Cybercrime and Computer Evidence

Jul 26, 2011
James Vassallo

The ease of the Internet does not always keep its users safe. - Wikimedia Commons

As the Internet continues to explode, more and more criminals are using technology to commit crimes against others.

Cybercrime has become an all too common form of crime in the 21st century as technology continues to grow and expand into new outlets. These new and not so new outlets (email, Facebook, MySpace, Twitter and AIM) are a breeding ground for predators on the Internet. Another hot spot for crime in cyberspace is Craigslist. A myriad of scams have been uncovered on Craigslist that jip people out of money for services never rendered or for products never received. Law enforcement agencies across the country now have to monitor not only what occurs on the streets of their town or city but also what occurs on the Internet. Police officers have long been posing as young adults on the Internet to catch child predators in their attempt to lure children from their homes. Cybercrime is defined as criminal activity where a computer or network is a tool, the source, the target or the place of a crime. Some forms of cybercrime include child pornography, hacking, child grooming, scams and copyright infringement. Other cybercrimes include:

Tampering with the computer source code or computer source documents
Hacking
Publishing, transmitting or causing to be published any information in the electronic form which is lascivious.
Securing access or attempting to secure access to a protected system
Breach of confidentiality and privacy
Publication of digital signature certificates for fraudulent purposes

Cybercrime is such a wide area of crime that it also includes phishing, fraud, identity theft, cyber stalking, malware and malicious code, viruses, hate crimes and cyberbullying. As with all other crimes committed in the United States, cybercrimes can lead to lawsuits and court appearances if and when a person is arrested and accused of committing a cybercrime. When a cybercrime is committed, law enforcement officials working the case can legally take away the computer used for the cybercrime if a search warrant or subpoena is obtained so it can be investigated and submitted as evidence in the case.

Determining A Cybercrime

With the continued advent of the Internet, people across the country and the world can communicate with each other in a matter of seconds while also paying bills, purchasing gifts, or sending their family money if need be. As more and more people become connected to the Internet, more and more criminals will prey on them and commit cybercrimes. Committing cybercrime can be easier than committing crime on the streets because with cybercrime criminals don’t even have to leave the comfort of their own home. As mentioned earlier, police departments across the country are establishing cybercrime units in their departments to cut down on the amount of cybercrime activity in their town or city. The factors used in deciding which cybercrimes will be monitored by the police are as follows:

The extent of harm: the crimes committed on the Internet that contain violence, especially towards children, tend to receive the most attention from police officers across the country.
Frequency of occurrence: the crimes committed most frequently receive more attention from law enforcement than cybercrimes that occur once every year or so.
Availability of personnel: if a crime can be investigated by one or two detectives that crime will more than likely receive more attention than a crime that would take an entire operation to investigate.
Training of personnel: if investigators aren’t trained to investigate certain cybercrimes than those crimes won’t receive attention from law enforcement.
Jurisdiction: law enforcement agencies typically focus their resources on cybercrimes that affect their local citizens.
Difficulty of investigation: the likelihood of a successful outcome helps to decided whether or not a cybercrime will be investigated or will receive attention from law enforcement.
Political factors: if local politicians are always pushing for the investigation of certain cybercrimes then those crimes will be investigated much more often than other cybercrimes.

When a cybercrime has been committed and a suspect has been detained and charged by local or federal law enforcement personnel, the computer of the suspect will be taken by the law enforcement officials to be investigated regarding the case. One question that always arises is how can information be retrieved from a computer if it has been deleted? For the most part, the answer is quite simple; information deleted from a computer really isn’t deleted. That does sound contradictory but it’s true. Investigators, ones specifically trained in computer forensics, are able to retrieve deleted information from a computer.

This process is simple, at least for a computer forensics investigator, and it includes the computer’s operating system. The operating system of a computer uses a directory that contains the name and placement of each file on each drive that is on the computer. When a file on one of the drives is deleted, a file status marker is set up to show that the specific file has been deleted. Then, a disk status marker is set to show that the space on the drive is now available for another file to take its place. The user of the computer can now no longer see or obtain the file that he or she just deleted. Nothing has actually been done to the file itself. The new space, made available by the deletion of the original file, is now referred to as unallocated space. As long as the free space is not overwritten by another new file, the computer forensics investigator can retrieve the file in its entirety. The file can be overwritten with the installment of a new program and if this happens the original file cannot be retrieved in full, only in parts, by forensics investigators.

Use of Computer Forensics

Hidden information, which typically cannot be found by an everyday computer user, can be accessed by a computer forensics investigator. These investigators can access information such as websites visited, emails sent and received, financial Internet transactions, documents, letters and photographs that have been created, edited, and deleted on the computer. One of the ways that investigators uncover where a computer user has gone when on the Internet is by examining their cookies. Cookies are files that track where a computer user goes on the Internet, what websites they visit, and how often they visit those sites. Cookies can be deleted by a computer user if they are conscientious of them and know how to delete them or change their location but most computer users do not know about cookies.

Once a search warrant has been filed with the court, law enforcement officials can begin browsing through a suspect’s computer and all of the files on the computer. The evidence that can be presented in court depends on what the suspect has been charged with in connection to a cybercrime. If the crime involves fraud or financial scams than anything found on the computer that is information pertaining to another person such as other people’s financial records can be used in a court of law. If the crime involves child pornography than any pornographic pictures of minors found on the computer can be submitted as evidence as well as the list of websites that the suspect could have visited, especially if the websites include child pornography photos.

The 2006 Internet Crime Report released the following statistics regarding cybercrime in the United States:

In 2006, the Internet Crime Complaint Center received and processed over 200,000 complaints.
More than 86,000 of these complaints were processed and referred to various local, state, and federal law enforcement agencies.
Most of these were consumers and persons filing as private persons.
Total alleged dollar losses were more than $194 million.
Email and websites were the two primary mechanisms for fraud.
Although the total number of complaints decreased by approximately 7,000 complaints from 2005, the total dollar losses increased by $15 million.
The top frauds reported were auction fraud, non-delivery of items, check fraud, and credit card fraud.
Top contact mechanisms for perpetrators to victims were email (74%), web page (36%), and phone (18%) (there was some overlap).

Cybercrimes continue to become a major problem in society as technology continues to develop across the country and the world today but law enforcement agencies across the country are creating their own cyber task forces to monitor the goings on of Internet criminals, including drug traffickers, sexual predators, stalkers, scam artists and many more. Police officers are posing as normal, everyday citizens to monitor and catch these cyber criminals to protect civilians from scams and crimes that can lead to serious bodily injury or even death.