 7 right was not breached by the manner by which the Key Posts and associated Timelines were captured and preserved. 

 

One of the key points from the above excerpts is that the judge accepted the evidence as the ‘police efforts to preserve the evidence were genuine and extensive’.

The judge had no reason to question the authenticity of the evidence or what it meant.

This would be the same for notes created in a less than fool-proof way where they are not made immutable.

But the judge did end by stating…

 if the police procedures do not improve,
subsequent decisions may find the police action to be unreasonable 
Honourable Mr. Justice Butler
Supreme Court of British Columbia – Canada

 

As a community, we need to look at ways to improve our processes and ensure significant cases are not lost due to technicalities or questions around a witness’s credibility unless there is evidence to support those concerns.

As a result of the above court case which specifically named “Hunchly” as a product designed to properly capture data during OSINT investigations, many departments are now purchasing and using this software to ensure they are following best practices going forward for all their open-source investigations.

Hunchly OSINT Software Logo

Even Michael Bazzell, who is well known as an expert within the OSINT community recommends Hunchly  saying..

Michael Bazzell - OSINT Expert & Founder of Intel Techniques

 Hunchly is the ONLY online evidence collection solution that meets all of my investigation needs.
The support from Justin and the team alone is worth the price ten-fold. 
~ Michael Bazzell
OSINT Expert – Founder: inteltechniques.com

 

So should you TRUST notes created with MS Word and OneNote?

Yes, unless you have a reason to question the credibility of the author.

If this is the case, the use of MS Word or OneNote could cause serious issues in the courtroom should the opposing party also question the authenticity of the notes created or if they were modified after the fact.

Electronic Note-Taking Application

 

Electronic Note-Taking applications offer the best of both worlds if designed and used properly.  But remember, not all applications are created equal.

When deciding on what electronic note-taking application you want to use, you will have to consider your specific needs and requirements not only now, but in the future when your case finally goes to trial.

Does the application:

Replicate court accepted practices, by

  • Functioning like a paper notebook, which has been trusted in courts for decades?

Secure your data, by

  • Properly protecting the data using advanced encryption techniques?

Make your evidence Immutable, by

  • Obtaining a Timestamp for every note entered from a Trusted Timestamping Authority (TSA)
  • Using a Blockchain to further ensure no tampering?

Provide an intuitive & user-friendly interface, that allows you to

  • Arrange notes to make your investigations easier to manage?
  • Easily find items via search?

Provide advanced features, such as

  • Including images in your notes?
  • Automatically hashing (MD5 & SHA512) all attachments and images

Simplify Court Disclosure by:

  • Showing that all notes were disclosed
  • Allowing the prosecution and defense to quickly verify your notes are authentic and were not altered after disclosure.

And finally, is the application run and managed by trusted members in your community?

When choosing an Electronic Note-Taking Application, you should select an application that works the way you work instead of being forced to work within the constraints of the application they provide.

Forensic Notes has been designed to solve all the issues discussed in this article and is available both online (SaaS) and On-Premises.

Note-Taking Comparison Chart

 

Conclusion

 

 

In this article, I hope I was able to show you how to properly take contemporaneous notes during an investigation and why you should never use MS Word or OneNote for contemporaneous note-taking purposes.

Both are great products, but simply not designed to replicate paper bound notebooks which have been accepted in the courts for decades.

Some may continue to use a good pen and paper notebook to take notes during an investigation, but if you are looking to go digital, then Forensic Notes has been designed for you.

Have confidence when you go to court, knowing that the notes you created during your investigation will be accepted and trusted.

If you have any questions about Forensic Notes or regarding this article, please don’t hesitate to contact me directly.

robert@forensicnotes.com

 

Cheers,

Rob Merriott
Founder – Forensic Notes

 

About Author:

Robert Merriott has been a municipal police officer for over 13 years working as a frontline police officer, tactical operator, and most recently as a detective in the Technological Crime Unit specializing in Digital Forensics and Cybercrime.

Prior to his policing career, Robert obtained a Bachelor of Science in Computer Information Systems and worked in the private sector as a web application developer. While working as a developer, Robert was awarded Microsoft MVP status and was a founding board member of the ASPInsiders, an organization that worked closely with Microsoft to provide expert feedback on the development of the ASP.NET web application framework.

Robert founded TwiceSafe Software Solutions Inc. (Forensic Notes) after realizing the need for a digital note-taking application that would meet the high standards of digital forensic evidence in the courts.

 

DISCLAIMER: This article is not meant to provide legal advice or information. Legal statements made are only provided as guidance for the reader to seek professional legal advice within their jurisdiction. No information contained within this article should be acted upon without discussing the merits of such information with a legal professional. The author of this article is NOT A LAWYER and takes no legal responsibility for the information presented.

Document Workplace Bullying

Document Workplace Bullying

by robAdmin

Document Workplace Bullying Harassment & Discrimination for Free

Court-Ready Documentation!

Designed for:

  • Workplace Harassment
  • Workplace Discrimination
  • Workplace Bullying
  • Hostile Work Environments

Start My FREE Subscription

Dr. Renee Thompson : Nurse & Bullying Expert

Documenting your experiences is one of the most powerful actions you can take against bullying.

Privacy is Protected – Security is Forensic Notes’ #1 Priority

Forensic Notes are securely stored and encrypted so only you can access and read your notes until you decide to provide them to others.

All private data is encrypted at rest and in transit.

