SlideShare a Scribd company logo

Cybercrimes in cybersecurity Investigations.pptx

Download as PPTX, PDF
A
adnis1

Cybercrimes in cybersecurity Investigations.pptx

Internet
1 of 29
Lesson 9  Cybercrime Investigation
Introduction  An investigation is a patient, step by step inquiry or observation.  A careful examination, recording of evidence or a legal enquiry.  The word investigate is derived from the latin word vestigare meaning a track or trace.  This is easily related to police investigation.
Criminal investigation  Criminal investigation therefore is a reconstructive process that uses deductive reasoning to determine how a crime was committed. OR  It is a multi-layered effort that involves the study of facts presented by a criminal act or pattern of criminal conduct. OR  A logical process in which a conclusion follows from specific facts.  These facts are then used to identify, locate, and prove the guilt or innocence of a person or persons.  Criminal investigation is usually carried out by a law enforcement agency using all the resources available to the government, local, state, or federal, to discover, locate, or establish evidence proving and verifying the relevant facts for presentation to a court or other judicial authority
Criminal investigation  The facts discovered can become evidence and may involve statements from witnesses; documentary or photographic evidence; physical evidence, which are fruits of a crime; instrumentalities of a crime; incidental evidence; and logs, data, and details of analysis that show access to crime scenes.  It is the characteristic of any criminal investigation that aspects of the crime may manifest in a variety of ways.  Therefore, many criminal investigations rely heavily on a logical, organized process, but there are also aspects of crimes that derive from chaos and sheer luck of happenstance.  This unexpected development requires that criminal investigators be both flexible and purposeful in their approach.  For example, finding the suspects watch at the scene of a burglary is one piece of evidence that supports the premise that the suspect was at the scene.  Investigators need to anticipate what issues might arise and what evidence is needed to support the prosecutors case.
Criminal investigation  The first determination in a criminal investigation is whether a crime has in fact been committed.  Does the evidence support a specific crime?  A legal arrest cannot be made for an act that is not defined by statute or ordinance as a crime.
What is a crime?  A crime is an act in violation of penal law and an offense against the state  A crime is a violation of public law or right  It is an act or omission forbidden by law and punishable by a fine, imprisonment or even death.
Elements of a crime i. First, the human act or conduct (take something from someone, injure someone, create an atmosphere of danger, or actually cause significant harm to a person or persons and the society in general) ii. The individual’s mental state at the time of the act iii. The connection between the act and the effect
Goals of criminal investigation  The goals of Criminal investigation are:  Determine whether a crime has been committed  Legally obtain information and evidence to identify the responsible person/discover who committed the crime  Arrest the suspect  Recover stolen property  Present the best possible case to the prosecutor
Goals of criminal investigation  While committing crimes, people may leave some type of evidence  For example they may leave trace evidence or less visible evidence such as fingerprints, small particles of glass or dirt, body hairs or clothing fibers.  However a burglary committed by a person wearing gloves and whose foot prints are washed away by a hard rain before police arrive will be more difficult to solve  Hence many times cases have insufficient evidence, no witnesses and no informants to provide leads
Cybercrime Investigation  There are a multitude of stakeholders (i.e., agencies, organizations, businesses, and individuals) that are involved in the investigation of cybercrime. The nature and extent of their involvement depends on the type of cybercrime committed. Stakeholder involvement is also determined by the geographic location of stakeholders and countries' cybercrime laws
TYPES OF CRIMINAL INVESTIGATIONS  In very general terms criminal investigations focused on crimes against persons or violent crimes are broken down into two categories: i. Reactive investigations: are police or law enforcement’s response to a criminal incident. Examples of reactive cases are homicides, robberies, rapes, burglaries, thefts, assaults. These crimes are reported directly to the police or other appropriate jurisdiction by a citizen, a victim, another police officer or other interested parties as an event that requires immediate investigation ii. Proactive Investigations: Instead of a particular act of criminal conduct the law enforcement agency may conduct an investigation of a person or group of persons whom the agency has reason to believe are involved in an ongoing criminal pattern. E.G targeting of career criminals who are serial offenders, targeting of a violent street gang, targeting of an armed robbery gang whose offenses are characterized by extreme violence, or very high financial losses.  The essential distinction is the fact that the perpetrators are targeted before the offense is actually committed or the targets’ lives and daily routine are scrutinized in an attempt to discover facts and evidence proving their involvement in past crimes.
TYPES OF CRIMINAL INVESTIGATIONS  In many ways, proactive investigations are attempts by law enforcement to detect patterns of criminal activity, anticipate behavior and develop evidence leading to the successful prosecution of a community’s most proficient criminals.  They rely heavily on intelligence and covert investigative steps, such as surveillance and undercover operations or the use of deception to trick the targets into revealing their methods and practices.  E.g. organized criminal enterprises, drug enterprises, terrorist cells and any significant major conspiracies.
Proactive Investigation Steps a. Understanding how particular crimes and their elements are proven b. Constitutional considerations c. Crime scene analysis d. Forensic science support for an investigation e. Establishing an investigative plan f. Interviews and interrogations g. The use of confidential sources h. Tactical considerations i. Intelligence support and digital data mining j. Covert investigative operations  These steps are the same as those followed for reactive crime investigations, but there is a requirement to sort out the information from multiple crimes and find out if there are direct connections or uniformity in the method of operations or other factors that provide another layer of proof that the crimes were all associated with the targets.
Successful criminal investigation  A successful investigation is one in which:  A logical sequence is followed  All physical evidence is legally obtained  All witnesses are effectively interviewed  All suspects are legally and effectively interrogated  All leads are thoroughly developed  All details of the case are accurately and completely recorded and reported
Reporting cybercrime  Before an investigation begins, a cybercrime must be observed and reported. While this seems like a straightforward first step in a cybercrime investigation, the reality is that cybercrime is largely underreported worldwide (UNODC, 2013).  The underreporting of crime can be explained by economist Gary Becker's (1968) expected utility theory, which holds that people engage in actions when the expected utility (i.e., gains) from these actions are higher than the expected utility of engaging in other actions  Applying this theory to cybercrime, victims of cybercrime will not report cybercrimes if the expected utility from this reporting is low
Why cybercrimes are under reported  Existing research identifies several reasons why cybercrime is underreported, including :  the shame and embarrassment associated with being a victim of certain cybercrimes (e.g., romance scams);  reputational risks associated with publicizing cybercrime (e.g., if the victim of the cybercrime is a business, loss of consumer confidence);  being unaware that victimization occurred;  low confidence or expectations that law enforcement can assist them; too much time and effort to report cybercrime;  and lack of awareness on where to report cybercrime
Who conducts cybercrime investigations?  First responders in cybercrime investigations are responsible for "securing" digital evidence at the "scene" (the location) of a cybercrime (e.g., this could be the target or targets of the cybercrime and/or the information and communication technology used to commit cyber-dependent and/or cyber-enabled crime).  A first responder can be a law enforcement agent, digital forensics expert, military police officer, private investigator, an information technology specialist, or other person (e.g., an employee in the workforce) who is tasked with responding to incidents of cybercrime.  This illustrates that the public and private sector, as well as national security agencies, conduct cybercrime investigations (to varying degrees). Irrespective of who the first responder is, search and seizure practices for information and communications technologies (ICT) must be in accordance with national law, and the methods used to obtain digital evidence from ICT must be valid and reliable to ensure its admissibility in a court of law
