Cyber Crime Scenes

User Generated


Business Finance


Cyber Crime Scenes

A small-town police department has realized that cyber crime can now happen anywhere. They have hired you to produce a guide that they can use to train their first responders and detectives. You will provide a Microsoft Word document of 6-8 pages that addresses the following points:

  • Outline the roles of the first responder and detectives at the scene of a crime where computer-based evidence may be present.
  • Describe the similarities and differences between the scene of a cyber crime arrest and that of a typical street crime. For example, compare how evidence is detected, documented, and examined.
  • Provide a list of basics do's and don'ts, assuming that the officers consulting your guide may not be experts in computers. How should a suspect computer be handled at the scene, for instance? What other types of digital evidence might be important, besides a computer?
  • Discuss the importance of chain of custody and show how faulty chain of custody can affect an investigation.
  • Explain the conditions that would require the detectives to obtain a warrant before proceeding further.

Throughout the guide, be sure to utilize proper terminology.

Unformatted Attachment Preview

Week 5 Notes Examining E-mail Since cyber crime involves the use of the internet, investigations into cyber crime will usually involve an examination of the suspect's internet activity and communications. In 1986, Congress passed the Electronic Communications Privacy Act (ECPA) to facilitate the cooperation of ISPs with law enforcement's need for information related to criminal activity. The ECPA created privacy protection for electronic communications and delineated the process necessary for obtaining different types of information. The government (law enforcement) can obtain certain information such as email addresses and website traffic with just a subpoena. However, to obtain the content of electronic communications, investigators may need a court order or a search warrant. A warrant is required in order to intercept an e-mail in transit, or to seize an e-mail stored on a suspect's home computer. The law restricts this practice to cases involving certain specific felonies. Additionally, a warrant is required to open an e-mail stored on the ISP's server, if it has not yet been opened. The ECPA limited this requirement to 180 days, meaning that after 180 days have elapsed, law enforcement may obtain the content of an unopened e-mail from the ISP with only a subpoena. That 180-day provision may be modified. In 2016, the House of Representatives voted overwhelmingly to remove the 180-day limit and require the use of a warrant to obtain an unopened e-mail from an ISP, regardless of the message's age. It should be noted that courts have treated unsecured wireless networks differently. Email and other transactions taking place over a secured Internet connection bring with them a certain expectation of privacy. Communications voluntarily shared over an unsecured wireless system do not carry that same expectation of privacy, which means that law enforcement has fewer restrictions when it comes to accessing data shared in this fashion. See more about the ECPA here : Securing Suspect Data Modern audio and video recording equipment use digital files, which are frequently stored in magnetic media such as memory sticks. When audio and video media are seized as evidence at a crime scene, they need to be protected from electrical and magnetic fields and should be shielded from extreme temperatures. The purpose of the examination process is to extract and analyze digital evidence. Extraction refers to the recovery of data from its media. Analysis refers to the interpretation of the recovered data and putting it in a logical and useful format. Whenever a computer is powered on, the operating system creates and alters files stored on the device during the boot process. This process may compromise existing evidence. To prevent this, investigators utilize specialized software to prevent the system from going through the boot process and altering files. Examination is best conducted on a copy of the original evidence. Forensics investigators may be looking for clues that help prosecutors build a case, such as a travel receipt that suggests the suspect was in the vicinity of a crime scene. They may also be searching for digital files that by themselves are illegal to possess, such as classified government documents or child pornography. When such a file is discovered, it is important that the investigator carefully gathers evidence that shows "knowledgeable possession." In other words, prosecutors will need to prove that the suspect intentionally acquired the illegal files. Computers connected to the Internet receive files without the user's consent throughout every session. Files such as tracking cookies, unsolicited e-mails (sometimes with attachments), and notifications from Facebook arrive on users' computers without the users' active participation. In order to achieve a conviction, prosecutors need to demonstrate evidence that the suspect actively and intentionally acquired the digital contraband. Searching a Hard Drive A search of a computer's hard drive can be accomplished through a number of different manual and automated processes. A manual review can be enhanced, if the software you are using to review data allows you to search for a string of characters. If it does, you can search for file names or file name extensions that are typically associated with the types of files you want to find. Another type of search is a string search where specific sequence of characters is used. There are automated search tools which can systematically review files contained on a stand-alone PC or network system. Many search tools will allow you to search by date of publication, publication type, location of the search, type of media, or search fields such as title, author, subject heading, and so on. Your personal computer's operating system includes a basic search tool that allows you to search your own hard drive for files or programs. Many times, the information you are searching for may not be obvious and may actually be embedded or hidden within other documents, images, or tables. The term "steganography" literally means "covered writing." This term applies to a wide range of techniques for passing a message from sender to recipient, hidden in plain sight. It is even possible to embed strings of text within the data that comprise digital photos. Forensic investigators should also identify for the record all of the specific software tools used in the extraction and analysis of data. Keep in mind that a great length of time may elapse between the collection of devices and the actual trial so careful documentation is essential. In this regard, there is no difference between digital data and physical evidence such as a blood stain or bullet casing.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer




Student name
Course code
Course name
Institutional Affiliation



Cyber-crime is any criminal or illegal activity instigated by the use of computers or the
internet. These crimes range from hate crimes, cyber terrorism, identity theft, child pornography
or illegal trading of black market goods. Such crimes are committed with the computer as the
object of crime and can be done through many means such as phishing, spamming and hacking.
Hacking is the most common method used by hackers to obtain information illegally or commit
crimes. However, there are other many ways in which a computer system or the internet can be
used to conduct illegal activities. In this paper, we are going to explore safe means to handle
computer crime scenes and evidence collected at the scenes. We are also going to
comprehensively discuss what entails a cyber-crime scene and how first responders and
detectives should handle them.
A cyber-crime scene is a physical location where a cyber-crime is suspected to have been
committed (Shinder, 2008). Forensic evidence relating to the crime can be gathered at the crime
scenes. Evidence gathered is used to understand how the crime was committed and possibly
determine the perpetrator upon completion of an investigation. Securing of a crime scene and
collection of evidence is usually the task of a first responder. A first responder is a person who
arrives first at the crime scene. The first responder is very crucial to securing and maintaining the
original crime scene. Usually, the first responder hast the required skill and expertise to deal with
the incident. First responders to a cyber-crime scene include security personnel, IT staff
members, an officer or incident response team.



The first responder to a cyber-crime scene has the following roles:
✓ Securing the scene of the crime.
✓ Assessment of available resources.
✓ Determining the scope and magnitude of the crime scene.
✓ Preserving all the evidence including ones not visible, e.g. forensic evidence by not
allowing anything or anyone to tamper with the crime scene.
✓ Assist in collecting computer forensic evidence.
The most critical role of the first responder is to secure the crime scene until detectives arrive
at the scene (Yar, 2019). This is very critical to...

Great! Studypool always delivers quality work.


Related Tags