[more info]

Easily Defend Against Attacks Surrounding the Credibility of Your Dates

The ability to prove when you wrote a note or saved a document is essential in both civil and criminal court.

However, the reality is that it is very easy to change the date of most computer files such as MS Word documents.

Forensic Notes protects your credibility when questioned!

[more info]

Easily PROVE the Authenticity of Your Notes & Documents

Every Forensic Note PDF is Timestamped by an independent Timestamping Authority (TSA) and then Digitally Signed. A second Timestamp is then obtained before all the information is entered into our proprietary Validation Tool.

Validating a Forensic Note is fast and easy. Simply Drag & Drop!

[more info]

Start My FREE Subscription

No Obligation – No Payment Information Required

Let Us Help You Through This Tough Time!

Document Workplace Harassment

by robAdmin

– Customized Interface & Features –

Workplace harassment is an all-too-common phenomenon in today’s workplaces which can lead to physical and mental health issues such as anxiety, depression and panic attacks among those who are victims of it. While it isfrequently of a sexual nature, workplace harassment also takes other forms andmay involve violence, bullying or other abusive, threatening or demeaning behavior…With adequate evidence, such as those which Forensic Notes empowers victims to assemble, a victim of workplace harassment can confidently fight against harassment and potentially receive compensation that could be in the hundreds of thousands of dollars…

Why Use Forensic Notes to Document Workplace Harassment?

Stop Sexual Harassment in the Workplace

  • Prove* when you were harassed
  • Prove* who witnessed the workplace harassment
  • Prove* how you felt on any given day as a result of your workplace harassment
  • Paper notebooks and electronic files can be easily altered resulting in your credibility being questioned within the courts — Go to court with confidence…Go to court with Forensic Notes which are Digitally Signed and Timestamped by an independent third party proving you made the note on the date stated in your document

With Forensic Notes, you will be able to state in detail all occurrences of workplace harassment, who witnessed the harassment and how you felt as a result of the harassment years after the incident. Would your credibility be questioned in court if you can state in detail what happened two years prior not only for one incident, but numerous incidents and also prove that you had made those notes two years prior?

Disclaimer: * “Prove” does NOT indicate that Forensic Notes provides 100% undeniable proof that something occurred, rather Forensic Notes helps you as the author prove your information taking into account your evidence, background and articulation of the events. With Forensic Notes, you can help prove that you entered the note on a given date and time.

Supported Browsers

by robAdmin

Supported Browser Versions

Forensic Notes supports the current and prior major release of Chrome and Internet Explorer web browsers. Forensic Notes is committed to providing the best user experience to it users through new technology which is offered by the latest browsers. New browsers also provide additional security and protection of your sensitive information which is Forensic Notes #1 priority.

Forensic Notes supports the following browsers:

  • Chrome (download)
  • Safari
  • Internet Explorer (download)
  • Edge (pre-installed Windows 10)

Future Browser Support

We are currently working to support Firefox, Internet Explorer & Edge browsers. If you would like to be notified when Forensic Notes can be accessed with these browsers, please enter your email below.

Cookies and JavaScript

Cookies and JavaScript must be enabled to properly use the Forensic Notes application.

Digital Signature – Electronic Signature (eSignature)

by robAdmin

What is an Electronic Sigature (eSignature)?

 

Electronic signatures (eSignatures) are the equivalent of a handwritten signature in the paper world.  In simple terms, an electronic signature is simply a digital image of a signature displayed within an electronic document.

Mike Smith Electronic Signature

What is a Digital Signature?

 

Digital signatures strengthen electronic signatures by encrypting the contents of a document which allows applications to detect if the document was tampered with or altered.

Although digital signatures appear to be complicated, the knowledge required to use and validate digitally signed documents associated with Forensic Notes is minimal.

For most people using Forensic Notes, the above information is all that is needed to understand the Digital Signing process.

Forensic Notes Proprietary Validation Tool will complete the complex validation and simply display the validity of the document as either being Valid (Green) or Invalid (Red).

Click here for further information on the differences between Electronic Signatures and Digital Signatures.

 

Technical Information – Digital Signature

The digital signature relies on a digital fingerprint which is a SHA-512 Hash value. The Hash value is calculated using a one-way encryption algorithm which generates the unique value for the document.

The only way to generate a duplicate SHA-512 Hash value is if an exact duplicate file is analyzed.

The digital fingerprint is then encrypted with a Private Key through a process involving Public Key Infrastructure (PKI).

As part of the Digital Signing process utilized by Forensic Notes, an independent digital timestamp is obtained from DigiStamp, our Timstamping Authority (TSA).

DigiStamp is trusted by large banks, government agencies and global organizations.

The digital timestamp is embedded within the Digital Signature at the time of signing. This allows the person viewing the document to know the exact data and time the document was digitally signed.

The result is an electronic document that is designed to detect tampering and modifications. If any modification or tampering of the document occurs,  the signature becomes invalid and will fail to validate using Forensic Notes Proprietary Validation Tool.

In addition, the digital signature can be checked and validated within Adobe Reader or Adobe Acrobat.

 

Digital Signature – What does it mean for you?

 

From a legal perspective, this allows the creator of the Forensic Note to prove that a note or attached document existed at the date and time specified.

Not only can the owner prove that the note or attachment existed, but also that it has not been modified or altered since the signature was applied.

This is vital for admitting documents into a court room – as there may be challenges about the reliability of your documents and the time they were actually written.