Criminal Justice Agencies  Criminal justice agents, such as law enforcement officers, prosecutors, and judges, are responsible for the prevention, mitigation, detection, investigation, prosecution, and adjudication of cybercrime.  The specific agencies responsible for cybercrime cases vary by country. In the United Kingdom, for example, more than one agency investigates cybercrime, including regional law enforcement agencies and the National Cyber Crime Unit, which is part of the National Crime Agency (Global Cyber Security Capacity Centre, 2016c). In contrast, only one agency investigates cybercrime in Sierra Leone, the Police Cyber Crime Prevention Unit (Global Cyber Security Capacity Centre, 2016d), in Ecuador, the "Technological Crimes Investigations Unit of the National Directorate of the Judicial and Investigative Police is responsible for investigating cybercrime" (Inter-American Development Bank, 2016, p. 72), and in Iceland, the digital forensics unit in the Reykjavik Metropolitan Police (Global Cyber Security Capacity Centre, 2017c). Find out about Kenya.
Criminal Justice Agencies  Beyond national criminal justice agencies, regional agencies, such as the European Union Agency for Law Enforcement Cooperation ( Europol ) (promoting law enforcement cooperation in the European Union) and Eurojust (promoting judicial cooperation in the European Union), and international agencies, such as INTERPOL (i.e., International Criminal Police Organization; promoting international law enforcement cooperation), assist and/or facilitate cross-border cybercrime investigations.  For example, Europol's sharing of intelligence and resources with European Union Member States led to the arrest of a criminal, who was known for selling counterfeit EUR 50 banknotes online on illicit dark markets (Europol, 2018c).
Private Sector  The private sector plays an essential role in the detection, prevention, mitigation, and investigation of cybercrime because it predominantly owns and manages the critical infrastructure (i.e., considered essential to the functioning of society) in countries and is one of the primary targets of many cyber- dependent (i.e., those cybercrimes that seek to compromise the confidentiality, integrity, and availability of systems, networks, services, and data, such as hacking, malware distribution, and distributed denial of service or DDoS attacks) and cyber-enabled crimes (e.g., online financial fraud, identity-related crime, and theft of data and trade secrets, to name a few)
Basic functions of criminal investigators  Investigators perform the following functions  Provide emergency assistance  Secure the crime scene  Photograph and sketch  Take notes and write reports  Search for, obtain and process physical evidence  Obtain information from witnesses  Identify suspects  Testify in court
Obstacles to cybercrime investigations  There are several obstacles that may be encountered during cybercrime investigations. One such obstacle is created by the anonymity that information and communication technology affords to users.  Anonymity enables individuals to engage in activities without revealing themselves and/or their actions to others. There are several anonymization techniques that cybercriminals use. One such technique is the use of proxy servers.  A proxy server is an intermediary server that is used to connect a client (i.e., a computer) with a server that the client is requesting resources from. Anonymizers, or anonymous proxy servers, hide users' identity data by masking their IP address and substituting it with a different IP address (Chow, 2012).  Cybercriminals can also use anonymity networks to encrypt (i.e. block access) traffic and hide Internet Protocol address (or IP address), "a unique identifier assigned to a computer [or other Internet-connected digital device] by the Internet service provider when it connects to the Internet", in an effort to conceal their Internet activities and locations. Well-known examples of anonymity networks are Tor , Freenet , and the Invisible Internet Project (known as I2P ).
Attribution  Attribution is another obstacle encountered during cybercrime investigations. Attribution is the determination of who and/or what is responsible for the cybercrime. This process seeks to attribute the cybercrime to a particular digital device, user of the device, and/or others responsible for the cybercrime (e.g., if the cybercrime is state-sponsored or directed) (Lin, 2016). The use of anonymity- enhancing tools can make the identification of the devices and/or persons responsible for the cybercrime difficult.  Attribution is further complicated through the use of malware-infected zombie computers or digital devices controlled by remote access tools (i.e., malware that is used to create a backdoor on an infected device to enable the distributor of the malware to gain access to and control of systems). These devices can be used, unbeknownst to the user whose device is infected, to commit cybercrimes.
Back-tracing (or traceback)  Back-tracing (or traceback) is the process of tracing illicit acts back to the source (i.e., perpetrator and/or digital device) of the cybercrime. Traceback occurs after a cybercrime has occurred or when it is detected (Pihelgas, 2013).  A preliminary investigation is conducted to reveal information about the cybercrime through an examination of log files (i.e., event logs, which are files systems produce of activity), which can reveal information about the cybercrime (i.e., how it occurred). For instance, event logs "automatically record… events that occur within a computer to provide an audit trail that can be used to monitor, understand, and diagnose activities and problems within the system" (Maras, 2014, p. 382).  Examples of these logs are application logs, which record "events that are logged by programs and applications," and security logs that "record all login attempts (both valid and invalid) and the creation, opening or deletion of files, programmes or other objects by a computer user" (Maras, 2014, p. 207). These event logs may reveal the IP address used in the cybercrime.
Lack of harmonized national cybercrime laws  The lack of harmonized national cybercrime laws, international standardization of evidentiary requirements (both in terms of admissibility in a court of law, and in terms of international state responsibility), mutual legal assistance on cybercrime matters, and timely collection, preservation, and sharing of digital evidence between countries, also serve as obstacles to cybercrime investigations  In regard to certain types of cybercrime, especially cybercrimes that are politically motivated, a general lack of will of countries to cooperate in these cases has been observed
Technical challenges  Cybercrime investigators also face technical challenges. For example, numerous digital devices have proprietary operating systems and software that require the use of specialized tools to identify, collect, and preserve digital evidence. What is more, investigators may not have the necessary equipment and digital forensics tools needed to adequately conduct cybercrime investigations involving digital devices  Other obstacles to cybercrime investigations include the existing limited abilities of law enforcement agencies to conduct these investigations. In countries where national specialized units exist, they only investigate a limited number of cybercrime cases. The prevalence of information and communication technology in criminal investigations makes such a practice ineffective
Cyber Crime Investigation Techniques  Activities that a computer crime investigator performs include recovering file systems of hacked computers, acquiring data that can be used as evidence to prosecute crimes, writing reports for use in legal proceedings, and testifying in court hearings. Cyber crime investigation techniques include:  Performing background checks: Establishing the when, where, and who of a crime sets the stage for an investigation. This technique uses public and private records and databases to find out the backgrounds of individuals potentially involved in a crime.  Gathering information: This technique is one of the most critical in cyber crime investigations. Here, investigators ask questions such as: What evidence can be found? What level of access to sources do we have to gather the evidence? The answers to these and other questions provide the foundation for a successful investigation.  Running digital forensics: Cyber crime investigators use their digital and technology skills to conduct forensics, which involves the use of technology and scientific methods to collect, preserve, and analyze evidence throughout an investigation. Forensic data can be used to support evidence or confirm a suspect’s involvement in a crime.  Tracking the authors of a cyber crime: With information about a crime in hand, cyber crime investigators work with internet service providers and telecommunications and network companies to see which websites and protocols were used in the crime. This technique is also useful for monitoring future activities through digital surveillance. Investigators must seek permission to conduct these types of activities through court orders.
Questions i. Which national security agencies are involved in cybercrime investigations in Kenya? ii. What role (or roles) does the agency (or do the agencies) have in cybercrime investigations? iii. List and discuss various cybercrime investigation and forensic tools
 end

