As discussed in our last publication, every form of criminal’s act has a technology aspect in it. Investigators and prosecutors struggle to find enough evidence for cybercrime prosecution. Besides multiple jurisdictional challenge in cybercrime investigations (as published earlier), expertise, technology, and investigation workflow present several challenges to cybercrime investigation and prosecution. This paper discusses cybercrime investigations challenges caused by time, technology expertise, equipment, and investigation workflow. The paper also proposes solutions to the challenges discussed.
Investment of Time: Investigating cybercrime brings unique challenges which are not encountered in most traditional crime investigations. While traditional crime investigation does not require prior investments of time, yet can lead to the arrest of the criminal, cybercrime investigations require an investment of time, but may result in no arrests. The estimated time for atypical cybercrime is several months and years depending on the nature of crime committed.
Working with Victims: The investigation of cybercrimes involves working with victims during the investigation process. During investigations,law enforcement agents (investigators) work with owners or custodians of the attacked system to get a deeper understanding of the incident. When an organization is attacked, investigators rely on the individuals in the organization to get a detailed information about the crime. Most victims would not want to get involved in cybercrime investigations for fear of further attacks.
Investigation Workflow: The traditional crime prosecution occurs horizontally while cybercrime investigation and prosecution are a mixture of horizontal and vertical processes-depending on availability of expertise and technology for investigation. For example, in traditional crime investigations and prosecution, various offices of lawyers handle various tasks sequentially until the case is passed unto the one responsible for trials and sentencing proceedings. Cybercrime investigation and prosecution, due to the specialized nature of cybercrime investigations is not always handled sequentially.
Low Technology and Expertise: The technical nature of cybercrime makes this approach nearly impossible. Due to the technical nature of cybercrime, only the prosecutors who can handle cybercrime are involved.Moreover, cybercrime can be automated in a way that a traditional crime cannot.As a result, law enforcement agencies are forced to prioritize and investigate the most serious crimes. The low-level skillset of computers among law enforcement employees and prosecutors is one of the technology challenges law enforcement agents face in investigation and prosecution of cybercriminals.
Digital Forensics Equipment: Cybercrime investigation and prosecution also require several equipment which most law enforcement offices are lacking. Digital forensics tools and accessories, computer laboratories, recording devices, and storage materials are some of the equipment law enforcement agencies need to carry out investigative activities, but very few law enforcement centres are equipped with these technologies.
Cybercrime Expertise: Finding cybercrime experts to conduct cybercrime investigations and prosecution require investment of time and money.Most digital forensics experts are hired to work as full-time employees, but hiring managers tend to lose them because management do not meet their needs, including training and equipment needs.
The Way Forward
Cybercrime Human Resource Development: Developing human resource for cybercrime investigation among law enforcement agencies is very important.Since it is difficult to recruit cybercrime experts, it is important that government develops cybercrime expertise in some of the existing law enforcement officers. Since not every law enforcement officer can develop the needed skill set for cybercrime investigation, it is important government select only those who are fit for cybercrime investigations. It is waste of resources to train every police officer for cybercrime investigation. One tool that helps in selecting who is fit for cybercrime professional development is survey. Survey enables management to identify investigators and prosecutors who have interest in conducting cybercrime investigation and prosecution.
One-on-one meetings must be held with people who have basic skills of cybercrime investigation for career guidance and motivation. Individuals selected for cybercrime investigations and prosecution is then taken through at least basic cybercrime investigation training. Those with a great interest must be sponsored to train in advanced cybercrime courses.
Establishment of Cybercrime Units: Law enforcement offices must set up cybercrime units in major regions with the aim and responsibility of handling cybercrime investigations and prosecution responsibilities at regional levels.Management must ensure that the staff assigned to the investigation of cybercrime and those who support the investigators receive training and development. An ongoing in-service training for the team is very critical. Investigators must continue training and professional development in the subject to keep abreast with the most current trend of cybercrime and investigations.
Acquisition Investigative Equipment: Investigative equipment which are readily accessible and are easy to use are needed to run cybercrime units. For efficient investigations, law enforcement offices must be equipped with investigative equipment. Equipment needed for cybercrime investigations are computer hardware, computer accessories, and accessories for digital forensic and forensic software. The law enforcement cybercrime units can request for assistance from private companies and philanthropists or other government agencies. The unit must reach out to forensics software vendors for free software acquisition and support
The Use of Private Security Investigators: When a crime is complex and requires advanced expertise and services,government and the affected organizations and individuals rely on the expertise of private cybercrime investigators like Advancedevidence.com to meet the needs of cybercrime investigations.
Author: Samuel Owusu – Cybersecurity Specialist (Advanced Evidence Discovery Ltd and Institute of Cybersecurity, Ghana). Member, Institute of ICT Professionals Ghana.