Investigating, Researching and Gathering Evidence

Introduction  

The advent and proliferation of the internet as well as computerized devices, has changed the whole world including the criminal world. At the advent of computers and the internet, online crime was an extremely complicated affair with criminals committing cybercrime with abandon. Security experts were almost hapless in fighting cybercrime with governments and private entities being forced to reward online criminals with jobs in order to stem the tide (Brown, 2015). The era of computers has, however, come of age. Albeit cybercrime is currently higher than ever, cyber security and computer forensics are also an advanced science creating the ability to track down most cyber criminals. However, criminal law and procedure are about facts not truth and an investigator must understand that it is not just about knowing who did it but also the ability to prove it in a court of law. This term paper delves into the science of cyber crime investigation, based on a case study and focus on how to find evidence that can be admissible in a criminal case. 

The Data to be used in the Case 

The genesis of every criminal case, more so those against private citizens is a complaint. For a law enforcement agent to be involved in an investigation for suspected pedophilia, be it online or otherwise, there must be a complaint and a complainant. In the instant case study, the complaint relates to an individual who stalks minors online. The data to be used in tracking the suspect will be determined by the nature of the complaint. For example, if the complainant was approached via social media such as Facebook Messenger or WhatsApp, this will be the genesis of the case. If texting or email was used, this will be the genesis of the case. In online forensic investigations, research begins from the known to the unknown akin to algebra (Brown, 2015). The investigator will begin with the gadget or account through which messages from the suspect was received. The received information will give clues and leads as to where the information came from. Every computerized gadget in the world that can be used to communicate through the internet has a unique number referred to as the Internet protocol (IP) address. This is a combination of letters and number that is unique to the particular device. All data emanating from the device and onto the internet carries that IP number (Brown, 2015). The process of following up communication to find out where it came from is made possible by Email tracking technology. Email tracking keeps a record of online communication so as to communicate back when the communication has been safely delivered. This creates the possibility to follow up the trail of an online communication to its sender. 

Identity Theft and High-tech Crime Investigative Protocols 

Apart from the communication-based data, the investigation will also include investigation on a money trail. The services the suspect has been using are payable and payments have been made using stolen identity. This creates another set of data to be used in the investigation since finding out where the transactions were conducted can lead to finding the suspect. Identity theft entails when the personal information of an individual is used to make fake identification which is used to perform fraudulent transactions (Taylor et al, 2014). As indicated above, the first step is to follow the communication data to a licensed operator. The next step will be to find out who has been paying for the information. When a fake identity has been used to pay for services fraudulently, there is always the legal owner of that information. Fortunately, identity theft is done in individuals with a credit rating thus making it easy to track and contact. The real owner of the identity can identify the transaction legally performed which will separate the transactions that had been performed by the criminal. For example, a credit card for an individual in New York that has been used to pay for a wireless connection within a suburb in Texas that the owner is unaware of will connect the wireless connection with the identity thief. Investigating identity theft and high-tech crimes rely on trails through IP addresses (Taylor et al, 2014). The moment a fraudulent transaction has been tied to a device, uncovering the identity of the criminal becomes a high possibility.

Finding the Suspect 

The above provides two possible means of establishing who the online crime suspect is. Another factor that is as important as who the suspect is, is where the suspect is. Finally, it is also paramount to recover the specific computerized device that the suspect has been using (Brown, 2015). These create two possible investigative paths. These are finding the device and/or the suspect and uncovering the suspect’s identity. Whichever of the two succeeds first will enable the achievement of the other one. In cybercrime investigations, time is always of the essence. This is because most of the data necessary for investigations is held by a private organization who are not under any obligation to retain it. Further, criminals often change the computerized devices they use, more so when they suspect that investigations are underway (Taylor et al, 2014). The most effective way, therefore, is to take the two approaches contemporaneously. ISPs and social networks will mostly require a warrant to release information about transactions by their clients. Procurement of warrants take due procedure and require probable cause and this might take time within which the data may have been dumped by the holding entity. To avoid this, an official letter from the law enforcement agency to the company to hold the data pending procurement of a warrant suffices to have the data retained (Taylor et al, 2014). Whereas the letter is not legally binding, most internet based companies are as averse to crime as law enforcement and are willing to cooperate. Once the warrants are issued, the data can be accessed. This data can in most cases lead to the identification of the device used and exactly where in the world it was used. Obtaining a warrant or subpoena for the company to release customer information is another important aspect of the process. Warrants and subpoenas are issued by judges who are tasked with the combined obligation of assisting law enforcement and also protecting the right to privacy. To get a warrant of the subpoena, the officer needs to collect enough information to establish a prima facie case against the suspect. The information must also be shown to have been legally obtained, subject to standard procedure (Taylor et al, 2014). 

The second method which entails actually seeking to find the device and the suspect can be achieved through the use of General Packet Radio Service (GPRS) (Brown, 2015). This is a technology that identifies internet using mobile devices anywhere in the world with an accuracy rate of between 300 hundred meters and five meters. When each of the two approaches is done properly, one of them will lead to the arrest of the suspect. Finally, from the description of the case study, the suspect focuses on online pedophilia and therefore may not be in the same locality with the victim. The law enforcement officer ought to be prepared to liaise with law enforcement officers within and without the state. 

After Finding the Suspect

It is after finding the suspect and the device the suspect had been using singularly or severally that the most sensitive part of the investigation begins. Anyone can track down a criminal but bringing down a criminal takes the creation of a case that can be presented in a court of law. The understanding of the due procedure, rules of probable cause is fundamental. Further, understanding the laws and rules of collection of evidence, its storage, and chain of evidence is equally important (Chen, 2013). From a technical perspective, understanding the science of data retrieval is also crucial. Most of the data in the gadgets used by criminals will be deleted, defaced or encrypted. The first step is to use proper procedure to apprehend the suspect and confiscate the computerized devices. Each item must be properly identified, sealed and inventoried at the sight where it has been collected. Further, proper forms must accompany the devices when in transit and also where stored to ensure a proper chain of custody. With regard to data recovery, computerized systems have the random access memory chip (RAM) and the persistent memory. Most of the data in the RAM will easily be lost even through the continued use of the device (Chen, 2013). The data stored in the persistent memory is retained unless the memory chip is physically destroyed beyond repair. The recovery thereof is undertaken using standard and recognized recovery software programs. The program used and the procedures used for either recovery or breaking encryption must be properly documented by a qualified professional who shall be required to testify if the matter goes to trial. 

Conclusion  

It is clear from the foregoing that under the current internet and computerized devices dispensation, it is extremely difficult for an online criminal to get away with the crime. However, there is the necessity of a committed investigator. This investigator, however, needs to understand both the rules of standard procedure as well as how computerized devices work. Understanding computers from a technological perspective will enable the catching of the suspect. However, catching the suspect will be futile if the investigator does not understand the due procedure and the rules and regulations kindred to evidence in a criminal case. Among the most sensitive areas within the process is getting the cooperation of private internet companies as it requires a warrant or subpoena. This is the first real test on whether the due procedure has been followed and a case made or the entire activity was just an adventure. 

References

Brown, C. S. (2015). Investigating and prosecuting cybercrime: forensic dependencies and barriers to justice.  International Journal of Cyber Criminology ,  9 (1), 55-119 

Chen, B. (2013, March 13). Computer forensics in criminal investigations. Retrieved May 05, 2017, from http://dujs.dartmouth.edu/2013/03/computer-forensics-in-criminal-investigations/ 

Taylor, R. W., Fritsch, E. J., & Liederbach, J. (2014).  Digital crime and digital terrorism . New Jersey: Prentice Hall Press