Recommended

Journal of-Criminal Justice, Vol. 7, pp. 217-241 (1979). Per.docx
Journal of-Criminal Justice, Vol. 7, pp. 217-241 (1979). Per.docxJournal of-Criminal Justice, Vol. 7, pp. 217-241 (1979). Per.docx
Journal of-Criminal Justice, Vol. 7, pp. 217-241 (1979). Per.docxpriestmanmable
 
Chapter 1 Lecture Slides (1).pptx
Chapter 1 Lecture Slides (1).pptxChapter 1 Lecture Slides (1).pptx
Chapter 1 Lecture Slides (1).pptxKettyM1
 
TAIEX workshop Cairo.pdf
TAIEX workshop Cairo.pdfTAIEX workshop Cairo.pdf
TAIEX workshop Cairo.pdfmidorasho
 
Principles and Approaches to Criminal Investigation, .docx
Principles and Approaches to Criminal Investigation, .docxPrinciples and Approaches to Criminal Investigation, .docx
Principles and Approaches to Criminal Investigation, .docxharrisonhoward80223
 
Normalcy of Crime as a Requirement for Intelligence Analysis:Case Study of Ni...
Normalcy of Crime as a Requirement for Intelligence Analysis:Case Study of Ni...Normalcy of Crime as a Requirement for Intelligence Analysis:Case Study of Ni...
Normalcy of Crime as a Requirement for Intelligence Analysis:Case Study of Ni...SP. Zems Mathias, PhD.
 
Presentation1
Presentation1Presentation1
Presentation1SP. Zems Mathias, PhD.
 
Crime detection
Crime detectionCrime detection
Crime detectionMuhammadMobeen18
 
First-Responders-in-CSI_01.19.ppt
First-Responders-in-CSI_01.19.pptFirst-Responders-in-CSI_01.19.ppt
First-Responders-in-CSI_01.19.pptAlleli Faith Leyritana
 

Recommended

Journal of-Criminal Justice, Vol. 7, pp. 217-241 (1979). Per.docx
Journal of-Criminal Justice, Vol. 7, pp. 217-241 (1979). Per.docxJournal of-Criminal Justice, Vol. 7, pp. 217-241 (1979). Per.docx
Journal of-Criminal Justice, Vol. 7, pp. 217-241 (1979). Per.docxpriestmanmable
 
Chapter 1 Lecture Slides (1).pptx
Chapter 1 Lecture Slides (1).pptxChapter 1 Lecture Slides (1).pptx
Chapter 1 Lecture Slides (1).pptxKettyM1
 
TAIEX workshop Cairo.pdf
TAIEX workshop Cairo.pdfTAIEX workshop Cairo.pdf
TAIEX workshop Cairo.pdfmidorasho
 
Principles and Approaches to Criminal Investigation, .docx
Principles and Approaches to Criminal Investigation, .docxPrinciples and Approaches to Criminal Investigation, .docx
Principles and Approaches to Criminal Investigation, .docxharrisonhoward80223
 
Normalcy of Crime as a Requirement for Intelligence Analysis:Case Study of Ni...
Normalcy of Crime as a Requirement for Intelligence Analysis:Case Study of Ni...Normalcy of Crime as a Requirement for Intelligence Analysis:Case Study of Ni...
Normalcy of Crime as a Requirement for Intelligence Analysis:Case Study of Ni...SP. Zems Mathias, PhD.
 
