What is cybercrime investigation and what are the major types of cybercrime investigation?
Cybercrime investigation is the process of probing digital or electronic evidence to uncover crime committed in a cyberspace. Unlike the traditional crime, cybercrime is a crime that involves the application of a computer, phone and any other electronic device connected to network systems. Moreover, the computer systems can serve either as a source to launch the cyberattacks or they can be a victim or target of cybercrime orchestrated through other malicious computer systems at the other end of the spectrum.
Cybercrime investigation is the process of collecting, instigating, analyzing and recovering digital forensics data from the computer and network systems involved in the cyberattack. These computer and network systems might be the Internet, wide area networks (WAN), local area networks (LAN), virtual private network (VPN), servers room and computer labs to mention a few. These areas of computing shall be investigated to identify potential authors of the cybercrime and find out the intentions and motives behind the cyberattacks. That is where the notion of cybercrime investigation comes to play its role in uncovering cyberattacks that may be conducted by different threat actors.
In order to investigate cybercrimes the personnel involved in the investigation should have solid understanding about software, disks and storage, files systems, databases, network systems, operating systems, laws, regulations, standards and cybersecurity. Moreover, cybercrime investigations require the involvement of qualified digital forensics professionals, law enforcement officers, security analysts and cybersecurity experts depending on the nature of the crime.
Cybersecurity realms and legal domains should work in collaboration to deal with cybercrimes. Without the involvement of these parties, it is impossible to identify and punish the cybercrime perpetrators.
Cybercrime investigations types may fall into one or more of the following categories:
- Administrative investigation: refers to investigations conducted within an organization via internal staff members. The organization may perform administrative investigations internally through the participation of different functional departments such HR, legal and security. These types of investigations are mainly performed when the issue involves violation of organizational policies and standards.
- Criminal investigation: These types of investigations involves prosecution under jurisdictional and criminal laws. It is conducted under the involvement of law enforcement agencies of local, state, federal or international establishments
- Civil investigation: Civil investigations handles relationships and collaborations between private businesses and entities such contractual disagreements and other disputes
- Regulatory investigations: an investigation conducted to determine whether an organization complies with regulatory and legal requirements or not
- Industry standards: these types of investigations may be subject to the industry in which the organization operates such as PCI DSS for financial sector, HIPPA for health sectors, and so on based investigations.
Cybercrime investigations may include one or more of the following techniques
- Information gathering
- Background checks
- Criminals identification and tracking their actions
- Digital forensics techniques
- Chain of custody
- Evidence preservation techniques
- Investigation techniques