High-Tech Crime Investigative Resources

High-tech crime investigators at all levels can benefit from tools and resources that provide targeted information, strategies and tips. The stakes are high—online fraud, Internet bullying, child exploitation, identity theft, and more—with nearly every crime today leaving a digital footprint. Collected here is a range of SEARCH resources developed for high-tech crime investigators.

While most investigators today have a working knowledge of the Internet, they may not be aware of the many free tools available that can take that basic knowledge and turn it into something more robust. While these tools help to streamline and enhance investigations, they are not considered too high-tech or advanced for the basic investigator to master.  These podcasts offer the knowledge and insight of practitioners in conducting the three main components of an online investigation: people searching, information searching, and capturing/saving data.

See our Podcasts page for detailed descriptions of each podcast and the participants, as well as links to resources offered by the practitioners we interviewed.

Check out our online ISP List, which provides legal contact information for more than 700 Internet Service Providers, for service of subpoenas, court orders, and search warrants.

Use our handy online form to request one or more of these documents, offered by ISPs as a service to law enforcement investigators:

  • Amazon LE Guide
  • Apple LE Guide
  • Barnes and Noble Law Enforcement Media Request Form
  • Bittrex LE Guide
  • Blink LE Guide
  • Chatstep LE Guide
  • Citizen App
  • Coinbase LE Guide
  • Comcast Cable/Xfinity Law Enforcement Handbook
  • Couchsurfing LE Guide
  • Discord LE Guide
  • Dropbox LE Guide
  • Ebay Responding to Law Enforcement Record Requests
  • Experience Project Law Enforcement Guidelines
  • FitBit Law Enforcement Guidelines
  • Formspring LE Guide
  • Formspring Legal Process Policies
  • Green Dot Bank LE Guide
  • hi5 Official LE Guide
  • Hornet app LE Guide
  • Inteliquent LE Guide
  • KIK LE Guide
  • Kraken LE Guide
  • LinkedIn LE Guide
  • LiveMe LE Guide
  • MeetMe Law Enforcement Compliance Guide
  • Mega.nz Compliance Process
  • Megapersonals LE Guide
  • Microsoft Guidelines for US Law Enforcement
  • MocoSpace LE Guide
  • myYearbook Law Enforcement Guidelines
  • Omegle LE Guide
  • Onstar LE Guide
  • PayPal Safety Hub LE Guide
  • Photobucket LE Guide
  • Pinger LE Contact Info
  • Ring LE Guide
  • Skout LE Guide
  • Skype International Guidelines for LEA
  • Snapchat LE Guide
  • Sonic.net Legal Process Policy
  • Sony (PlayStation) – Sony Interactive Entertainment LLC
  • Stickam LE Guide
  • Tagged Official LE Guide
  • TeenSpot.com Law Enforcement Handbook
  • TextNow LE Guide – U.S.A
  • Tiktok LE Guide
  • TracFone Wireless, Inc.
  • Tumblr LE Guide
  • Twitter LE Guide
  • Uber US Law Enforcement Guide and Primer
  • USAA Federal Saving Bank 211025
  • Verizon Law Enforcement Legal Compliance Guide
  • Whisper LE Guide
  • Wickr LE Guide
  • Windstream Communications, Inc LE Guide
  • Winn-Dixie LE Guide
  • Wyze Labs LE Guide
  • Yahoo! Compliance Guide for Law Enforcement
  • Yolo App LE Guide
  • Yubo

The SEARCH Investigative Toolbar is an aid for investigators who conduct online, cellular telephone, or wireless network investigations. Once installed, it becomes a readily available desktop resource that contains some of the most frequently used and up-to-date online investigative links for law enforcement.  Learn more about the Toolbar  

Note: Users must download the Toolbar Installation Guide, which provides download and installation instructions for the Toolbar itself. We strongly advise all users to follow these instructions carefully.

Computer Forensics

  Learn Understand Increase Awareness

Digital Media Data Structure1

Within a physical digital media device—such as a hard drive, thumb drive, or memory card—lie the physical and logical structures that organize the data storage for documents, pictures, music, videos, and more. How data is stored in sectors, which allows information to be easily separated and identified. Other topics: file system; digital media storage capacity; partitions. View metadata within the file system; be better prepared for incident scenes where digital evidence might be present.

Duplicate Imaging1

Duplicate imaging is the process of creating an exact copy of digital evidence. The goal is to preserve the integrity of the original digital evidence. How write protection is needed to preserve the integrity of the evidence. Other topics: hashing algorithms; the process of duplicate imaging; types of duplicate images, including physical, logical, and file copy. Creating a duplicate image is like taking a snapshot of a computer, exactly as it was found.

