It's Evident


Cyber Forensics: Part II
Susan Zucker, Ph.D., Director Technology & Distance Education


Cyberspace is the newest locus of criminal activity (Yar, 2005) and it is the location where cyber forensic investigations take place. Cyber activity has become a significant portion of everyday life.

The surge in virtual reality environments and computer mediated communications via web pages, online documents, email, news group archives, archived files, and chat rooms have introduced new forms of deviance, crime, and social control (McKenzie, 1996). Thus, the scope of criminal investigation has also been broadened (Casey, 2002).

The magnitude of the situation is exemplified by the following facts:
  • A microcomputer can have 60-GB or more storage capacity.
  • There are more than 2.2 billion messages sent and received in the U.S. per day.
  • There are more than 3 billion indexed web pages worldwide.
  • There are more than 550 billion documents online. (Marcella, et. al., 2002)
E-Commerce has become a new business model and 85% of business and government agencies detected security breaches. More and more facilities are directly controlled by computers. In the early 1990s, the threats to information systems were about 80% internal and 20% external but with the integration of telecommunications and personal computers into the internet, the threats seem to be approaching an equal split (Kovacich & Boni, 2000).

As society has become more and more dependent on computer and computer networks, computers and networks have become targets of crime activities. These include theft, vandalism, espionage, and even cyber war.

Vocabulary - cyberspace crimes

Cyber war or information warfare is the offensive and defensive use of information and information systems to deny, exploit, corrupt, or destroy, an adversary's information, information-based processes, information systems, and computer-based networks while protecting one's own. Such actions are designed to achieve advantages over military or business adversaries.

Cyber criminology is a new discipline that explains and analyzes crimes on the internet. It describes the interface between Computer Science, Internet Science and Criminology. Cyber criminology is defined as "the study of causation of crimes that occur in the cyberspace and its impact in the physical space” (Jaishankar, 2007).

This term really took hold and in January, 2007, a new journal, titled International Journal of Cyber Criminology (IJCC), was launched. The new journal publishes full-length articles of high quality and importance to cyber criminologists. The scope of the journal encompasses empirical and theoretical aspects of cybercrime, cyber criminal behavior, cyber victims, cyber laws and cyber investigations. The scope of the journal covers areas relevant to Internet Science, Computer Science and Criminology. The IJCC will develop and disseminate the knowledge of cyber crimes worldwide.

Online Fraud: Phishing and Pharming

The explosive growth of online fraud has made "phishing", and to a lesser extent "pharming" part of nearly every Internet user's vocabulary during 2005. Phishing and pharming are two popular forms of fraud that aim to dupe victims into believing they are at a trusted website such as their bank, when in fact they have been enticed to a bogus site that intends to steal their identity and drain their financial resources.

Crimeware: Bots, Trojans, & Spyware

While spyware has occupied center stage of late, it is but one of the tools behind today's rash of cybercrime. Deceptive Trojan horses, multi-purpose bots, and spyware programs form the crimeware arsenal of today's hackers and are regularly bought and traded on the black market. The price tag of crimeware is often based on their ability to steal sensitive data such as bank and credit cards while remaining undetected by the victim.

Computer forensics applies scientifically proven methods to gather, process, interpret, and use digital evidence to provide a conclusive description of cyber crime activities.

Cyber forensics consists of computer forensics and network forensics. Computer forensic science is the discipline of acquiring, preserving, retrieving, analyzing, reconstructing, and presenting data that has been processed electronically and stored on computer media including networks. This discipline relates to investigations by law enforcement agencies for use in a court of law. The methods used must be technologically robust to ensure that all probative information is recovered, that original evidence is unaltered, and that no data were added to or deleted from the original collection. Computer forensic science is an extremely hot topic and is widely used among all industries. It will continue to play a large role in society as computer technology continues to emerge. Cyber forensics includes making digital data suitable for inclusion in a criminal investigation (Webopedia).

The segregation of cyber forensics and cyber criminology is a new direction for criminology. The difference between cyber criminology and cyber forensics is that cyber criminology deals with the cause of cyber crimes. It was first coined and defined in 2007 by Dr. K. Jaishankar, the Editor-in-Chief of International Journal of Cyber Criminology, Manonmaniam Sundaranar University, India, while cyber forensics deals exclusively with the investigation of cyber crimes.

Reporting Computer, Internet-Related, or Intellectual Property Crime

Like other crimes, Internet-related crime should be reported to law enforcement investigative authorities at the local, state, federal, or international levels, depending on the scope of the crime. Federal crimes should be reported to local offices of federal law enforcement.

The United States Department of Justice has two separate divisions to deal with computer crime reporting and intellectual property crime reporting. Primary law enforcement agencies that investigate domestic crime on the Internet include: the IC3, the Internet Crime Complaint Center, a division of the Federal Bureau of Investigation (FBI), The United States Secret Service, The United States Immigration and Customs Enforcement (ICE), The United States Postal Inspection Service, and The Bureau of Alcohol, Tobacco and Firearms (ATF).

Each law enforcement agency has a headquarters in Washington, D.C. and each has agents who specialize in particular areas. Each agency also has local offices in all states where crimes may be reported. Contact information for local offices is in local telephone directories. Generally, federal crimes may be reported to an appropriate law enforcement agency’s local offices by placing a phone call and requesting the "Duty Complaint Agent."

The FBI's cyber mission is four-fold: (1) to stop those behind the most serious computer intrusions and the spread of malicious code; (2) to identify and thwart online sexual predators who use the Internet to meet and exploit children and to produce, possess, or share child pornography; (3) to counteract operations that target U.S. intellectual property, endangering our national security and competitiveness; and (4) to dismantle national and transnational organized criminal enterprises engaging in Internet fraud. (FBI at:

The Department of Justice and the FBI lead the nation in investigating and prosecuting cybercrime. A table created to guide residents on where to report cybercrime can be found at: Computer Crime & Intellectual Property Section United States Department of Justice (



Bickers C. (2001). ”Cyberwar: Combat on the Web”, Far Eastern Economic Review.
Casey E. (2000). Digital Evidence and Computer Crime: Forensic Science, Computer and the Internet, Academic Press.
Casey E. (2002). Handbook of Computer Crime Investigation, Academic Press.
Federal Bureau of Investigation, (Last viewed on January 19, 2008).
Kovacich, G.L. & Boni, W.C. (2000). High-Technology Crime Investigator’s Handbook, Butterworth Heinemann.
Lane C. (1997). Naked in Cyberspace: How to find Personal Information Online, Wilton, CT: Press.
Marcella, A.J. & Greenfield, R.S., (2002). Cyber Forensics, Auerbach Publications. Rivest, R. (1992) “Request for comments : 1321 (The MD5 Message-Digest Algorithm)”, MIT Lab. for computer science and RSA data security, Inc.
What is Crimeware? at: (Last viewed on January 19, 2008).
United States Department of Justice Computer Crime & Intellectual Property Section at: (Last viewed on January 19, 2008).
United States Department of Justice - Computer Crime & Intellectual Property Section: (Last viewed on January 19, 2008).
Webopedia at: (Last viewed on January 19, 2008).
Yar M. (2006). Cybercrime and Society, Sage Publications, Thousand Oaks, CA.