FREE e-Newsletter
Important News - Hot Topics
Get them Now!

DrugTest 5000 - Draeger Safety Diagnostics Inc
In the past, roadside drug screening has been difficult because it involved the...

Exclusive Webinar!

Originally aired: June 17, 2014  ‚óŹ 2PM EST

View Webinar Archive Here

Integrated Law Enforcement Complements and Completes Law Enforcement Capabilities

Discover how the combination of intelligence analysis, lead generation, agency collaboration, and communications integration can help you uncover issues faster and take action sooner. Learn how innovative IBM law enforcement solutions can extend the capabilities within your organization to deal with new and emerging threats, improve officer safety, reduce criminal activity, and protect the public. 

Join IBM industry expert Stephen Dalzell and members from the MDPD, IT and homeland security departments of the Miami Dade police department to hear more!

Click here to view archive

 

Cover Story

How To Investigate Cybercrime

Tracking bad guys on the Net takes the experience of a detective and the know-how of a tech head.

November 01, 2003  |  by - Also by this author

“Most agencies in the United States don’t have anyone who is even remotely on top of what needs to be done to investigate these cases,” says Det. Mark Kelly of the San Diego Sheriff’s Department who serves on a multiagency cybercrime task force. “They’re often glad to hear that we’re going to take the case. We tell them, ‘We have the expertise and we have the willingness to prosecute. All you have to do is take a report or serve a warrant.’ Most of the agencies that we have worked with have no problem doing that.”

Bit by Bit

After a suspect’s computer and various hard drives have been seized, it’s time for the computer forensic specialists to go to work. These folks are the real computer experts among cybercrime investigators, and their work is extremely specialized. It’s so specialized that many agencies that have cybercrime detectives farm out forensic examination to federal agencies or multiagency task forces.

Koenig says computer forensics is a matter of knowing what you’re looking for and knowing how to find it. “People think we look at the entire hard drive, but it doesn’t work that way. If you come to me and say, ‘find everything on a computer,’ I’ll tell you that I’ll retire before I complete that job. If you printed out every piece of data on a 120GB hard drive you’d have enough paper to fill up a football stadium with stacks 8 feet high and you’d still be printing.”

For this reason, among others, Koenig cautions against computer “fishing expeditions.” Such attempts at trolling for evidence are even more complicated by the fact that computer crime cases often involve multiple machines.

“We worked a school hack that involved 500 computers,” says Koenig. “But we knew specifically what we were looking for and we seized only two computers.”

Once the computers are in police custody, a forensic specialist makes what’s called a “true copy” of its hard drive. A “true copy” is made by using software to create a bit-by-bit image of the drive. If the investigator merely made a standard copy of the drive through a backup program or by dragging and dropping the drive, the copy would not include deleted files, temporary files, and other normally superflous data that could prove critical to the investigation.

The true copy of the data can be examined using a number of computer forensics software programs. And while Koenig says these are essential tools for cybercrime investigators, he’s not a big fan of what he calls “plug-and-play forensics,” arguing that computer forensic examiners need to know much more about what they are doing than just how to use a software application.

This is one reason why many agencies and even cybercrime task forces send their forensics work to outside experts. Another reason is that computer forensics requires money for hardware.

For example, if you take down a child pornography ring selling high-res video and images, you’re going to need a fast computer with lots of memory and imaging software to catalog all of the evidence. Also, you can’t just have one type of computer. Your agency may have only Windows platform systems, but if you are investigating a credit card fraud suspect who uses a Macintosh, you’re going to need a comparable Mac and Mac software to examine his or her hard drive.

Foreign Connections

Despite the challenges presented by cybercrime and a public perception that most computer criminals never get caught, cybercrime investigators say they have more success than people might think.

Koenig argues that Internet crime can sometimes be easier to track than actual physical crime. “If you take a false check into a bank and the security camera is not pointing at you when you pass it, then there’s no trail to you. But you can’t do anything online without leaving a trail. You can try to spoof that trail and make it harder for me to track you, but on the Internet there’s always a trail,” he explains.

Unfortunately, the Internet is a global communications system and often the trail of a cybercriminal leads to Russia, a former Soviet Republic, or to Africa. And that complicates an investigation.

But it doesn’t make it impossible. Levine says many cases have been successfully prosecuted overseas, especially in Russia. “Russia has actually been very good at cooperating on cybercrime cases,” he says.

Other overseas havens for cybercriminals have been less cooperative. “We are less likely to see cases come to successful resolution when they do end up in an African country or one of the former Soviet republics,” Levine admits. “But we are seeing increased awareness and cooperation.”

And that cooperation with Nigeria and Belarus may not be as critical as some people think. Koenig argues that the majority of cybercrime is really made in the U.S.A., regardless of the perpetrator’s country code.