 

Can you PROVE when you created a note or document?

Many people are not aware that a document can be easily manipulated to appear as if it was created days, months or even years in the past. The process can be easily accomplished by:

  1. Setting back the computers clock
  2. Creating a document
  3. Saving the document
  4. Resetting the computer clock

The result will be a document that appears to have been created in the past.  Although it may be possible for an experienced digital forensic examiner to determine the original date, the process to do so is both difficult and time consuming.

Digital Signatures and Forensic Notes Proprietary Validation Tool solves the problem of being unable to prove when a document was saved. This ensures that the author of each Forensic Note can easily PROVE when a note or document was created.

As a result, you will be able to present your notes and documents and face any scrutiny  with credibility and integrity.

Generate SHA-512 Hash

by robAdmin

Forensic Notes allows you to validate the authenticity of notes and attachments by physical file or by providing a SHA-512 Hash. To determine the SHA-512 Hash of your physical file, we suggest you download the following tool. Although it looks a bit ‘dated’, it is one of the easier to use applications for this purpose.

HashMyFiles by NirSoft
http://www.nirsoft.net/utils/hash_my_files.html

HashMyFiles - SHA-512 Hash Tool | Forensic Notes Software

Download links can be found near the bottom of the page.

HashMyFiles Download Location - SHA-512 Hash Tool | Forensic Notes Software

Trust Digital Signing Certificate

by robAdmin

Every Forensic Note and Forensic Notebook is Digitally Signed by a Digital Signing Certificate issued by Comodo, a Certificate Authority (CA). By default, Adobe Reader / Acrobat do not have knowledge of the certificate which results in the warning “At least one signature has problems” (as shown below).

To properly validate your Forensic Notes and Forensic Notebooks, follow the steps outlined below which will add the Digital Signing Certificate to your list of Truststed Certificates. The following steps only need to be completed once on each computer viewing Forensic Notes and Notebooks.

 

Forensic Notes : Certificate not Trusted Details

NOTE: The following instructions are for Adobe Acrobat Reader CS.  Other versions of Adobe Acrobat will have similar features and options.

Step #1 – Signature Panel

 

1. Click on “Signature Panel”

 

Forensic Notes : Certificate Trusted

 

2. Click the dropdown menu next to “Validate All”

3. Click on “Validate Signature”

4. Click the “Signature Properties…” button

 

Forensic Notes : Valid Signature

 

Step #2 – Signature Properties

 

The following menu shows the properties of the Digital Signature. As shown, the Forensic Note has not been modified since it was Digitally Signed.

 

1. Click the “Show Signer’s Certificate…” button

 

Forensic Notes : Signature Properties

Step #3 – Certificate Viewer – Summary

 

The following menu shows further information related to the Digital Certificate.

1. Click the “Trust” tab

 

Forensic Notes : Certificate Viewer

 

Step #4 – Certificate Viewer – Trust

 

The following menu shows that the associated Digital Certificate is not trusted.

1. Click the “Add to Trusted Certificates…” button

 

Forensic Notes : Certificate Viewer : Trust Tab

 

Step #5 – Add Trust Settings

 

This following menu allows you to set the Trust level for the Digital Certificate associated with Forensic Notes and Notebooks. To properly validate Forensic Notes and Notebooks, you only need to ensure that the following two (2) options are selected:

1. Use this certificate as a trusted root

2. Certified documents

3. Click “Ok” to save changes

Dynamic Content, Embedded high privilege JavaScript and Privileged system operation options do NOT need to be selected. These can cause potential security concerns in some environments and are not required for validating Forensic Notes.

 

Forensic Notes : Setting Certificate Trust Settings

 

Step #6 – Validate Signature

 

Now that the Digital Certificate is trusted within Adobe Reader/Acrobat, the Forensic Note or Notebook must be re-validated as it will continue to show errors until completed.

1. Click on menu icon next to “Validate All”

2. Click on “Validate Signature”

 

The Digital Signature will be re-validated now that the Digital Certificate is trusted.

 

Forensic Notes : Revalidate Digital Certificate

 

Step #7 – Valid Signature

 

The Signature Panel should now show the following message:

“Signed and all signatures are valid”

 

Forensic Notes : Valid Signature

 

View List of Trusted Certificates – Adobe Reader

 

To view the list of Trusted Certificates within Adobe Reader, following these steps:

1. Click “Preferences…” within “Edit” menu

 

Forensic Notes : Preferences within Adobe

 

2. Click “Signatures”

3. Click “More…” button within “Identities & Trusted Certificates”

4. View list of Trusted Certificates

 

Forensic Notes : Adobe Certificate Location

Validate via Timestamp Certificate

by robAdmin

Forensic Notes are timestamped by DigiStamp, an independent & trusted Timestamping Authority (TSA). DigiStamps’ Timestamp Certificate (.p7s extension file) is used to verify the date and time of your Forensic Note if the validity of the Forensic Note is ever questioned.

Timestamp Validation NOT Always Required!

The instructions within this article are provided to validate a Forensic Note with the generated Timestamp Certificate. However, validation via timestamp should only occur if the validity of the Forensic Note is questioned as the steps below are more complex than using the Forensic Notes Proprietary Validation Tool.

