In an increasingly globalised and connected world, cybercrime is becoming more and more prevalent. We explore the basic steps involved when conducting a cybercrime investigation, as outlined by the Law Enforcement Cyber Center.
Assess the Situation
As with a traditional crime investigation, the relevant law enforcement officials must first identify the specific elements of the crime that has been committed, and determine whether the laws in their jurisdiction support prosecution. With rapid technological developments, it is possible that current laws may not sufficiently cover a specific offence.
Conduct the Initial Investigation
The authorities investigating cybercrimes should still ask the types of questions that would be asked in traditional criminal investigations, such as:
- What crimes were committed?
- When were the crimes committed?
- Who are the potential suspects?
- What jurisdictions are involved?
- What evidence is there to collect? Is this evidence physical, digital or both, and where might it be located?
Secure Devices and Obtain Court Orders
In many cases, investigators may seize electronic devices without a warrant, but must obtain a warrant in order to conduct a search on the device(s). Multiple warrants may need to be obtained if a particular device is connected to multiple crimes.
Digital Evidence Considerations
Digital evidence can make cybercrime investigations particularly challenging for law enforcement officials. The evidence may be encrypted, protected or stored in the cloud. Data may be distributed over different services, providers, locations and often jurisdictions. It is likely that various law enforcement agencies will need to collaborate in order to pool the various expertise required to effectively carry out the investigation.
Law enforcement may request user information from an Electronic Service Provider (ESP). This may involve obtaining a Court order to compel the ESP to provide the relevant information, and in some cases an agreement that the ESP will not inform the user that their information has been provided to law officials, as this may compromise the investigation.
While cybercrime investigations share many similarities with typical criminal investigations, the introduction of digital evidence can present further challenges for law enforcement officials. Collaboration between various agencies, potentially across multiple jurisdictions, may be required in order to conduct an effective cybercrime investigation.