Presentation1
Presentation1Presentation1
Presentation1SP. Zems Mathias, PhD.
 
Crime detection
Crime detectionCrime detection
Crime detectionMuhammadMobeen18
 
First-Responders-in-CSI_01.19.ppt
First-Responders-in-CSI_01.19.pptFirst-Responders-in-CSI_01.19.ppt
First-Responders-in-CSI_01.19.pptAlleli Faith Leyritana
 
A complete review of Forensic Science and its various branches.
A complete review of Forensic Science and its various branches.A complete review of Forensic Science and its various branches.
A complete review of Forensic Science and its various branches.Hamza Mohammad
 
250 words agree or disagreeWhile I have mixed opinions about p.docx
250 words agree or disagreeWhile I have mixed opinions about p.docx250 words agree or disagreeWhile I have mixed opinions about p.docx
250 words agree or disagreeWhile I have mixed opinions about p.docxvickeryr87
 
Liberty Cjus 420 final exam
Liberty Cjus 420 final examLiberty Cjus 420 final exam
Liberty Cjus 420 final examHomework Simple
 
Private and Public Private and Public.docx
Private and Public Private and Public.docxPrivate and Public Private and Public.docx
Private and Public Private and Public.docxChantellPantoja184
 
Record of Module Forensic photography in
Record of Module Forensic photography inRecord of Module Forensic photography in
Record of Module Forensic photography inalexademileighpacal
 
crime scene.pptx
crime scene.pptxcrime scene.pptx
crime scene.pptxkiran yadav
 
Effectiveness of Crime Control Measures in Nigeria
Effectiveness of Crime Control Measures in NigeriaEffectiveness of Crime Control Measures in Nigeria
Effectiveness of Crime Control Measures in NigeriaGabriel Ken
 
Crime Scene Management (forensic science)
Crime Scene Management (forensic science)Crime Scene Management (forensic science)
Crime Scene Management (forensic science)AryaThampi9
 
1. Concepts of Investigation.ppt
1. Concepts of Investigation.ppt1. Concepts of Investigation.ppt
1. Concepts of Investigation.pptmathiasyusuph
 
A Look Into the Criminal Investigator Job Description
A Look Into the Criminal Investigator Job DescriptionA Look Into the Criminal Investigator Job Description
A Look Into the Criminal Investigator Job Descriptionlegalsec
 
Six Major Causes Of Wrongful Conviction
Six Major Causes Of Wrongful ConvictionSix Major Causes Of Wrongful Conviction
Six Major Causes Of Wrongful ConvictionMichelle Singh
 
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...REVULN
 
The Importance Of Intelligence-Led Policing
The Importance Of Intelligence-Led PolicingThe Importance Of Intelligence-Led Policing
The Importance Of Intelligence-Led PolicingMelissa Dudas
 
Unveiling the Role of Social Media Suspect Investigators in Preventing Online...
Unveiling the Role of Social Media Suspect Investigators in Preventing Online...Unveiling the Role of Social Media Suspect Investigators in Preventing Online...
Unveiling the Role of Social Media Suspect Investigators in Preventing Online...Milind Agarwal
 
icmss-2015_Usage of Forensics Science In Intelligence Gathering (Forensics In...
icmss-2015_Usage of Forensics Science In Intelligence Gathering (Forensics In...icmss-2015_Usage of Forensics Science In Intelligence Gathering (Forensics In...
icmss-2015_Usage of Forensics Science In Intelligence Gathering (Forensics In...Government
 
Trends And Aspects Of Policing Models
Trends And Aspects Of Policing ModelsTrends And Aspects Of Policing Models
Trends And Aspects Of Policing ModelsTiffany Surratt
 
Latihan2 comp-forensic
Latihan2 comp-forensicLatihan2 comp-forensic
Latihan2 comp-forensicsabtolinux
 
Unit 9 Hall Elizabeth Investigation Essay
Unit 9 Hall Elizabeth Investigation EssayUnit 9 Hall Elizabeth Investigation Essay
Unit 9 Hall Elizabeth Investigation EssayElizabeth Hall
 
Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...
Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...
Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...adnis1
 
Lesson12 Search and Search Warrants.pptx
Lesson12 Search and Search Warrants.pptxLesson12 Search and Search Warrants.pptx
Lesson12 Search and Search Warrants.pptxadnis1
 
Lesson4-Privacy and Data Protection.pptx
Lesson4-Privacy and Data Protection.pptxLesson4-Privacy and Data Protection.pptx
Lesson4-Privacy and Data Protection.pptxadnis1
 
Network_Architecture_and_Protocols.pptxNetwork_Architecture_and_Protocols.pptx
Network_Architecture_and_Protocols.pptxNetwork_Architecture_and_Protocols.pptxNetwork_Architecture_and_Protocols.pptxNetwork_Architecture_and_Protocols.pptx
Network_Architecture_and_Protocols.pptxNetwork_Architecture_and_Protocols.pptxadnis1
 

More Related Content

Similar to Cybercrimes in cybersecurity Investigations.pptx

A complete review of Forensic Science and its various branches.
A complete review of Forensic Science and its various branches.A complete review of Forensic Science and its various branches.
A complete review of Forensic Science and its various branches.Hamza Mohammad
 
250 words agree or disagreeWhile I have mixed opinions about p.docx
250 words agree or disagreeWhile I have mixed opinions about p.docx250 words agree or disagreeWhile I have mixed opinions about p.docx
250 words agree or disagreeWhile I have mixed opinions about p.docxvickeryr87
 
Liberty Cjus 420 final exam
Liberty Cjus 420 final examLiberty Cjus 420 final exam
Liberty Cjus 420 final examHomework Simple
 
Private and Public Private and Public.docx
Private and Public Private and Public.docxPrivate and Public Private and Public.docx
Private and Public Private and Public.docxChantellPantoja184
 
