Cyber Crime Investigation is a broad term in the investigation community. Cyber crimes can be as simple as password stealing, phishing schemes, or as complex or cruel as child exploitation, human trafficking, and ransomware attacks. The tactics investigators use to catch the suspects involved can vary based on the type of cybercrime committed. Before investigating, there are still a few key steps an investigator must take to ensure they gather and analyze all the evidence correctly.
The first step in the investigation is to assess the crime [2]. You need to know what exactly happened. This is a great part to ask the rudimentary questions: “Who, what, where, why, how, and when?” This will give you the opportunity to gather surface-level information that will help you prioritize your resources and time in the right direction. After you answer all the questions you can above, you should have an idea of what tools you need to use to find the evidence.
Next, you will need to follow the proper procedure to collect the evidence. The proper procedure is usually already established by a proper investigating supervisor or department officer [2]. The reason procedure is important is to ensure that evidence is collected in the correct order and does not get lost in the chain of custody. You do not want a suspect’s counsel to poke holes in your case and claim that the evidence was acquired illegally before it even gets to trial because the evidence was not collected or handled correctly. Depending on the tools you have, you will either be able to collect the evidence from a device or have to bring the entire device to a lab to have analyzed in later steps. You may also need to acquire proper warrants or court orders to look through these devices in this stage.
Next, you will have to assess the evidence that you have at the scene [2]. You may have a variety of different devices and now it is time to discover if these devices and laptops are important to solving your case. This is also where you decide the type of evidence you have on these devices that will help solve the crime and convict a suspect. With that being said, you may also need to follow certain steps set before in the procedure part to make sure that evidence is collected and cataloged.
After the assessment of the evidence, you are ready to decide what it would take to commit this crime or show evidence [2]. For example, financial crimes would require analyzing email transfers, and artifact detection. Therefore you would perform eDiscovery to find these traces. You would also decide where on a computer or mobile device where this might be hiding and focus your tools to extract the evidence on that software or mobile app. Once you assess and collect the memory and files from a device you can move on to the next step, Evidence Examination [2].
In this stage, you analyze the evidence collected and start using custom search profiles to expose more detail and make better connections to the crime. A search profile would also be useful to be drafted in the assessment stage to help the case process faster. This is also the stage when you start collaborating with the prosecution team to start building the case in court and subpoena more evidence if needed. This also is when you start explaining what this means to the prosecution and begin the last stage, the reporting phase [2].
Reporting is very important because this is what the prosecution will be working with to convict a suspect. So in this stage, you are processing very complex information and analysis that only an experienced forensic scientist would understand and put in a format a prosecutor can use to file charges against an individual. All ADF Tools come with a reporting feature that shows the validity of the evidence as well as putting it in an easy to comprehend format.
Request a trial license today!