Windows Registry1

The Windows Registry is a database in the Windows Operating System. It contains important information about system hardware, installed programs and settings, and profiles of each of the user accounts on the computer. Topics: Registry items, backups, viewers, hives, keys, values; encoding. Investigators, forensic examiners, and prosecutors each have their own digital evidence requirements, but the common bond starts with the Windows Registry.


Social Media

  Learn Understand Increase Awareness

Using Hashtags in Investigations2

Hashtags are a type of label used in social media to group information, and investigators can find public information by using them in their online searches. How the syntax of hashtags works. Through site-specific examples, investigators see how they can use hashtags to find information on Twitter, Instagram, and Facebook.

Searching Instagram Using Iconosquare2

Instagram is the online mobile photo-sharing, video-sharing and social networking service that enables users to share pictures and videos. How Instagram works; what types of information can be found on Instagram; the elements of an Instagram profile. A free app called Iconosquare can be used to search Instagram without having an Instagram user account.


Digital Evidence in the Courtroom

Hot Topics: Authenticating Text Messages1

Case law continues to evolve regarding getting text messages admitted into court.There are two approaches: The liberal approach requires that the suspect must be the account holder or assigned to the phone number and found to be in possession of the phone. The restrictive approach requires direct or circumstantial evidence that the text message was sent by the defendant.Case law examples and citations that prosecutors can use under various conditions for getting text messages admitted as evidence in court.

  Learn Understand Increase Awareness

Direct Examination of a Forensic Examiner, Part 1: Introduction1

Pros, cons, and guidelines for calling a computer forensic examiner to court as either a non-expert witness or an expert witness, and the boundaries under which each type of witness can testify. How prosecutors often use the forensic examiner as an expert witness to educate the judge and the jury on technology. Resources and case law that support the role of a computer forensic examiner as an expert witness.

Direct Examination of a Forensic Examiner, Part 2: Laying Foundation1

The process of working with a computer forensic examiner before trial in order to establish that this person has the knowledge, education, training, and experience to be called as a computer forensic expert witness in court. The 3 A’s: Acquisition, Authentication, Analysis Resources to narrow the focus of a computer forensic examiner’s background in order to establish their credibility.

Direct Examination of a Forensic Examiner, Part 3: Court Presentation1

The traditional versus significant evidence approach in deciding how to present evidence to the jury. Digital evidence collection; lab protocols/digital evidence handling protocols; transitioning into your case using the 3 A’s; using demonstrative exhibits to highlight testimony; meeting defenses; limitations of your forensic examiner. The types of questions that generally arise when digital evidence is brought out in court.

Cross-Examining a Defense Computer Forensic Examiner, Part 1: Information Gathering1

Pre-trial information gathering begins with a complete review of the case, followed by a review of the defense pleadings, and then learning as much as you can about the defense expert witness. The importance of knowing the complete background of a defense expert witness. This information will allow the prosecution to better anticipate, and be prepared to respond to, the defense in court. Specific tools and tips that investigators can use to learn about the defense expert witness.

Cross-Examining a Defense Computer Forensic Examiner, Part 2: Developing a Cross-Examination1

The purpose of cross-examination; areas to potentially conduct cross-examination of a defense computer forensic examiner. Potential topics for cross-examination; concessions, and how to evoke them from the examiner; how to review a defense expert’s credentials to determine they have the ability to give an opinion. How to dissect a defense expert witness’s report; how to cross-examine a virus defense.

Cross-Examining a Defense Computer Forensic Examiner, Part 3: Court Presentation1

Different types of cross-examination techniques. How to shape questions and arrange topics in order to achieve the desired results. Tools to help reach conviction, including knowing how to phrase questions for the defense expert witness and use demonstrative exhibits to help steer the cross-examination in a particular direction.

Hot Topics: Authenticating Social Media1

What it means to authenticate a piece of digital evidence. Current case law is breaking along two lines in terms of describing what is necessary to authenticate information from cyber space. Authentication is a low burden. Whether a judge or jury wants to say that something is in fact coming from a defendant is a question of weight, not authenticity. There is a distinction between responsibility and weight. Sometimes the defense tries to tie the two together, but they should remain separate. The Maryland-Massachusetts approach has a more narrow view of proper foundation. Texas cases allow for a more broad approach to what the court may rely upon.



  Learn Understand Increase Awareness

Digital Crimes: Expectations Versus Reality1

Artistic license taken by Hollywood often gives the public a false impression of how things truly work. This certainly applies to the overabundance of police shows where law enforcement roles and responsibilities are often exaggerated and the lines are blurred. Advancing technologies have changed the way we look at crimes, particularly digital evidence. Prosecutors and defense attorneys today must adjust their presentations to account for unrealistic jury expectations.

