Cyber crime investigation is that the process of studying a digital crime, its impact and other details to spot the source and perpetrators of the attack and prove their guilt. It involves the painstaking collection of clues and forensic evidence, analysis of the evidence, reconstruction of the incident and presentation of the evidence in such how that it’s admissible during a court of law.
As the crime is digital, it’s inevitable that there’ll be a minimum of one device found during the investigation, be it a computer, a telephone , a printer, or a fax machine. Skilled investigators should analyze such devices with utmost caution and care, as they’ll be of critical importance for the investigation and reveal valuable evidence to assist solve the case.
Therefore, the investigator must perform the forensic analysis of the knowledge contained within the device and present it during a manner suitable for a court of law.
Types of approaches to manage cyber crime investigation include:
- Civil
- Criminal
- Administrative
These sorts of approaches have different processes like collection of knowledge , analysis, and presentation supported the sort of case.
Civil cases involve disputes between two parties, which can include a private versus a corporation , a private versus another individual, or a corporation versus another. They relate to violation of contracts and lawsuits, where a guilty verdict generally leads to monetary damages to plaintiff. Criminal cases include crimes that are considered harmful to the society and involve action by enforcement agencies against a corporation , individual or group of people in response to a suspected violation of law. A guilty outcome may end in monetary damages, imprisonment, or both.
Criminal Cases:
As criminal cases involve actions that are against the norms of society, the burden of proving the accused guilty lies entirely on the prosecution.
Civil Cases:
Civil cases involve a plaintiff and defendant, wherein the plaintiff registers the case and is liable for the burden of proof, while the authority hears both parties and passes the judgement supported the evidence presented.
ALLEGED RAPE The Case:
An attorney who was representing an area university student who had been accused of rape needed forensic expertise to prove his client’s innocence. it had been told that the accused met another student at a celebration and had sex together with her after the event within the accuser’s car. The accused also stated that they continued to ascertain one another after the alleged rape for several days, attending an equivalent events and exchanging emails and text messages. The accused stated that after he informed the accuser that what had happened a couple of nights earlier wasn’t the start of a relationship but was rather just a 1 nightstand, she didn’t react well and was extremely angry. a couple of weeks later, she reported to the university police that she was forcibly raped by the accused. He subsequently was arrested and charged with rape.
The Investigation:
If the accused were telling the reality , the key evidence would be found in his mobile and email. The accused stated that he had deleted emails and text messages and that they were not available. Forensic team instructed the counsel to right away send a “preserve records” letter to the e-mail service provider. The letter had the required information on the way to write and serve the letter, also as helping him with drafting the writ to be signed by the presiding judge. Meanwhile, the team started investigating mobile of the accused. If was an iPhone, the team made a physical forensic image of it and analysis of the image revealed numerous deleted text messages, which clearly showed the incident, was totally consensual. About 100 deleted text messages were recovered, exchanged after the alleged rape happened where she was pertaining to the event as “a magical experience,” “one of the best nights of her life,” etc. This proved to be evidence evidence of his innocence
The Result:
When report was presented to the prosecutor, ail charges against the accused were dropped.
THEFT OF INTELLECTUAL PROPERTY: FORTUNE 100 COMPANY CLEARED OF WRONGDOING
The Case:
The chief legal counsel of a Fortune 100 Company approached forensic team, stating that a replacement high-level executive that they had recently hired was accused of misappropriating his previous employer’s property . A lawsuit was filed in another state by his previous employer seeking an injunction on all activities of the firm involving the division where the chief lead. The client stated that court documents were alleging that, before his departure, the chief had copied the plaintiff’s trade secrets to an drive and had emailed on the brink of 100 critical documents to his personal Yahoo email account.
Related Product : Computer Hacking Forensic Investigator
The Investigation:
Forensic team seized all home and business computers, email accounts, and auxiliary storage devices of the newly hired executive. The plan was to require custody of all misappropriated trade secrets and return them to the plaintiff. Client’s attorneys briefed the judge on the actions forensics team had taken. They informed the judge that, immediately after being made conscious of things , they retained Cyber Diligence, Inc., which focuses on theft of property investigations, and followed recommendations on their response plan.
