Cyber Crime Investigation is the collection, analysis and
Investigation of digital evidence and cyber trails.
These digital evidence and cyber trails may be found in
Computer hard disks, cell phones, CDs, DVDs, pen drives,
Computer networks, the Internet etc.
Digital evidence and cyber trails can be hidden in pictures
(stenography), encrypted files, password protected files,
deleted files, formatted hard disks, deleted emails, chat
Digital evidence and cyber trails can relate to online banking
fraud, online share trading fraud, source code theft, credit card
fraud, tax evasion, virus attacks, cyber sabotage, phishing
attacks, email hijacking, denial of service, hacking, divorce
cases, murder cases, organized crime, terrorist operations,
defamation, pornography, extortion, smuggling etc.
The following are the steps to be taken and points to be borne
in mind by the investigating officer.
Let us take the example of the suspect computer or computer
systems present in an organization.
- The officer should have some members of a police team
with him. They will assist him in maintaining order
while the investigation is being carried out.
- The team of experts should be prepared (with the
required tools) for conducting any kind of examination
on the suspected systems.
- On reaching the scene of investigation, the police
officers should seal the entrances and exits to the place.
- They should ask the employees of the organization to
move away from their machines. If possible, the
employees should be made to gather in a room where
no machines are present.
- The employees should be retained till their statements
(if required) have been taken.
- The fingerprint experts should gather any fingerprints
available from the machines, which are to be
investigated. This may, at times, assist in revealing the
person(s) who have used a computer. The results of the
fingerprinting exercise can then be compared with the
access control policy of the organization to verify
whether any unauthorized access has taken place.
- The computer experts should locate all the important
servers and also understand the layout of the network.
They should also make a chart of the network. At times,
this assists in understanding the path for the flow of
- There should be regular and meticulous documentation
of every step being taken. This will prove invaluable
while proving the authenticity and accuracy of the
investigation in a court of law.
Reference : www.google.com
Author : cialfor
Updated : 9/26/2016