Protecting Yourself in a Tech World: Basic Digital Officer Safety Concerns2

The steps investigators need to take to ensure they are using an Internet Protocol (IP) address that can’t be traced back to their agency or home. How IP addressing works, and how IP addresses can be tracked; website tracking; wi-fi connections; device name settings; Bluetooth sniffing. Ways investigators can avoid exposing themselves or their agencies to harm while conducting online investigations.

Digital Investigations: IP Address Cases1

Internet Protocol addresses are unique numbers that help us connect to the Internet. Each device is assigned an IP address—and this addressing system is how the packets of information are delivered to the intended location or recipient across the Internet or network. Topics: Types of IP addresses; where they come from in a case; IP tracing; Using the SEARCH ISP List for sending legal requests; ECPA and its Stored Communications Act. IP addresses are transitioning from version 4 to version 6. IPv4 and IPv6 addresses are structured differently and investigators should know both protocols and know how to proceed with an investigation and legal process.


1This project was supported by Cooperative Agreement #2010-BE-BX-K022 by the U.S. Department of Justice, Office of Justice Programs, Bureau of Justice Assistance. Points of view or opinions expressed in this presentation are those of the author, and do not necessarily represent the official position or policies of the U.S. Department of Justice.

2This project was supported by Cooperative Agreement #2009-BE-BX-K030 by the U.S. Department of Justice, Office of Justice Programs, Bureau of Justice Assistance. Points of view or opinions expressed in this presentation are those of the author, and do not necessarily represent the official position or policies of the U.S. Department of Justice.

Quick Access ISP Information

These are law enforcement-sensitive documents, and their distribution is limited to law enforcement investigators. Please fill out the following information to request any of these documents. We will contact you soon regarding your request.

High-Tech Crime Publications

These are law enforcement-sensitive documents, and their distribution is limited to law enforcement investigators. Please fill out the following information to request a copy of any of these documents. We will contact you soon regarding your request.

Karen Lissy

Ms. Karen Lissy is a Justice Information Services Specialist for the Law and Policy Program of SEARCH, The National Consortium for Justice Information and Statistics. In this position, she provides assistance to state and local justice and public safety agencies to collect, curate, and use National Incident-Based Reporting System (NIBRS) data and computerized criminal history record (CCH/CHRI) information for policy analysis and development.

She also guides justice and related organizations in how to craft and implement laws, policies, practices, and technology applications to effectively collect and use CCH and related justice/public safety data; address legal, policy, and regulatory issues associated with CCH data; better manage and operate criminal justice information and identification systems; and develop security and privacy policies that protect justice information sharing systems.

Ms. Lissy has nearly two decades of research and data analysis experience, having led projects and tasks in support of two agencies within the U.S. Department of Justice’s Office of Justice Programs (the Bureau of Justice Statistics and National Institute of Justice), as well as the Centers of Disease Control and Prevention, and multiple foundations, including Ford, Annie E. Casey, and Hewlett. Prior to joining SEARCH in October 2020, Ms. Lissy served as a Social Science Researcher at RTI International, as a regional Crime Analyst for the Redmond (WA) Police Department, and as Director of a research program with the Harvard Center for Risk Analysis. Beginning in 2012, Ms. Lissy’s work has focused on improving data in law enforcement to answer policy questions and improve community/police relations.

Ms. Lissy earned a Bachelor’s degree in Public Policy from Duke University, and a Master’s in Public Health from the University of North Carolina at Chapel Hill.

Michael Mackay

Mr. Michael Mackay is an Information Sharing Developer for SEARCH, The National Consortium for Justice Information and Statistics. As part of the Software and Data Engineering Program (SDEP) team, he plans, develops, implements, and deploys information sharing systems on behalf of SEARCH clients in local, state, tribal, and Federal government settings. He also provides programming, configuration, and testing assistance, and consults on implementation architecture and design with clients. 

Mr. Mackay supports justice, public safety, and homeland security information sharing nationwide through SDEP services that include software architecture and systems design, application development, deployment and support, data management services, and direct technical assistance and training. These services offer capabilities that include federated query, authentication access/control, subscription/notification, process/workflow automation, data analysis, and more. 

Prior to joining SEARCH in 2021, Mr. Mackay worked as a Software Engineering Intern for TDM Business Toole Suite, where he provided software development support using Java frameworks, implemented relational database models using MySQL, and designed GUI components using NetBeans. 

Mr. Mackay will work in an Agile development environment, a methodology that SEARCH embraces that focuses on incremental development and delivery, collaboration in a team approach, and rapid and flexible response to change throughout the development cycle. 

Mr. Mackay earned a bachelor’s degree in Computer Science and Applied Mathematics and Statistics from Stony Brook University, New York.