Steps:

1. Open the Forensic Note ZIP Archive (.zip) that you downloaded from your account

 

2. Locate the Forensic Note and Timestamp Certificate

 

Forensic Notes : Archive File

 

 

3. Extract files from ZIP Archive into a regular folder

Forensic Notes : Extract files from ZIP

 

4. Go to: DigiStamp Timestamp Verification Tool

 

Forensic Notes : Digistamp Verification Tool

 

 

5. Drag & Drop the files into the DigiStamp Timestamp Verification application or press the “Choose Files” button to select your files from within File Explorer.

 

Forensic Notes : Using DigiStamp Verification Tool

 

NOTE: Your personal information is not uploaded to the DigiStamp server.

 

Forensic Notes : No Private Information Transmitted

~ Screen capture from DigiStamp site shown above (“Click to show instruction” clicked)

 

 

Verified Valid Timestamp

 

The following display confirms that the timestamp matches the Forensic Note. The date & time saved within the Timestamp Certificate is displayed within the DigiStamp confirmation application.

 

Forensic Notes : Valid

Good to Know – Filename Changes

Changing the filename of the Forensic Note or Timestamp Certificate has no effect on the validation process.

Changing a filename does not change the contents of the file or its’ HASH value. The HASH (SHA-512) value is used to validate a file with an associated timestamp.

Good to Know – UTC or GMT?

All dates & times stored or displayed are in UTC (Universal Time Coordinated).

UTC = GMT (Greenwich Mean Time

Technically, UTC is a time standard whereas GMT is time zone. Both are often used interchangeably and represent the same time offset.

Invalid Timestamp

Timestamp Certificate does not match the Forensic Note

The following shows that the Timestamp Certificate does not match the Forensic Note provided. If the filenames match but the following information is displayed, then this could be an indication that the Forensic Note has been altered in some way.

 

Forensic Notes : Invalid

Adobe Signature Panel Explained

by robAdmin

Each Forensic Note PDF has been Digitally Signed by DocumentSigning@ForensicNotes.com. As a result, any attempts to change the Forensic Notes PDF will result in a warning to the user when the Forensic Note is viewed within Adobe Reader / Acrobat as shown below.

Invalid Forensic Note – Document was changed

 

PDF: One signature invalid

PDF: Not Trusted

The above warnings indicate that the Forensic Note was modified in some way since it was originally saved and signed within the Forensic Notes application.

Valid Forensic Note

 

Digital Signature Not Trusted (Expected on 1st time viewing)

Digital Signature Not Trusted (Expected on 1st time viewing)

The certificate associated with the Digital Signature has not been trusted on the computer viewing the Forensic Note. This is expected when first viewing a Forensic Note on a computer for the first time.  For steps on how to trust the Digital Certificate associated with the Digital Signature, go to How to Trust Digital Signing Certificate.

Valid Forensic Note

Valid Forensic Note

Adobe Reader or Adobe Acrobat Validation

by robAdmin

Adobe Reader / Acrobat Validation NOT Always Required!

The instructions within this article are provided to validate a Forensic Note via Adobe Reader or Adobe Acrobat. However, validation via the Forensic Notes Proprietary Validation Tool is recommended due to its ease of use and validation capabilities.

 

1. Open a Forensic Note / Notebook within Adobe Reader or Acrobat and ensure that the “Valid Forensic Note” signature panel is displayed (see below). If Digital Certificate has not been trusted, go to Trust Digital Signing Certificate and follow the instructions before proceeding.

2. Confirm that the PDF has been Digitally Signed by DocumentSigning@forensicnotes.com

3. Confirm that the document has not been modified since the signature was applied.

4. Confirm that the signing time of the document approximately matches the time you have recorded within the Forensic Note or Forensic Notebook. To view the signing time of the Forensic Note, you must “Show Signature Properties…”.

Dates & Times – Why Approximately?

 

While validating a Forensic Note or a Forensic Notebook, up to three (3) different dates & times may be found which will all be valid if they fall within a couple minutes of each other due to how Forensic Notes are processed. Forensic Notes are processed in three (3) distinctive steps:

Step #1 – Database Save

Forensic Note information in saved read-only into the database. The date and time associated with saving the data into the Forensic Notes application is recorded and printed within the generated PDF.

Step #2 – Digital Signature Applied

A Forensic Notes PDF is generated which includes the printed date and time from Step #1. The Forensic Note PDF is then Digitally Signed with a Digital Signing Certificate. The date and time associated with the Digital Signature is recorded within the Digital Signature. This Digital Signature’s signing date can then be displayed within the PDF as the Signing Date & Time. (see Validate via Adobe Reader / Acrobat – Step #4)

Step #3 – Timestamp Generated

A one-way HASH of the Forensic Note PDF is sent to our independent and trusted third-party Timestamping Authority (TSA) which provides a timestamp of the Forensic Note or Forensic Notebook. The date and time associated with the timestamping is recorded within the Digital Timestamp Certificate and returned to the Forensic Notes application. (see Validate via Timestamp Certificate)

 

These three (3) steps are normally processed quickly resulting in minimal differences in times associated with all three steps. However, larger documents or heavy network utilization may result in longer delays between steps causing more significant time differences. As a result, times should approximately match within a couple minutes’ difference.

