When individuals choose to break laws in cases where computers and digital means are involved, real people experience the negative results. Today, crime scene investigators must work together to develop a targeted and effective means by which to capture cybercriminals and ensure that justice is served to the fullest extent defined by the law. As the program manager of Catch Them Now Enterprises, it is my job to outline in detail the most important legal and technical responsibilities in computer crime scene investigation in order to ensure a smooth process. The following directive applies to new workers at Catch Them Now and outlines standard operating procedures in the course of daily work. Together, we will work to investigate in a comprehensive manner that respects the law and gathers evidence.
First, workers implementing the standard operating procedure will take into consideration all significant legal requirements. Over the past twenty years, advocates of the law have played from behind to catch up with criminals who take advantage of people by electronic means. Today, crime scene investigators must stay up to date with current laws as they continue to develop. One of the greatest difficulties with cybercrime comes from its somewhat effortless tendency to transcend international boundaries. When a virus originates in the Philippines, for example, and infects millions of computers around the world, care must be taken to collaborate delicately with authorities in the host country.
Each country will deal with cybercrime under a different set of regulations. Once a foreign IP address is identified, take care to examine what laws relate to cybercrimes in that region of the world. For example, as one of the world's most populous and connected societies, India employs specific measures under the Information Technology Act of 2000 providing express punishment for a variety of offenses (Sundaram et. al, 2011, p. 12). Punishable crimes include the hacking of email and computers, fake social profile accounts, cyber pornography, the theft of program source codes, digital piracy, phishing, the transmission of viruses, web defacement of organizations, terrorist activity, credit card and online trading fraud, and forgery, among others (Sundaram & Umarhathab, 2011, p. 2-10). Punishable malicious content in India may not have precedent in other parts of the world. When working through legal matters where an obvious offense is concerned but no legal precedent exists, investigators will have to find creative ways to proceed with cases if they wish to bring criminals to justice.
Secondly, technical procedures must be taken into consideration when investigating electronic actions that have broken the law as technology continues to evolve. In a digital world with constant software updates, nothing short of the most current understanding of criminal possibilities will suffice in a continued effort to pursue justice. When entering the room of a suspect for the first time, certain protocols must be followed. Following the eight steps outlined below as proposed by Johnson (2006) will go a long way toward ensuring that evidence is properly gathered and analyzed (p. 12-13). First, the perimeter of the scene must be closed off so that unauthorized personnel cannot get in. Secondly, ensure that people on the scene do not touch things, especially computers. Confirm that devices that could be in communication are isolated (i.e. Wifi, Bluetooth) from each other. Analyze the hardware involved and determine if expert assistance will be necessary for processing the data within.
In cases where computers are left on, specific precautions must be taken to avoid data loss as much significant data could be lost quickly if the wrong button is pushed. If important information is displayed on the screen as it is found, photograph it. Use a videotape to document the investigation as well as scene sketches. Label all external devices (cables and cards) connected to the computers. When removing stand-alone computers, directly unplug them along with any LAN cords from the power source and router so that any overwrite scripts do not have the opportunity to alter the contents of the hard drive. In the case of a server, however, do not directly unplug it unless you have the qualifications to work within a network environment. Perform a thorough search for manuals or pen drives that may be lying around the periphery.
The collection of fingerprints is an ordered process. First, search for traces of DNA evidence on the computer. In the collection of fingerprints, do not dust until forensic science processing of the computer and its internal components is complete. Take care to ensure that no aluminum-based powder is used on the computer in order to avoid causing any potential electrical interference. This three-step order will ensure proper data collection.
Secure transportation of evidence plays a crucial role in the process of investigation. Place evidence tape over CD drive openings with content that will be confiscated later on. When disassembling, packaging, and transporting items offsite, pay special attention to environmental conditions of temperature and humidity and take cautious measures to protect sensitive equipment. As far as modes of transportation, do not place electronic materials in the hatch of a vehicle that uses CB communication in order to avoid radio-wave interference. When placing evidence in storage, ensure that the items are secured away from areas where electromagnetic interference is remotely possible.
At Catch Them Now Enterprises, officers are expected to legally investigate exactly under what statutes and in what countries a crime may be prosecuted. When gathering data, they cannot afford to be sloppy; such detailed behaviors remain imperative for success in the field. By taking care to examine grounds for prosecution for all suspect parties involved and follow protocol with a thorough analysis of crime scenes, Catch Them Now Enterprises can make a global impact in the fight against cybercrime.
Johnson, T. A. (2006). Forensic computer crime investigation. Boca Raton: CRC, Taylor & Francis.
Sundaram, P. M., & Umarhathab, S. (2011). Cyber crime and digital disorder. Tirunelveli, Tamil Nadu, India: Manonmaniam Sundaranar University.