Cyber Crime Investigative Techniques

By William Lynch

Cybercriminals have emerged as a dangerous threat to the law enforcement community.
i PhotoObjects.net/PhotoObjects.net/Getty Images

Cybercrime, defined as any illegal activity committed using computers, has emerged as a serious threat to individuals, businesses and even national security. Law enforcement agencies have responded with specialized units trained to counter such threats. A standard cybercrime investigation features a number of proven investigative techniques, each designed to track and capture cybercriminals.

Interviews

In identifying cybercrime, authorities often engage in personal interviews, questioning involved parties to gather as much information as possible about the case. These initial interviews establish whether a crime has been committed and how to best proceed with the criminal investigation. Recorded witness testimony plays a critical role not only in shaping the investigation but also in building the legal case against eventual suspects.

Surveillance

Another important form of information gathering, surveillance takes many forms in a cybercrime investigation. Authorities may perform physical surveillance utilizing security cameras, wiretaps and visual tracking to monitor a suspect's real-world movements. To keep tabs on digital activity, investigators perform computer surveillance, monitoring all elements of a suspect's computer use and online behavior. Computer surveillance may also involve sting operations like setting up a honeypot, which is an enticement to lure cybercriminals into a secured area of a computer server to illegally download files that can later be used against them as evidence.

Forensics

Once they've gathered enough information through interviews and surveillance, cybercrime investigators will get warrants to collect targeted computers for advanced forensic analysis. Computer forensics involves mining a computer for all relevant information and unearthing potential evidence. Gathered information may be persistent, meaning it's located on local hard drives, or volatile, meaning it's found in caches, random-access memories and registries. Forensic technicians will follow the electronic trail wherever it leads, looking for digital fingerprints in emails, files and Web-browsing histories.

Undercover

Cybercrime may require investigators to go undercover, adopting fake online personae to trap criminals. Undercover techniques play a pivotal role in combating online sex predators and those who traffic in underage pornography. Investigators often pose as children in chat rooms and message boards to monitor suspected illegal activity and to engage suspected predators. Investigators log all interactions as evidence and may even arrange a face-to-face meeting to arrest the perpetrator.

×