Videos

by robAdmin

Fake a Date – File Metadata | ForensicNoteshttps://forensicnotes.wistia.com/medias/yco44b3enj

Change File Dates | Forensic Noteshttps://forensicnotes.wistia.com/medias/kq058tduv5

EEOC – What is the EEOC? | Forensic Noteshttps://forensicnotes.wistia.com/medias/3zmgro9ige

Workplace Harassment, Bullying & Discrimination | Forensic Noteshttps://forensicnotes.wistia.com/medias/zg6dqhow7q

Validate Forensic Notebooks, Notes and Attachments – How To | Forensic Noteshttps://forensicnotes.wistia.com/medias/93n0zsywsf

© TwiceSafe Software Solutions Inc. | All Rights Reserved

TwiceSafe Software Solutions Inc. DOES NOT provide any legal advice and users of this web site should consult with a lawyer to determine if the information provided on this site is valid for their given circumstances. Use of this web site is governed by our Terms & Conditions; refer to this document for more information.

FAQ’s – Team Accounts

by robAdmin

How do I add additional Team Members to my Account?

 

You can add additional Team Members to your account by clicking on the “Manage Team” menu item (upper right corner).

NOTE: You MUST be an administrator of the account to add & remove Team Members.

Manage Team Account - Menu Item

The Manage Team page will allow you to add, modify and remove Team Members.

To Add new Team Members, click on “Invite New Team Members” button.

Invite New Team Members

You can invite multiple Team Members at the same time by sending an invite to their email address.

Form to Invite New Team Members

Invite New Team Member - Email Sent

The invited Team Member will receive an email similar to the following…

Email sent to Invited Team Member

Upon clicking the “Join Your Team Now” button, the user will be directed to create a new account.

The user will be able to create a normal account or utilize a Social Media Account to login.

Setup New Account for Invited Team Member

The create account process will require them to enter an email address and name.

New User Signed up with a Different Email

Upon creating a new account, the user will remain locked out of the application until the Admin has authorized final access.

New User Signed Up - Waiting for Final Approval

The Admin who originally invited the new Team Member will receive the following email requesting final approval.

If a different email address was used to create the account, this discrepancy will be highlighted within the email.

Final Approval Email Sent to Admin

Upon “Allow Access”, the new Team Member will receive a final email advising them that they can now login to the Team Account.

Can other Team Members edit my notes?

 

No, Team Members will only be able to view your Timestamped Notes.

FAQ’s – Workplace Bullying & Discrimination

by robAdmin

How do I create a new Note?

 

You can create a new note by:

  1. Clicking the “Add New Note / Incident on…” button located above existing notes.

    Add New Note Button

    OR

  2. Clicking the ‘new’ button within the “Selected Notebook” panel.

    Add New Note Option in Menu

How do I expand/view the “All Notebooks” and “Selected Notebook” panel?

 

Desktop:

You can expand either panel by clicking on the appropriate collapsed panel.

Desktop Navigation of Forensic Notes

Mobile:

On mobile devices, you can only view one panel at a time. To view either panel, simply click on the appropriate panel icon.

Mobile Navigation of Forensic Notes

 

How should I document Workplace incidents within Forensic Notes?

 

 

The main point to remember is to always document incidents with fact-based information that shows that your interpretation of the incident is fair and accurate. For further details, please refer to our Top 12 Best Practice Guidelines for Recording and Documenting Evidence.

I just completed my first note. What should I do now?

 

 

First off, we want to acknowledge that you’ve taken an important and difficult first step. The fact that you recognize the need to document workplace issues shows that you’ve likely been the target of co-workers bullying or discriminating against you.  Your next step will be to continue to utilize this service and document all incidents at work which you believe will provide a clearer picture of the issues you face.

Fact-based and detailed information is key to providing documentation that will be trusted by others to be truthful and accurate.

If I need to bring my notes to a lawyer, what should I do?

 

 

We recommend that you download the Forensic Notebook associated with your incident that you wish to discuss with your lawyer.  Instructions for downloading a Forensic Notebook can be found here.

Since your initial meeting with a lawyer may be quick without access to a computer, we also recommend that you print a copy of your Notebook and take that printed copy with you to your meeting so that your lawyer can read over your information.

How do I download my notes?

 

Details on how to download your notes can be found within the Download FAQ section found here.

If I need to bring my notes to my HR department what should I do?

 

Please follow the instructions above in “If I need to bring my notes to a lawyer,…”

If I need to PROVE these notes are authentic, what do I do?

 

 

Being able to PROVE that your notes are authentic is the main benefit of Forensic Notes. This can be easily accomplished by following the detailed instructions on Validation found here.

I have a 2nd harasser, what do I do?

 

You will want to create a 2nd Notebook within the “All Notebooks” panel by clicking on the “New” button.

It is important to keep this information separate to show that it is unrelated to your original harasser.

FAQ’s – Security & Legal

by robAdmin

Is Forensic Notes secure?

 

 

Forensic Notes is highly secure utilizing the most advanced security and encryption techniques. For details (not marketing hype) regarding our security, please view our Security & Data Encryption page.

Does anyone at Forensic Notes read my private notes or file attachments?

 

 

The quick answer is…

No. Security of your private information is our #1 priority!

We will never read your notes or attachments. Period!

The longer technical answer is…

Every note and attachment added to Forensic Notes is encrypted with a unique encryption key (CEK). This encryption key is then encrypted with a global encryption key (KEK) retrieved from Microsoft’s Azure KeyVault. In order to decrypt your note or any attachments, the note and attachment encryption key (CEK) must be decrypted within Microsoft’s Azure KeyVault which tracks and records every decryption request.

We give you our word that we will never read you private notes of attachments. This statement can be backed up if ever required by providing independent audit logs from Microsoft to an authority if required.