Record of Module Forensic photography in
Record of Module Forensic photography inRecord of Module Forensic photography in
Record of Module Forensic photography inalexademileighpacal
 
crime scene.pptx
crime scene.pptxcrime scene.pptx
crime scene.pptxkiran yadav
 
Effectiveness of Crime Control Measures in Nigeria
Effectiveness of Crime Control Measures in NigeriaEffectiveness of Crime Control Measures in Nigeria
Effectiveness of Crime Control Measures in NigeriaGabriel Ken
 
Crime Scene Management (forensic science)
Crime Scene Management (forensic science)Crime Scene Management (forensic science)
Crime Scene Management (forensic science)AryaThampi9
 
1. Concepts of Investigation.ppt
1. Concepts of Investigation.ppt1. Concepts of Investigation.ppt
1. Concepts of Investigation.pptmathiasyusuph
 
A Look Into the Criminal Investigator Job Description
A Look Into the Criminal Investigator Job DescriptionA Look Into the Criminal Investigator Job Description
A Look Into the Criminal Investigator Job Descriptionlegalsec
 
Six Major Causes Of Wrongful Conviction
Six Major Causes Of Wrongful ConvictionSix Major Causes Of Wrongful Conviction
Six Major Causes Of Wrongful ConvictionMichelle Singh
 
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...REVULN
 
The Importance Of Intelligence-Led Policing
The Importance Of Intelligence-Led PolicingThe Importance Of Intelligence-Led Policing
The Importance Of Intelligence-Led PolicingMelissa Dudas
 
Unveiling the Role of Social Media Suspect Investigators in Preventing Online...
Unveiling the Role of Social Media Suspect Investigators in Preventing Online...Unveiling the Role of Social Media Suspect Investigators in Preventing Online...
Unveiling the Role of Social Media Suspect Investigators in Preventing Online...Milind Agarwal
 
icmss-2015_Usage of Forensics Science In Intelligence Gathering (Forensics In...
icmss-2015_Usage of Forensics Science In Intelligence Gathering (Forensics In...icmss-2015_Usage of Forensics Science In Intelligence Gathering (Forensics In...
icmss-2015_Usage of Forensics Science In Intelligence Gathering (Forensics In...Government
 
Trends And Aspects Of Policing Models
Trends And Aspects Of Policing ModelsTrends And Aspects Of Policing Models
Trends And Aspects Of Policing ModelsTiffany Surratt
 
Latihan2 comp-forensic
Latihan2 comp-forensicLatihan2 comp-forensic
Latihan2 comp-forensicsabtolinux
 
Unit 9 Hall Elizabeth Investigation Essay
Unit 9 Hall Elizabeth Investigation EssayUnit 9 Hall Elizabeth Investigation Essay
Unit 9 Hall Elizabeth Investigation EssayElizabeth Hall
 

Similar to Cybercrimes in cybersecurity Investigations.pptx (18)

A complete review of Forensic Science and its various branches.
A complete review of Forensic Science and its various branches.A complete review of Forensic Science and its various branches.
A complete review of Forensic Science and its various branches.
 
250 words agree or disagreeWhile I have mixed opinions about p.docx
250 words agree or disagreeWhile I have mixed opinions about p.docx250 words agree or disagreeWhile I have mixed opinions about p.docx
250 words agree or disagreeWhile I have mixed opinions about p.docx
 
Liberty Cjus 420 final exam
Liberty Cjus 420 final examLiberty Cjus 420 final exam
Liberty Cjus 420 final exam
 
Private and Public Private and Public.docx
Private and Public Private and Public.docxPrivate and Public Private and Public.docx
Private and Public Private and Public.docx
 
Record of Module Forensic photography in
Record of Module Forensic photography inRecord of Module Forensic photography in
Record of Module Forensic photography in
 
crime scene.pptx
crime scene.pptxcrime scene.pptx
crime scene.pptx
 
Effectiveness of Crime Control Measures in Nigeria
Effectiveness of Crime Control Measures in NigeriaEffectiveness of Crime Control Measures in Nigeria
Effectiveness of Crime Control Measures in Nigeria
 
Crime Scene Management (forensic science)
Crime Scene Management (forensic science)Crime Scene Management (forensic science)
Crime Scene Management (forensic science)
 
1. Concepts of Investigation.ppt
1. Concepts of Investigation.ppt1. Concepts of Investigation.ppt
1. Concepts of Investigation.ppt
 
A Look Into the Criminal Investigator Job Description
A Look Into the Criminal Investigator Job DescriptionA Look Into the Criminal Investigator Job Description
A Look Into the Criminal Investigator Job Description
 
Six Major Causes Of Wrongful Conviction
Six Major Causes Of Wrongful ConvictionSix Major Causes Of Wrongful Conviction
Six Major Causes Of Wrongful Conviction
 
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
 
The Importance Of Intelligence-Led Policing
The Importance Of Intelligence-Led PolicingThe Importance Of Intelligence-Led Policing
The Importance Of Intelligence-Led Policing
 
Unveiling the Role of Social Media Suspect Investigators in Preventing Online...
Unveiling the Role of Social Media Suspect Investigators in Preventing Online...Unveiling the Role of Social Media Suspect Investigators in Preventing Online...
Unveiling the Role of Social Media Suspect Investigators in Preventing Online...
 
icmss-2015_Usage of Forensics Science In Intelligence Gathering (Forensics In...
icmss-2015_Usage of Forensics Science In Intelligence Gathering (Forensics In...icmss-2015_Usage of Forensics Science In Intelligence Gathering (Forensics In...
icmss-2015_Usage of Forensics Science In Intelligence Gathering (Forensics In...
 
