U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

How to Investigate Cybercrime

NCJ Number
203147
Journal
Police: The Law Enforcement Magazine Volume: 27 Issue: 11 Dated: November 2003 Pages: 18-20,22
Author(s)
David Griffith
Date Published
November 2003
Length
4 pages
Annotation
This article describes the investigation of cybercrime.
Abstract
Just about every major municipal or county law enforcement agency in the United States now has a new breed of detective: the computer crime or cybercrime investigator. The Internet and the Worldwide Web have become so prevalent since 1995 that they have altered almost all fields of human endeavor, including crime. Computer crimes include distribution of child pornography, credit card fraud, industrial espionage, harassment, breaking and entering (hacking), solicitation of prostitution, conspiracy, child molestation (traveler cases), malicious mischief, and property destruction (viruses). There are some basic skills needed to become a cybercrime investigator, including a thorough understanding of how the technology works. The typical cybercrime investigation begins like most other investigations with a citizen complaint. The first step is to find the Internet protocol (IP) address of the individual that defrauded the citizen that filed the complaint. An IP address is a series of numbers and letters that is attached to every piece of data that moves on the Internet. Big dot-com companies like Web auction sites have their own security specialists. The next step is to work with the company’s security people to gain access to the IP address of the Internet Service Provider (ISP) used by the person that set up the bad auction. The ISP is a subscription service that grants the user access to the Internet. ISP's have records of everything a subscriber does on the Internet. One of the most important weapons in a cybercrime investigator’s arsenal is a letter requesting that the ISP preserve the data until the investigator can secure a subpoena, warrant, or court order requiring the ISP to turn over its records. The investigation is likely to involve another agency. After a suspect’s computer and various hard drives have been seized, it is time for the computer forensic specialist to make a “true copy” of the hard drive. The true copy of the data can be examined using a number of computer forensics software programs. Some investigations can lead to overseas, which complicates the investigation.