The Result:
The judge denied the appliance of injunction stating that as a results of the fast and decisive action of the defendant (our client); the plaintiff didn’t suffer any actual damage and proceeded to instruct Cyber Diligence to isolate the executive’s personal data from the info that clearly belonged to the plaintiff. The case was closed with a minimal impact on our client’s operations.
Administrative Investigation refers to an indoor investigation by a corporation to get if its employees, clients and partners are abiding by the principles or policies. Most organizations limit administrative investigations to staff members, while some include partners along side corporations and individuals linked to the organization.
• Involves workplace or government performing inquiries to spot facts with regard to its own management and performance
• Non-criminal in nature and associated with misconduct or activities of an employee that has but aren’t limed to:
- Violation of organization’s policies, rules, or protocols
- Resources misuse or damage or theft
- Threatening or violent behavior
- Improper promotion or pay rises
- Corruption and bribery
- Sexual Exploitation, harassment and abuse
• Any violation may end in disciplinary action like demotion, suspension, revocation, penalties, and dismissal
• For situations like promotions, increments, transfers, etc. administrative investigations may result in positive outcomes, like modifications to existing policies, rules, or protocols Banking, Corporate Fraud SOX Auditing
The Case:
A medium size, publicly traded bank had skilled a series of transitions, culminating during a new Board of Directors and, due to new regulations within the financial industry, an independent Auditing Committee. The Auditing Committee charged certain officers of the Bank with engaging in suspect activities associated with particular Bank expenses that were either hidden or “lost” from the purview of the traditional Banks accounting practices. an outsized firm was hired to audit certain activities by officers of the bank. During the investigation, the auditors needed to look at several computer systems employed by certain Bank employees.
The Investigation:
The firm retained GDF’s digital forensic examiners to perform examinations of the Bank’s digital assets. GDF focused its initial examination on particular desktop and network systems employed by the suspect employees. Its examiners performed digital forensic analyses on those systems while simultaneously examining data supplied directly from the Bank’s IT department regarding internal network and Internet related activity of these suspect employees.
The Result:
Using the digital artifacts GDF collected during a forensically sound manner from the systems it investigated, the Bank’s Auditing Committee was during a better position to seek out that certain Bank employees had violated Bank policy and possibly certain federal regulations regarding actions by officers of public corporations. within the end, the Bank saved a huge amount of cash and time by having the digital evidence to use in finalizing the problems associated with the investigation and was ready to make important deadlines with regards to certain SEC filings.
Computer crimes pose new challenges for investigators thanks to the subsequent inherent characteristics.
• Speed: Advancing technology and therefore the increasing speed of accessing data have boosted the alacrity of cybercriminals. Conversely, investigators require authorization and warrants before starting any legal procedure. This has resulted in an increasing number of cybercrimes, more than are often handled by the investigative authorities.
• Anonymity: Cyber criminals can easily hide their identity by masquerading as another entity or by hiding their IP addresses using proxies. Digital crimes also include cases where the attackers first steal the identity from an individual then use it to commit the crime.
• Volatile nature of evidence: Most of the digital evidence are often easily lost because it is within the sort of volatile data like logs, records, light pulses, and radio signals. The volatile data needs special tools to spot , gather, handle, interpret and present the info . Lack of such tools has become a challenge for the investigators.
• Global origin and difference in laws: The perpetrators can initiate a criminal offense from any a part of the planet , whereas the authorities have jurisdiction over domestic crimes only. only a few cyber laws are present that empower authorities of 1 jurisdiction to undertake perpetrators present in another distant jurisdiction. Lack of such laws helps the attackers avert prosecution albeit the authorities have strong evidence against them.
• Limited legal understanding: Many victims are unaware of the law violated during the incident and fail to defend their claim. Besides, the limited technological knowledge of some prosecutors also causes dismissal of the trial.
Other challenges include the failure of personal firms to report cyber crimes, lack of data and skills to tackle advanced attacks, giving undue importance to high-loss cases, failure to link different attacks, and lack of coordination between cyber crime and native authorities.
Questions related to this topic
- What are the different issues and challenges in cyber crime?
- How long do cyber crime investigations take?
- What are the primary challenges that law enforcement agencies face in investigating cyber exploitation?
- Why do you think it is so difficult to catch and prosecute cyber criminals?
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com
I really didn’t know these tips before which you have informed us through your helpful and informative article!! Thank you and keep sharing awesome stuff.