Trends And Aspects Of Policing Models
Trends And Aspects Of Policing ModelsTrends And Aspects Of Policing Models
Trends And Aspects Of Policing Models
 
Latihan2 comp-forensic
Latihan2 comp-forensicLatihan2 comp-forensic
Latihan2 comp-forensic
 
Unit 9 Hall Elizabeth Investigation Essay
Unit 9 Hall Elizabeth Investigation EssayUnit 9 Hall Elizabeth Investigation Essay
Unit 9 Hall Elizabeth Investigation Essay
 

More from adnis1

Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...
Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...
Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...adnis1
 
Lesson12 Search and Search Warrants.pptx
Lesson12 Search and Search Warrants.pptxLesson12 Search and Search Warrants.pptx
Lesson12 Search and Search Warrants.pptxadnis1
 
Lesson4-Privacy and Data Protection.pptx
Lesson4-Privacy and Data Protection.pptxLesson4-Privacy and Data Protection.pptx
Lesson4-Privacy and Data Protection.pptxadnis1
 
Network_Architecture_and_Protocols.pptxNetwork_Architecture_and_Protocols.pptx
Network_Architecture_and_Protocols.pptxNetwork_Architecture_and_Protocols.pptxNetwork_Architecture_and_Protocols.pptxNetwork_Architecture_and_Protocols.pptx
Network_Architecture_and_Protocols.pptxNetwork_Architecture_and_Protocols.pptxadnis1
 
Lesson2a-General types of CyberCrime.pptx
Lesson2a-General types of CyberCrime.pptxLesson2a-General types of CyberCrime.pptx
Lesson2a-General types of CyberCrime.pptxadnis1
 
criminalprofillingincybersecurityandinformation.pptx
criminalprofillingincybersecurityandinformation.pptxcriminalprofillingincybersecurityandinformation.pptx
criminalprofillingincybersecurityandinformation.pptxadnis1
 

More from adnis1 (6)

Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...
Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...
Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...
 
Lesson12 Search and Search Warrants.pptx
Lesson12 Search and Search Warrants.pptxLesson12 Search and Search Warrants.pptx
Lesson12 Search and Search Warrants.pptx
 
Lesson4-Privacy and Data Protection.pptx
Lesson4-Privacy and Data Protection.pptxLesson4-Privacy and Data Protection.pptx
Lesson4-Privacy and Data Protection.pptx
 
Network_Architecture_and_Protocols.pptxNetwork_Architecture_and_Protocols.pptx
Network_Architecture_and_Protocols.pptxNetwork_Architecture_and_Protocols.pptxNetwork_Architecture_and_Protocols.pptxNetwork_Architecture_and_Protocols.pptx
Network_Architecture_and_Protocols.pptxNetwork_Architecture_and_Protocols.pptx
 
Lesson2a-General types of CyberCrime.pptx
Lesson2a-General types of CyberCrime.pptxLesson2a-General types of CyberCrime.pptx
Lesson2a-General types of CyberCrime.pptx
 
criminalprofillingincybersecurityandinformation.pptx
criminalprofillingincybersecurityandinformation.pptxcriminalprofillingincybersecurityandinformation.pptx
criminalprofillingincybersecurityandinformation.pptx
 

Recently uploaded

Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 

Recently uploaded (20)

Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 

Cybercrimes in cybersecurity Investigations.pptx

  • 1. Lesson 9  Cybercrime Investigation
  • 2. Introduction  An investigation is a patient, step by step inquiry or observation.  A careful examination, recording of evidence or a legal enquiry.  The word investigate is derived from the latin word vestigare meaning a track or trace.  This is easily related to police investigation.
  • 3. Criminal investigation  Criminal investigation therefore is a reconstructive process that uses deductive reasoning to determine how a crime was committed. OR  It is a multi-layered effort that involves the study of facts presented by a criminal act or pattern of criminal conduct. OR  A logical process in which a conclusion follows from specific facts.  These facts are then used to identify, locate, and prove the guilt or innocence of a person or persons.  Criminal investigation is usually carried out by a law enforcement agency using all the resources available to the government, local, state, or federal, to discover, locate, or establish evidence proving and verifying the relevant facts for presentation to a court or other judicial authority
  • 4. Criminal investigation  The facts discovered can become evidence and may involve statements from witnesses; documentary or photographic evidence; physical evidence, which are fruits of a crime; instrumentalities of a crime; incidental evidence; and logs, data, and details of analysis that show access to crime scenes.  It is the characteristic of any criminal investigation that aspects of the crime may manifest in a variety of ways.  Therefore, many criminal investigations rely heavily on a logical, organized process, but there are also aspects of crimes that derive from chaos and sheer luck of happenstance.  This unexpected development requires that criminal investigators be both flexible and purposeful in their approach.  For example, finding the suspects watch at the scene of a burglary is one piece of evidence that supports the premise that the suspect was at the scene.  Investigators need to anticipate what issues might arise and what evidence is needed to support the prosecutors case.
  • 5. Criminal investigation  The first determination in a criminal investigation is whether a crime has in fact been committed.  Does the evidence support a specific crime?  A legal arrest cannot be made for an act that is not defined by statute or ordinance as a crime.
  • 6. What is a crime?  A crime is an act in violation of penal law and an offense against the state  A crime is a violation of public law or right  It is an act or omission forbidden by law and punishable by a fine, imprisonment or even death.
  • 7. Elements of a crime i. First, the human act or conduct (take something from someone, injure someone, create an atmosphere of danger, or actually cause significant harm to a person or persons and the society in general) ii. The individual’s mental state at the time of the act iii. The connection between the act and the effect
  • 8. Goals of criminal investigation  The goals of Criminal investigation are:  Determine whether a crime has been committed  Legally obtain information and evidence to identify the responsible person/discover who committed the crime  Arrest the suspect  Recover stolen property  Present the best possible case to the prosecutor
  • 9. Goals of criminal investigation  While committing crimes, people may leave some type of evidence  For example they may leave trace evidence or less visible evidence such as fingerprints, small particles of glass or dirt, body hairs or clothing fibers.  However a burglary committed by a person wearing gloves and whose foot prints are washed away by a hard rain before police arrive will be more difficult to solve  Hence many times cases have insufficient evidence, no witnesses and no informants to provide leads
  • 10. Cybercrime Investigation  There are a multitude of stakeholders (i.e., agencies, organizations, businesses, and individuals) that are involved in the investigation of cybercrime. The nature and extent of their involvement depends on the type of cybercrime committed. Stakeholder involvement is also determined by the geographic location of stakeholders and countries' cybercrime laws
  • 11. TYPES OF CRIMINAL INVESTIGATIONS  In very general terms criminal investigations focused on crimes against persons or violent crimes are broken down into two categories: i. Reactive investigations: are police or law enforcement’s response to a criminal incident. Examples of reactive cases are homicides, robberies, rapes, burglaries, thefts, assaults. These crimes are reported directly to the police or other appropriate jurisdiction by a citizen, a victim, another police officer or other interested parties as an event that requires immediate investigation ii. Proactive Investigations: Instead of a particular act of criminal conduct the law enforcement agency may conduct an investigation of a person or group of persons whom the agency has reason to believe are involved in an ongoing criminal pattern. E.G targeting of career criminals who are serial offenders, targeting of a violent street gang, targeting of an armed robbery gang whose offenses are characterized by extreme violence, or very high financial losses.  The essential distinction is the fact that the perpetrators are targeted before the offense is actually committed or the targets’ lives and daily routine are scrutinized in an attempt to discover facts and evidence proving their involvement in past crimes.
  • 12. TYPES OF CRIMINAL INVESTIGATIONS  In many ways, proactive investigations are attempts by law enforcement to detect patterns of criminal activity, anticipate behavior and develop evidence leading to the successful prosecution of a community’s most proficient criminals.  They rely heavily on intelligence and covert investigative steps, such as surveillance and undercover operations or the use of deception to trick the targets into revealing their methods and practices.  E.g. organized criminal enterprises, drug enterprises, terrorist cells and any significant major conspiracies.
  • 13. Proactive Investigation Steps a. Understanding how particular crimes and their elements are proven b. Constitutional considerations c. Crime scene analysis d. Forensic science support for an investigation e. Establishing an investigative plan f. Interviews and interrogations g. The use of confidential sources h. Tactical considerations i. Intelligence support and digital data mining j. Covert investigative operations  These steps are the same as those followed for reactive crime investigations, but there is a requirement to sort out the information from multiple crimes and find out if there are direct connections or uniformity in the method of operations or other factors that provide another layer of proof that the crimes were all associated with the targets.
  • 14. Successful criminal investigation  A successful investigation is one in which:  A logical sequence is followed  All physical evidence is legally obtained  All witnesses are effectively interviewed  All suspects are legally and effectively interrogated  All leads are thoroughly developed  All details of the case are accurately and completely recorded and reported
  • 15. Reporting cybercrime  Before an investigation begins, a cybercrime must be observed and reported. While this seems like a straightforward first step in a cybercrime investigation, the reality is that cybercrime is largely underreported worldwide (UNODC, 2013).  The underreporting of crime can be explained by economist Gary Becker's (1968) expected utility theory, which holds that people engage in actions when the expected utility (i.e., gains) from these actions are higher than the expected utility of engaging in other actions  Applying this theory to cybercrime, victims of cybercrime will not report cybercrimes if the expected utility from this reporting is low
  • 16. Why cybercrimes are under reported  Existing research identifies several reasons why cybercrime is underreported, including :  the shame and embarrassment associated with being a victim of certain cybercrimes (e.g., romance scams);  reputational risks associated with publicizing cybercrime (e.g., if the victim of the cybercrime is a business, loss of consumer confidence);  being unaware that victimization occurred;  low confidence or expectations that law enforcement can assist them; too much time and effort to report cybercrime;  and lack of awareness on where to report cybercrime
  • 17. Who conducts cybercrime investigations?  First responders in cybercrime investigations are responsible for "securing" digital evidence at the "scene" (the location) of a cybercrime (e.g., this could be the target or targets of the cybercrime and/or the information and communication technology used to commit cyber-dependent and/or cyber-enabled crime).  A first responder can be a law enforcement agent, digital forensics expert, military police officer, private investigator, an information technology specialist, or other person (e.g., an employee in the workforce) who is tasked with responding to incidents of cybercrime.  This illustrates that the public and private sector, as well as national security agencies, conduct cybercrime investigations (to varying degrees). Irrespective of who the first responder is, search and seizure practices for information and communications technologies (ICT) must be in accordance with national law, and the methods used to obtain digital evidence from ICT must be valid and reliable to ensure its admissibility in a court of law
