How do cybercrime investigations begin

On Behalf of | Sep 30, 2020 | White Collar Crimes |

Connectivity is part of everyday life, whether it happens through the use of a computer, a cellphone or some other kind of handheld device.

The constantly evolving technology has allowed cybercrime to flourish. How do agents go about investigating crimes that occur online or on various devices?

Retrieving the data

If the alleged crime is internet-based, an investigator begins with locating the internet protocol or IP addresses. An IP address contains a series of numbers and letters that attach to data that moves through the internet. To obtain the IP address, the investigator serves an Internet Service Provider with a warrant, subpoena or court order. The IP address will disclose the name of the owner, the associated domain name, email addresses, geolocation and local service provider.

Protecting the data

If a cellphone or other handheld device contains the information the investigator needs, the item will likely go into a Faraday Bag. Once sealed, this unit prevents the receipt of signals. Made of multiple layers of metallic material, the protective Faraday Bag is useful if the data in the device is to serve as evidence in a court case.

Examining the data

The investigator can examine data once a lock is installed on a copy of the data to allow for manipulation and viewing. To see as much data as possible, the investigator matches extraction software to the make and model of the device, which might also contain traces of fingerprints or DNA evidence. The data might reveal website information, email messages, internet chat room participation and more.

Building a defense

Once an investigation is completed, the prosecution for a cybercrime can move quickly, requiring a solid defense strategy built on a deep understanding of this unique kind of criminal offense.