Law
Fact-checked

At WiseGEEK, we're committed to delivering accurate, trustworthy information. Our expert-authored content is rigorously fact-checked and sourced from credible authorities. Discover how we uphold the highest standards in providing you with reliable knowledge.

Learn more...

What in Involved in Computer Crime Investigations?

Mary McMahon
Mary McMahon
Mary McMahon
Mary McMahon

Computer crime investigations seek to determine the nature of a crime and collect evidence to lead to a conviction. Along the way, investigators may uncover information they can use to predict and prevent crimes of a similar nature in the future. For example, they might note a loophole in a program that makes intrusions possible, and could contact the manufacturer to recommend a patch to correct the problem. Training in information technology is necessary for this kind of work, as is experience in evidence collection and handling to reduce the risk of gathering information that cannot be legally used.

The process starts when someone calls to report a crime, or a monitoring agency detects evidence of a crime. Investigative teams must secure computers, networks, and components that may be connected with the incident. This can include things like financial networks connected to embezzlement in fraud, or computer networks targeted with malicious hacks in an attempt to expose and compromise data. Computer crime investigations can be challenging because of the ephemeral nature of the evidence, making it critical to get the computers secured and under control before starting an investigation.

In some cases, computer components are also involved in the crime.
In some cases, computer components are also involved in the crime.

Investigators may clone the system in order to explore it without compromising the original. Computer crime investigations can involve a detailed audit of a computer system to look for malicious code, security loopholes, and other issues. The investigators may seek out compromising files and programs, including material people have attempted to delete, alter, or conceal. Specifics of the investigation depend on the type of crime under investigation. For hacking, for example, computer crime investigations need to uncover evidence that intrusions occurred, and must link it to a source.

Computer crime investigations can involve a detailed audit of a computer system to look for malicious code.
Computer crime investigations can involve a detailed audit of a computer system to look for malicious code.

Maintaining the chain of evidence with computer crime investigations is challenging. Investigators need to carefully document everything they do and may videotape, record keystrokes, and take other measures to track their activities. In the event evidence is challenged in court, the team must be able to show that the evidence is original, without alterations that might compromise its validity. Members of this field constantly revise and update evidence guidelines to keep pace with computer crime investigations and set a standard for investigators to follow wherever they are working.

Computer forensics and data recovery are both specialties within the computer science field.
Computer forensics and data recovery are both specialties within the computer science field.

Once evidence has been fully collected and cataloged, the team may opt to retain the equipment they confiscated until the matter goes to court and is heard. This ensures that they have access if they need it during the trial. Otherwise, computers and other devices might be released back to their owners, which could ultimately compromise any remaining evidence.

Mary McMahon
Mary McMahon

Ever since she began contributing to the site several years ago, Mary has embraced the exciting challenge of being a WiseGEEK researcher and writer. Mary has a liberal arts degree from Goddard College and spends her free time reading, cooking, and exploring the great outdoors.

Learn more...
Mary McMahon
Mary McMahon

Ever since she began contributing to the site several years ago, Mary has embraced the exciting challenge of being a WiseGEEK researcher and writer. Mary has a liberal arts degree from Goddard College and spends her free time reading, cooking, and exploring the great outdoors.

Learn more...

Discuss this Article

Post your comments
Login:
Forgot password?
Register:
    • In some cases, computer components are also involved in the crime.
      By: Africa Studio
      In some cases, computer components are also involved in the crime.
    • Computer crime investigations can involve a detailed audit of a computer system to look for malicious code.
      By: Yeko Photo Studio
      Computer crime investigations can involve a detailed audit of a computer system to look for malicious code.
    • Computer forensics and data recovery are both specialties within the computer science field.
      By: diego cervo
      Computer forensics and data recovery are both specialties within the computer science field.
    • Training in information technology is necessary to be a computer crime investigator.
      By: gordand
      Training in information technology is necessary to be a computer crime investigator.