  • 18. Criminal Justice Agencies  Criminal justice agents, such as law enforcement officers, prosecutors, and judges, are responsible for the prevention, mitigation, detection, investigation, prosecution, and adjudication of cybercrime.  The specific agencies responsible for cybercrime cases vary by country. In the United Kingdom, for example, more than one agency investigates cybercrime, including regional law enforcement agencies and the National Cyber Crime Unit, which is part of the National Crime Agency (Global Cyber Security Capacity Centre, 2016c). In contrast, only one agency investigates cybercrime in Sierra Leone, the Police Cyber Crime Prevention Unit (Global Cyber Security Capacity Centre, 2016d), in Ecuador, the "Technological Crimes Investigations Unit of the National Directorate of the Judicial and Investigative Police is responsible for investigating cybercrime" (Inter-American Development Bank, 2016, p. 72), and in Iceland, the digital forensics unit in the Reykjavik Metropolitan Police (Global Cyber Security Capacity Centre, 2017c). Find out about Kenya.
  • 19. Criminal Justice Agencies  Beyond national criminal justice agencies, regional agencies, such as the European Union Agency for Law Enforcement Cooperation ( Europol ) (promoting law enforcement cooperation in the European Union) and Eurojust (promoting judicial cooperation in the European Union), and international agencies, such as INTERPOL (i.e., International Criminal Police Organization; promoting international law enforcement cooperation), assist and/or facilitate cross-border cybercrime investigations.  For example, Europol's sharing of intelligence and resources with European Union Member States led to the arrest of a criminal, who was known for selling counterfeit EUR 50 banknotes online on illicit dark markets (Europol, 2018c).
  • 20. Private Sector  The private sector plays an essential role in the detection, prevention, mitigation, and investigation of cybercrime because it predominantly owns and manages the critical infrastructure (i.e., considered essential to the functioning of society) in countries and is one of the primary targets of many cyber- dependent (i.e., those cybercrimes that seek to compromise the confidentiality, integrity, and availability of systems, networks, services, and data, such as hacking, malware distribution, and distributed denial of service or DDoS attacks) and cyber-enabled crimes (e.g., online financial fraud, identity-related crime, and theft of data and trade secrets, to name a few)
  • 21. Basic functions of criminal investigators  Investigators perform the following functions  Provide emergency assistance  Secure the crime scene  Photograph and sketch  Take notes and write reports  Search for, obtain and process physical evidence  Obtain information from witnesses  Identify suspects  Testify in court
  • 22. Obstacles to cybercrime investigations  There are several obstacles that may be encountered during cybercrime investigations. One such obstacle is created by the anonymity that information and communication technology affords to users.  Anonymity enables individuals to engage in activities without revealing themselves and/or their actions to others. There are several anonymization techniques that cybercriminals use. One such technique is the use of proxy servers.  A proxy server is an intermediary server that is used to connect a client (i.e., a computer) with a server that the client is requesting resources from. Anonymizers, or anonymous proxy servers, hide users' identity data by masking their IP address and substituting it with a different IP address (Chow, 2012).  Cybercriminals can also use anonymity networks to encrypt (i.e. block access) traffic and hide Internet Protocol address (or IP address), "a unique identifier assigned to a computer [or other Internet-connected digital device] by the Internet service provider when it connects to the Internet", in an effort to conceal their Internet activities and locations. Well-known examples of anonymity networks are Tor , Freenet , and the Invisible Internet Project (known as I2P ).
  • 23. Attribution  Attribution is another obstacle encountered during cybercrime investigations. Attribution is the determination of who and/or what is responsible for the cybercrime. This process seeks to attribute the cybercrime to a particular digital device, user of the device, and/or others responsible for the cybercrime (e.g., if the cybercrime is state-sponsored or directed) (Lin, 2016). The use of anonymity- enhancing tools can make the identification of the devices and/or persons responsible for the cybercrime difficult.  Attribution is further complicated through the use of malware-infected zombie computers or digital devices controlled by remote access tools (i.e., malware that is used to create a backdoor on an infected device to enable the distributor of the malware to gain access to and control of systems). These devices can be used, unbeknownst to the user whose device is infected, to commit cybercrimes.
  • 24. Back-tracing (or traceback)  Back-tracing (or traceback) is the process of tracing illicit acts back to the source (i.e., perpetrator and/or digital device) of the cybercrime. Traceback occurs after a cybercrime has occurred or when it is detected (Pihelgas, 2013).  A preliminary investigation is conducted to reveal information about the cybercrime through an examination of log files (i.e., event logs, which are files systems produce of activity), which can reveal information about the cybercrime (i.e., how it occurred). For instance, event logs "automatically record… events that occur within a computer to provide an audit trail that can be used to monitor, understand, and diagnose activities and problems within the system" (Maras, 2014, p. 382).  Examples of these logs are application logs, which record "events that are logged by programs and applications," and security logs that "record all login attempts (both valid and invalid) and the creation, opening or deletion of files, programmes or other objects by a computer user" (Maras, 2014, p. 207). These event logs may reveal the IP address used in the cybercrime.
  • 25. Lack of harmonized national cybercrime laws  The lack of harmonized national cybercrime laws, international standardization of evidentiary requirements (both in terms of admissibility in a court of law, and in terms of international state responsibility), mutual legal assistance on cybercrime matters, and timely collection, preservation, and sharing of digital evidence between countries, also serve as obstacles to cybercrime investigations  In regard to certain types of cybercrime, especially cybercrimes that are politically motivated, a general lack of will of countries to cooperate in these cases has been observed
  • 26. Technical challenges  Cybercrime investigators also face technical challenges. For example, numerous digital devices have proprietary operating systems and software that require the use of specialized tools to identify, collect, and preserve digital evidence. What is more, investigators may not have the necessary equipment and digital forensics tools needed to adequately conduct cybercrime investigations involving digital devices  Other obstacles to cybercrime investigations include the existing limited abilities of law enforcement agencies to conduct these investigations. In countries where national specialized units exist, they only investigate a limited number of cybercrime cases. The prevalence of information and communication technology in criminal investigations makes such a practice ineffective
  • 27. Cyber Crime Investigation Techniques  Activities that a computer crime investigator performs include recovering file systems of hacked computers, acquiring data that can be used as evidence to prosecute crimes, writing reports for use in legal proceedings, and testifying in court hearings. Cyber crime investigation techniques include:  Performing background checks: Establishing the when, where, and who of a crime sets the stage for an investigation. This technique uses public and private records and databases to find out the backgrounds of individuals potentially involved in a crime.  Gathering information: This technique is one of the most critical in cyber crime investigations. Here, investigators ask questions such as: What evidence can be found? What level of access to sources do we have to gather the evidence? The answers to these and other questions provide the foundation for a successful investigation.  Running digital forensics: Cyber crime investigators use their digital and technology skills to conduct forensics, which involves the use of technology and scientific methods to collect, preserve, and analyze evidence throughout an investigation. Forensic data can be used to support evidence or confirm a suspect’s involvement in a crime.  Tracking the authors of a cyber crime: With information about a crime in hand, cyber crime investigators work with internet service providers and telecommunications and network companies to see which websites and protocols were used in the crime. This technique is also useful for monitoring future activities through digital surveillance. Investigators must seek permission to conduct these types of activities through court orders.
  • 28. Questions i. Which national security agencies are involved in cybercrime investigations in Kenya? ii. What role (or roles) does the agency (or do the agencies) have in cybercrime investigations? iii. List and discuss various cybercrime investigation and forensic tools