For technical details on how we encrypt and decrypt your data, please refer to our Security & Data Encryption page. If you ever have any questions regarding security of your notes and information, please don’t hesitate to contact us. We will be happy to fully explain in detail how your information is protected.

Security of your private information is our #1 priority!

Are my private notes or documents sent and stored with the TSA (Time Stamp Authority)?

 

No!

Your note or attachments are never sent to any third-party websites.

A digital hash (fingerprint) of your document is created upon saving your information within Forensic Notes. This digital hash is a one-way hash value which can’t be reversed to determine the contents it was based on.

For more information on Hashing and how we obtain a Timestamp, please refer to our Timestamping Authority (TSA)page.

FAQ’s – How Do I?

by robAdmin

I made a mistake and now I want to change / edit a Forensic Note?

 

A Forensic Note cannot be edited once it has been finalized.  This is to protect the integrity of notes and is one of the core principles Forensic Notes is built on.

If you realized after finalizing a note that something was incorrect or needs to be changed, the best method is to create a new note while referring to the original note. You should also provide an explanation regarding what errors or issues your original note contained. You can then mark your old note as “Deleted”.

This is similar to paper notes within a notebook. Your credibility in court would be questioned if you provided a notebook with torn out pages. Instead, the proper way is to cross-out the note you made in error which still allows the courts to read your existing note to determine if it has value.

Forensic Notes works in the same manner allowing you to ‘cross-out’ an existing note while providing a reason on why it is not valid. This is accomplished by:

  1. Selecting a Forensic Note
  2. Clicking on the “Mark Forensic Note as Deleted” icon

Mark Forensic Note as Deleted

This will result in a dialog box allowing you to enter the reason why you would like to “Delete” this particular Forensic Note.

Delete Forensic Note - Confirmation and Reason

The Forensic Note is now marked as “Deleted” but still visible if required. This note will also be included in any future Forensic Notebooks, but will be clearly marked as “Deleted” along with the reason you provided for the deletion.

Delete Forensic Note - Crossed Out

Why can’t I just use Forensic Notes like a regular editor and make changes if I want? I don’t like the idea of locking my notes!

 

The good news is that you are not forced to finalize (or “lock”) your notes. You can leave them in an editable state for as long as you want. The editor auto-saves each entry allowing you to edit at any point until you finalize it.

But please remember that you will not be able to PROVE you wrote the notes by a particular date without finalizing them.

 

One of my notes contains sensitive tactics that can’t be disclosed in court. Is there any way to hide this information?

 

We are currently developing the ability to ‘redact’ a note or portions of a note within Forensic Notebooks.

Until this feature is released, we suggest that you manually redact the information using Adobe Acrobat.

This will make the Forensic Notebook invalid if authenticated, however you can individually validate each Forensic Note to show that only the information contained in this one note was redacted.=

If you have any questions regarding this process, please contact us.

Can I add file attachments and existing electronic files?

 

 

Attachments can be added by:

  1. Dragging & Dropping any electronic file from Windows File Explorer onto the File Attachment Upload control.
  2. Clicking “Choose a file…” button

Add file attachments

File Size Limits:

File size limit currently set at 100MB per file. If you require a larger file size limit, please contact us with the request.

FAQ’s – Editor

by robAdmin

Why don’t you have spell correction within the editor?

 

Native spell correction is enabled which results in misspelled words being underlined with a red squiggly line. Since the editor has many advanced features, the default Spell Checker capabilities have been disabled when you right-click on a misspelled word.

To view correct spelling suggestions, you must hold down the “Ctrl” key on your keyboard while right-clicking with your mouse pointer on the misspelled word.

This will allow you to select a suggested correction.

How to activate Spell Correction

 

Can I add images into my notes?

 

Yes, images can be added by:

  1. Dragging & Dropping an image from Windows File Explorer into the editor

    Add Images to Editor - Drag & Drop

  2. Clicking the “Insert Image” button within the editor toolbar Insert image from editor toolbar

NOTE: Due to functionality or account limitations, images can’t be added to notes on Mobile devices or within Workplace Harassments accounts.  However, images can still be added as attachments to the note in both circumstances.

Image File Size Limits:

Although there is no Image File Size Limit, images greater than 1MB can degrade the performance of your browser depending on the specifications of your computer hardware.

For original photographs taken with digital cameras, it is recommended that you either reduce the file size prior to including or add the images as “Attachments” to the note.

 

Can I edit an image within the editor?

 

Yes, the editor allows you to complete common image editing tasks within the editor such as:

  • Resize image
  • Crop image
  • Edit image
  • Remove image

Resize & Crop Image

Resize and Crop images within editor

 

Edit Image

The “Edit Image” feature allows you to add:

  • Diagrams
  • Text
  • Arrows & Objects
  • Handwritten text

 

Edit image - Add arrows, boxes and text

NOTE: To allow images to be included in notes, the image will be saved as a flat image. As a result, you will not be able to modify individual objects within the editor once they are placed on the canvas.

Eg: Once an arrow has been placed on the canvas, you will not be able to edit the size or position of the arrow once you click to edit a different object. However, you can ‘erase’ or cover-up sections as required.

 

Edit & Markup Photographs

Edit & Markup Photographs
Edit & Markup Photographs

 

Edit & Markup Photographs
Edit & Markup Photographs

 

If I want to separately print the images I include within my notes, should I also add them as an attachment to keep the same size and quality?

