skip navigation


Register for Latest Research

Stay Informed
Register with NCJRS to receive NCJRS's biweekly e-newsletter JUSTINFO and additional periodic emails from NCJRS and the NCJRS federal sponsors that highlight the latest research published or sponsored by the Office of Justice Programs.

NCJRS Abstract

The document referenced below is part of the NCJRS Virtual Library collection. To conduct further searches of the collection, visit the Virtual Library. See the Obtain Documents page for direction on how to access resources online, via mail, through interlibrary loans, or in a local library.


NCJ Number: 203147 Find in a Library
Title: How to Investigate Cybercrime
Journal: Police: The Law Enforcement Magazine  Volume:27  Issue:11  Dated:November 2003  Pages:18-20,22
Author(s): David Griffith
Date Published: November 2003
Page Count: 4
Type: Policy/Procedure Handbook/Manual
Format: Article
Language: English
Country: United States of America
Annotation: This article describes the investigation of cybercrime.
Abstract: Just about every major municipal or county law enforcement agency in the United States now has a new breed of detective: the computer crime or cybercrime investigator. The Internet and the Worldwide Web have become so prevalent since 1995 that they have altered almost all fields of human endeavor, including crime. Computer crimes include distribution of child pornography, credit card fraud, industrial espionage, harassment, breaking and entering (hacking), solicitation of prostitution, conspiracy, child molestation (traveler cases), malicious mischief, and property destruction (viruses). There are some basic skills needed to become a cybercrime investigator, including a thorough understanding of how the technology works. The typical cybercrime investigation begins like most other investigations with a citizen complaint. The first step is to find the Internet protocol (IP) address of the individual that defrauded the citizen that filed the complaint. An IP address is a series of numbers and letters that is attached to every piece of data that moves on the Internet. Big dot-com companies like Web auction sites have their own security specialists. The next step is to work with the company’s security people to gain access to the IP address of the Internet Service Provider (ISP) used by the person that set up the bad auction. The ISP is a subscription service that grants the user access to the Internet. ISP's have records of everything a subscriber does on the Internet. One of the most important weapons in a cybercrime investigator’s arsenal is a letter requesting that the ISP preserve the data until the investigator can secure a subpoena, warrant, or court order requiring the ISP to turn over its records. The investigation is likely to involve another agency. After a suspect’s computer and various hard drives have been seized, it is time for the computer forensic specialist to make a “true copy” of the hard drive. The true copy of the data can be examined using a number of computer forensics software programs. Some investigations can lead to overseas, which complicates the investigation.
Main Term(s): Computer related crime; Evidence collection
Index Term(s): Computer abuse; Computer crime investigative Training; Computer viruses; Crimes against businesses; Fraud and abuse prevention measures; White collar crime
To cite this abstract, use the following link:

*A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's website is provided. Tell us how you use the NCJRS Library and Abstracts Database - send us your feedback.