The Investigation of Computer Crime

hightechToday nearly every crime has some sort of digital footprint attached to it. So it’s easy to see why strong computer skills must round out any investigator’s toolkit. This course gives you an understanding of computer technology, its application to criminal activities, and the issues associated with investigating these cases. Through discussion and hands-on training, you’ll learn about computer hardware components, how to use the Internet to your advantage, search and seizure techniques, digital officer safety, and much more.

Audience: Law enforcement investigators and support staff
Prerequisites: Helpful to understand multiple platforms.
Length: 3 days
Difficulty: Basic-to-intermediate

Syllabus

The Computer

We begin our exploration into ways in which computers can be customized in order to camouflage illegal activities. We give you an overview of operating system folder properties and show you how they can be personalized to hide them. You’ll learn how to format your investigatory devices and set up your investigatory folders so that you can keep track of each step of your investigation. We talk about encryption and explain the issues you need to consider when conducting on-scene triage.

The Internet

This block is all things Internet: connections, speed and bandwidth, types of service, and Internet Service Providers (ISP). You’ll learn about Internet Protocol (IP) addresses and networks, and see the role they play. We walk you through the steps of resolving an IP address and then show you how to serve legal process on the ISP in order to get the subscriber information and connection history you are looking for. You’ll see how to geolocate an IP address to place your suspect in a general geographic area. We show you how to investigate a website and give you resources for identifying a domain owner. We spend some time talking about social networking sites—Facebook and Myspace in particular—and give you tips on what types of information you can expect to find within these sites.

Tools for the Toolbox

With so much information just a click away, it’s often hard for an investigator to know where to start. We show you how to download some of our favorite Firefox Add-ons that will help in your investigations. You’ll see a demonstration of some add-ons that will speed up your investigations by increasing functionality. Many of these add-ons fall under the category of “You better hurry up and grab it now, because it might be gone later.” We introduce you to the SEARCH Investigative Toolbar, which is a collection of shortcuts that point to frequently used web resources. We also introduce you to the SEARCH ISP List, which is a collection of legal contact information and instructions you need in order to serve subpoenas, court orders, and search warrants to Internet service and other online content providers. You’ll see the types of information that can be gleaned from digital photos and learn the ins and outs of retrieving, viewing and mapping this exif data. We also show you tools for a) viewing graphics, b) playing/editing/recording audio and video files, and c) capturing a page.

Knowing how to use Google more effectively can save you time and make your investigations more successful. In this block we urge you to take the time to learn how Google works and then see how Boolean operators can help to narrow and refine your searches. We show you the ins and outs of advanced searching in Google and teach you how this can come in handy in social networking website investigations. You’ll also see how to set up your Google preferences so that you get the most information out of your searches. We talk about cookies. Lastly, we show you some Google apps that will help focus your search within a topical area.

Metadata

In this block we take a look at a few different kinds of metadata that can help in investigations. We first explore document metadata, and see how it can shed light by telling us something about a document’s creator, or the time and date the file was created, or the name of the computer used to create the document. We can also find out if the document contains any hidden text or cells. You’ll learn about the metadata that is embedded in digital pictures. Called exif data—short for exchangeable image file format—this data may include the make, model and serial number of the device taking the picture, plus the date, time and possibly, the GPS coordinates for when and where the picture was taken.

Email Tracing

Our exploration of email tracing begins with a look at email headers, which is the information needed to route an email from the sender to the recipient; it is created by the email server processing the message. The header is a record of the account and network that the message originated from and the servers that processed the message. Detailed header information is required to fully trace an email; we show you the steps you need to take to locate this information, which varies depending upon email client. We talk about the different types of protocol that help transmit messages on the Internet and show you how to identify the Message ID. Lastly, we discuss the limitations associated with email tracing.

Internet Relay Chat (IRC)

Email. Text messaging. Instant Messaging. These are all forms of communication services that you are likely familiar with. But what about chatting? While it has admittedly been pushed aside by some of the other more popular choices mentioned here, IRC still has its online niche that investigators need to be aware of. Chat rooms offer features that allow users to chat through private, one-on-one messages. Predators may use this to entice children into conversations about sex and offline meetings. We show you the mechanics of chatting and walk you through the steps to download, install, configure, and run mIRC, a Windows-based IRC client that will open doors to chat rooms for you.

Craigslist

This online marketplace offers free advertising for everything from used cars to new friends. Unfortunately many of the classified advertisements turn out to be fake, and are instead used by criminals to lure unsuspecting victims into their web. We explain Craigslist, and give you tips and tools on how to investigate criminal matters that arise from Craigslist encounters. We focus on where the main problem areas are within the site—those that facilitate activity that has the greatest potential for danger and abuse. You’ll see some tools that you should use to investigate crimes involving Craigslist, and we’ll cover the legal considerations and law enforcement resources for working with the site ISP.

Digital Officer Safety

When conducting online investigations, investigators must always ensure that they are not leaving themselves or their agencies open to discovery by others. Since IP tracking is prevalent on many websites, investigators need to be sure they are coming from an innocuous IP address in case they are traced. We walk you through the steps of digital officer safety as we talk about website tracking, phishing, safe login techniques, social network and cell phone profiles, and wireless network security.

Investigative Computers

There are two distinct categories here: one is a basic computer that you can use in undercover investigations. With this computer, you will trace IP addresses and domain names. You’ll also use it to capture images or videos online, or to scan a suspect network. With this computer you’ll set up your investigatory folders that will house case evidence and allow you to keep track of the steps taken in the investigation. The other computer you’ll need is one for running forensics so that you can image and recover suspect material. We give you pointers on the particulars of each computer and walk you through some of the pitfalls to avoid when working with a suspect’s device.