 

Luckily, we’ve already thought of this and recognize how important those images can be to your file. All images added to a note are also saved in full resolution as an “embedded” attachment which can be printed separately if required.

Am I able to add hand-written notes and diagrams?

 

Yes, we designed our editor to allow handwritten notes and diagrams.

You can:

  1. Scan paper notes and add them as attachments or place them inline within your notes

    OR

  2. Use our “Handwritten Note” editor

Handwritten Note Editor

On Desktop and Tablet computers, you can create handwritten notes and diagrams within the Forensic Notes application.

Handwritten Note Editor - Toolbar Icon

The above icon will open the “Handwritten Note” editor.

Within the “Handwritten Note” editor, you can add/change:

  • Handwriting
  • Typed text
  • Lines, arrows and various objects
  • Paper type (Blue Lined, Black Lined, Graph, Blank)

 

Performance Note:

The handwriting feature can be CPU intensive on older tablets and budget computers. If the application feels slow to respond, please check your CPU usage and shutdown un-required applications.

FAQ’s – Downloads

by robAdmin

Mac O/S – Viewing / Opening ZIP Files

 

The Mac O/S does not natively open password protected ZIP archive files which are used to download your Notes and Notebooks.

The error provided by the Mac O/S can be vague making it seem like the download was corrupted.

Several paid software packages are available but for a FREE option, we suggest Keka. (http://www.kekaosx.com/en/doc.php)

What is the format of a Forensic Note if I download it?

 

Forensic Notes and Forensic Notebooks are both saved in PDF format and therefore readable on any device capable of viewing PDF documents.

Each Forensic Note and Forensic Notebook is associated with a digital Timestamp issued by an Independent and Trusted Timestamping Authority (TSA).

Forensic Notes and Forensic Notebooks are downloaded within a password protected ZIP archive to help ensure the security of your private information.

ZIP Archive - Format of a Forensic Note is a PDF sotred within a password protected ZIP Archive

 

How do I download a Forensic Note?

 

You can download the currently selected Forensic Note via:

Desktop:

  1. “Download Forensic Note” link
    – Located in the upper right corner of the screen (if visible)

Download icon within the “Selected Notebook” panel

How do I download a Forensic Note? Click Download Forensic Note

Mobile:

  1. Download icon within the “Selected Notebook” panel

How do I download a Forensic Note? Click Download Forensic Note icon on Mobile

NOTE: You MUST select the note you want to download prior to initiating the download process.

How do I download a Forensic Notebook?

 

You can download the currently selected Forensic Notebook via:

Desktop:

  1. “Download Forensic Notebook” link
    – Located in upper right corner of the screen (is visible)
  2. Download icon within the “Selected Notebook” panel

How do I download a Forensic Notebook? Click Download Forensic Notebook icon

Mobile:

  1. Download icon within the “Selected Notebook” panel

How do I download a Forensic Notebook? Click Download Forensic Notebook icon on Mobile

NOTE: You MUST have the Forensic Notebook root node selected to download the Notebook.

 

How do I extract the files from the downloaded ZIP file?

 

For details on how to extract the files from the password protected ZIP archive, please refer to our article “Extract Forensic Notes from ZIP”.

What happens if I forget the password I set for my ZIP archive downloads?

 

Desktop:

The password can be retrieved by hovering your mouse over the ‘eye’ symbol within the “Download Forensic Note” link.

Show password for ZIP Archives

Mobile:

Sorry, your password can’t currently be viewed on mobile devices.

Please log into your Forensic Notes account on a desktop and follow instructions above.

Why do I have to set a different password for downloading ZIP Archives from my login credentials?

 

You should always keep your login credentials safe & secure using a complex password. As with all sensitive accounts that contain private information, you should use a different password for each account.

Since your password is safely secured with Microsoft Azure B2C Active Directory, Forensic Notes does not have access to this information. As a result, we require you to provide a new password for downloading your sensitive files. And since security of your data is our #1 priority, we strongly suggest that you pick a different password or phrase than you normally use.

How do I validate a Forensic Note or Forensic Notebook?

 

You can validate a Forensic Note or Forensic Notebook three (3) different ways, including:

  1. Forensic Notes Validation Tool (drag & drop)
  2. Adobe Reader & Acrobat
  3. Digital Timestamp Certificate

The easiest solution is to use our proprietary Validation Tool (#1 option above).

Further information on validation can be found at:

/validation-test

Adding a New Notebook & Notes

by robAdmin

 

Once you have decided what type of Notebook you want to create, you can create the type of notebook you need within the “All Notebooks” panel.

Add New Notebook - Animated GIF

Changing Notebook Name:

In the video above, the user double-clicks on the notebook name to go into edit mode so that the Notebook name can be changed.

Edit Note Name

Double-clicking Notebook and Note name to go into edit mode works on both desktop and mobile devices.

The new Notebook will automatically show up within the “Selected Notebook” panel when it is created.

A new note within the Notebook can now be created by clicking the “New” button.

Add New Note

A new non-timestamped note will then be created.

New Note - Icons Explained

Editor Overview

 

The advanced editor has many features including an auto-save feature to ensure you do not lose your notes.

Auto-Save Feature

Editor Auto-Save - Animated GIF

Auto-Save – Date & Time Displayed

The editor will display the last time a note was saved in the lower right corner.