“The majority of the bandwidth is still in the United States,” explains Koenig. “Let’s say you want to set up a site that sells child porn. You can go to Kosovo or Belarus and hide from the law, but they have very few Internet connections, and what they do have is very expensive and not very fast. It’s hard to hide like that and be in business.”

Stone Walls

Because of help from foreign governments and because foreign investigations often curve back to the United States, an investigation that leads overseas is not a dead-end. But there are some cases that run smack into a stone wall.

Cybercrime investigators are understandably hesitant to tell people how to get away with criminal acts on the Internet. But they will divulge that the best way to get away with a computer crime is to be lucky enough to have the evidence of your act disappear.

“The only time I come up against a stone wall and have no place to go is when the ISP logs have expired,” says Koenig. “But if the logs are there, then 99 percent of the time I will get you.”

It is, of course, the other one percent of cases that fascinates the public and is the stuff of movies and TV. But do supersmart cybercriminals really exist?

Absolutely, says Kelly. “If a suspect is really smart and knows the Internet and knows the various ways around being identified, it makes it extremely difficult and, in some cases, impossible to catch him.”

Kelly quickly adds, however, that such cases are extremely rare. “There are not that many people out there who are technically savvy enough to know the ins and outs of covering up the trail,” he says.

«   Page 2 of 2   »

Tags: How-To Guides, Cybercrime, Child Pornography, Investigations


Comments (10)

Displaying 1 - 10 of 10

new learner @ 11/11/2011 9:16 AM

Well i m working on a live case which is abt some money its a cyber crime

and this knowledge is very much nice for learner good one and plz provide me some more information plz

ladu.jackson @ 4/25/2012 10:30 AM

i need to know cyber crime work, its importance, how to carry cyber crime investigation and how to implement cyber crime in a developing country, some evidence of cyber crime investigation

BAFANA LEPOTA @ 10/5/2012 3:09 AM

GOOD JOB

louis @ 10/22/2012 2:16 AM

Id love to an investigator

don fox @ 7/26/2013 2:37 AM

my colleague at work and my son some 8000 miles and my wife have received maliceous e mails about me from a false e mail address. these accusations are so bad it has caused a break up of our marriage, AND they are all false

don fox @ 7/26/2013 2:40 AM

How can i track this person . one email from a non existing Yahoo acount , another who have used a large company in states and another ( same person ) from the netherlands

US. (INDP) AGENT:TK, STRI @ 3/20/2014 7:57 PM

Not at this point and time!......

Lyn @ 3/28/2014 9:59 AM

Been harrassed for 3 months now, emails constantly accessed, had to request new PW for mails, credit card, ebay. etc. opend new e-mail but mysteriously closed. Cellphones accessed & controlled with security pin . Calls can be cut or re-routed. My no. was even changed but provider has no explaination. Frustrating, what advice do you have for this. Law enfrcement says "no economic loss" so no help yet!

WILLINGTON @ 8/14/2014 2:23 PM

I AM A DETECTIVE IN GHANA POLICE SERVICE AND CURIOUS TO BE AN EXPECT IN CYBER CRIME INVESTIGATIONS.THIS IS GOOD BUT I NEED MORE.

ramkumar bista @ 9/19/2014 1:28 AM

been im facebook user and in my friend facebook he receive bad massage regarding my wife continously change name and id and send bad message.how can i catch that person?he send message to my friend taking name of my wife but he dont send me any message.please help me to catch that person.his name in facebook sometime sudip rai,sometime gopal rai and some time in this same way other name but the personm is whoever but same.plz send me clue by mail to catch that name

Join the Discussion





POLICE Magazine does not tolerate comments that include profanity, personal attacks or antisocial behavior (such as "spamming" or "trolling"). This and other inappropriate content or material will be removed. We reserve the right to block any user who violates this, including removing all content posted by that user.

Other Recent Stories

Cyber Terrorism: Preventing Online Assault
Hackers constantly target law enforcement. Whatever the intent, with our dependence on...

Get Your FREE Trial Issue and Win a Gift! Subscribe Today!
Yes! Please rush me my FREE TRIAL ISSUE of POLICE magazine and FREE Officer Survival Guide with tips and tactics to help me safely get out of 10 different situations.

Just fill in the form to the right and click the button to receive your FREE Trial Issue.

If POLICE does not satisfy you, just write "cancel" on the invoice and send it back. You'll pay nothing, and the FREE issue is yours to keep. If you enjoy POLICE, pay only $25 for a full one-year subscription (12 issues in all). Enjoy a savings of nearly 60% off the cover price!

Offer valid in US only. Outside U.S., click here.
It's easy! Just fill in the form below and click the red button to receive your FREE Trial Issue.
First Name:
Last Name:
Rank:
Agency:
Address:
City:
State:
  
Zip Code:
 
Country:
We respect your privacy. Please let us know if the address provided is your home, as your RANK / AGENCY will not be included on the mailing label.
E-mail Address:

Police Magazine