Criminal investigation has a whole new frontier to conquer with cyber technology. All aspects of the investigation process include new challenges which require a totally new breed of experts. These experts would be the modern day versions of Sherlock Holmes, the anti-malware researchers. Cyber crime investigation begins with the work that these experts do.
The Objects of the Investigation
Intensive investigations are usually called for when there is a cyber attack that does a lot of damage. Most of these would be denial-of-service attacks which target websites that provide business services such as payments, online purchases or banking.
Such an attack usually means the website has been bombarded by an extreme volume of service requests. These requests come from compromised PCs which have been infected by bots, automated software programs that can execute certain process upon orders from a control center.
Computers can be infected with malware (malevolent software) which can come in the form of spyware, adware, rogue security software, Trojan horses, root kits, keyloggers, computer viruses, worms, ransom ware, and dialers.
Types of Investigations
There are four basic types of investigation done by digital forensic experts. Like all investigations, these are subject to legal restrictions if they are to hold up in court. This may seem strange to the ordinary lay person but when investigations start, forensics experts often need to coordinate with law enforcement to do everything by the book. There are times when controlling a botnet (a network of compromised computers) necessitates getting permission from a court of law.
The purpose of intelligence investigation in cyber crime is to identify, track and stop criminal activity. There is some leeway in terms of soundness of evidence when this is done merely for intelligence purposes since speed is often of the essence. At the same time, it may not be incumbent upon the forensics team to present evidence to court; the main goal may be to provide the information needed to begin an actual investigation.
The purpose of criminal forensics in cyber crime investigation is to extract data, produce reliable evidence and present this in a way that can be understood by the court and lay people. Criminal forensics is typically part of a larger law enforcement investigation. This is done in collaboration with other specialists and the resulting reports are usually submitted to court as expert evidence.
Electronic discovery (eDiscovery) is similar to criminal forensics in that it is also conducted in order to extract data and produce reliable evidence. However, the big difference between the two is that the process is often undertaken in relation to civil law.
There are distinct legal restrictions imposed on the performance of electronic discovery, particularly in terms of the scope that the investigation may cover. These legal restrictions often come in consonance with other laws such as those that protect privacy and human rights.
A fourth form of investigation in cyber crimes is the intrusion investigation. This is usually brought about by a complaint or a request to verify if some attempt is being made to intrude into a network or a hacker is trying to steal some confidential data. The intrusion investigation focuses on finding out what entry point has been used by the attacker. It also tries to determine the scope of the attack and how to diminish any impact such attack may have had.
Unlike other investigations which mostly occur after the fact, intrusion investigation is conducted in real time which means the forensic experts try to determine point of entry as the attack is going on and when they do this, they need to work skillfully with network forensics.
The Scope of Investigation
Today, Internet connectivity has increased exponentially since devices other than PCs have acquired access to cloud technology with its applications and networks. Technological progress has become a double-edged sword that has widened the scope of cyber crime investigation and the public can only hope that forensics will prove equal to the challenge.