Auto-Save - Date & Time Displayed

Additional Editor Features

The editor also has the following features:

  • Spell correction
  • Adding images into your notes
  • Editing images
  • Adding hand-written notes and diagrams
  • And many more…

 

Editor Features – FAQ

For information on how to complete the above tasks and many more, refer to our Editor FAQ page.

Timestamping A Note

 

When you are ready to Timestamp your note, click the “Timestamp” button below the editor.

Timestamp a Note (Time Stamp)

This will:

  • Generate a PDF of your note
  • Digitally sign your PDF with an electronic signature and add a timestamp from an independent timestamping authority. (This process generates a Forensic Note)
  • A second timestamp is then obtained for the Forensic Note (PDF)

Generating a Forensic Note is like carving your note in solid granite.

Forensic Notes Logo carved into granite rock

Once you generate a Forensic Note, you will not be able to change that note.

Editable copies of your Forensic Note can be created but the original Forensic Note will remain un-altered.

Timestamping – Further Information

If you are interested in the technical details of timestamping a note, please refer to our detailed article “Timestamping Authority (TSA)“.

Editing Notes

 

To edit a note, click the “Edit Note” button as shown below.

Editor Save Now - Animated GIF

As shown in the above video, you do not have to re-timestamp the new note until you are ready.

Editing a Forensic Note – Actually You are Creating a Copy to Edit!

Each time you edit a timestamped note (Forensic Note), you create a copy of the original and edit the new copy.

The original Forensic Note (Timestamped Note) remains un-altered.

Although you can change the date and time of the note entry, this does not affect the actual timestamp which can be used to show when you saved the note.

As a result, editing Forensic Notes should only occur to correct minor mistakes such as spelling, grammar or to further clarify existing information.

Attempting to change a notes original meaning or removing information you no longer want disclosed can be discovered by the opposing party.

This is because the original note will be part of the Forensic Notebook you download for legal disclosure.

Instead of removing information, you should instead Redact the information as you normally would.

Forensic Notes increases your credibility because you can prove that you are providing all information you have related to an incident.

As discussed within the “Types of Notebooks” section, only the following notebooks allow editing of Forensic Notes:

  • General Notebooks
  • Forensic Notebooks (w/ edits)

Note Version Displayed in Tree

As shown in the image above, you can view All Timestamped Notes (Forensic Notes) by clicking on the icon indicated  which will result in the following view.

Note Version - All Forensic Notes

As you can see above, the original Timestamped note (Forensic Note) is still visible and available for download.

All versions of a Forensic Note will be displayed in this view with each version clearly identified.

Full Disclosure – Editing Notes

When you download a Forensic Notebook, it will include all previous versions of Forensic Notes to provide full disclosure.

 

Types of Notebooks

by robAdmin

Which Notebook is Right for You?

 

Forensic Notes Icon Logo Forensic Notes offers three (3) different types of Notebooks to meet your specific needs.

  1. Forensic Notebook *
  2. Forensic Notebook (w/ edits) *
  3. General Notebook

* Professional account required

 

Forensic Notebooks

Forensic Notebook Icon Forensic Notebooks are the purest form of contemporaneous notes.

If full-disclosure is a legal requirement you need to abide by, then a Forensic Notebook is what you need.

 

Forensic Notebook Icon Forensic Notebook

 

This is the closest replication of a bound paper notebook and pen in electronic form.

Like pen and paper, once you write a note (and timestamp it), the note will remain as written.

No edits or modifications allowed.

Any notes that are marked as ‘deleted’ will be crossed out.

Date & Time associated with an individual note is obtained from the timestamp certificate issued upon completion of a note.

Main Advantage:

  • Full-Disclosure
  • Each note is Digitally Signed, Timestamped and saved as a Forensic Note

Write-Once, Read-Many (WORM)

Forensic Notebooks that don’t allow edits are also referred to as a WORM Notebook (Write-Once, Read-Many).

Forensic Notebook Icon Forensic Notebook (w/ edits)

 

This is for those that need a Forensic Notebook for documenting actions, but still want the ability to edit notes afterwards.

This notebook is ideal for making the following types of ‘tidying up’ corrections:

  • Spelling
  • Grammatical
  • Date & Time*
  • Clarifying information

Editing of notes is not intended to:

  • Remove notes you no longer want to disclose
  • Change a theory or step previously taken

This is because the above changes would be disclosed within the downloaded Forensic Notebook PDF.

Every previous version of a note, generated when a new version is timestamped, is included at the back of the downloaded PDF.

Create a professional version of your notes while still adhering to full-disclosure rules.

Main Advantage:

  • Full-Disclosure
  • Each note is Digitally Signed, Timestamped and saved as a Forensic Note
  • Ability to ‘tidy up’ notes

Full-Disclosure Note:
The note will display the timestamped Date & Time of every previous note. Previous versions of the note with the original timestamp can be used to confirm when you made your original note and if its ‘true meaning’ has changed since that time.

General Notebook Icon General Notebook

 

This is for general note-taking, offering all the same features as a Forensic Notebook without full-disclosure.

Not For Legal Purposes

This notebook is not meant for legal purposes. But, individual notes can be timestamped creating a Forensic Note.

Forensic Notes can be used in legal situations.

General Notebooks do not limit your ability to edit or delete existing notes. You are in full control.

Main Advantage:

  • Downloaded PDF Notebook only includes the notes you want to disclose (deleted notes are not included).

 

 

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More