Home - present - This is how cybercrime is investigated: the CSI of digital crime

This is how cybercrime is investigated: the CSI of digital crime

When a digital crime is committed, following the clues to reach the criminal is not an easy task. It is necessary the intervention of computer experts, who are those who carry out the investigation. CSIs of digital crime are specialized to follow the trail that all illegal computer manipulation leaves in their path.

This trail is based on the Locard Exchange principle, which states that all digital contact leaves a trace. From a simple WhatsApp conversation to a case of cyberbullying or a corporate hack, everything leaves a trace in the computer networks that an expert can follow to identify the criminal or cybercriminal and the damage that has occurred in the user's system.


This task of monitoring and research is complex and also requires strategy. Carlos Aldama, computer engineer at Aldama Informática Legal, explains that "sometimes it is necessary to" allow "the attacker to continue committing crimes in order to collect more data. honey pots (honey pots) with which the attacker is 'distracted' thinking he is assaulting the target and allows us to collect their data. "

8 steps to investigate digital crimes

In the process of investigating digital crimes, computer experts usually follow the following steps:

1. Identification of the crime: It allows knowing the medium in which digital crime is being carried out to create the strategy and the steps to follow. A manipulation of WhatsApp or any other social network to include phrases or conversations is not the same as an industrial espionage or the hacking of a server of a company, although all these forms constitute a crime.


2. Reduce the crime scene: the larger the research scenario, the less effective it will be. By delimiting the field, the experts are able to better identify the evidence of the trail to find the cybercriminal.

3. Save the evidence: It is essential to collect all the necessary information through the device from which the crime was committed to show the consequences. To do so, computer experts use different means. The list of technologies is long, we highlight:

- Forensic cloning to collect and clone hard drives
- Write blockers, so as not to modify the analyzed discs
- Mobile forensic analysis devices
- Faraday cages, to avoid remote access and delete data

4. Custody of the evidence: to achieve and guarantee a "non-manipulation of data". the effective custody is performed before a Notary or through acts with witnesses in which the evidence Hash is calculated. It also requires great meticulousness in the registration, labeling and transfer to a safe place. All tests must maintain their digital format so that they can be verified and checked.


The importance of this step is fundamental, since as Aldama states, "if it is not done correctly, many things can happen to us: for example, that a cell phone we are examining has a remote control software and we erase the test or that the data fall into the hands of a third party that can manipulate them, whenever possible, the evidence collection should be certified in a technical manner, indicating the time stamp that allows guarantees of all actions. "

5. Analyze the evidence: a reconstruction of the crime must be carried out, analyzing the data to answer the questions of the investigation. It is usual to work on cloned machines to do the forensic tests that are required, investigating all the data eliminated and making a thorough examination of each evidence according to the object of the computer science.

When a theft has occurred, data extraction is first performed through external devices, by network or internet. Secondly, the authorship of the data leakage is analyzed, always identifying where possible the final responsible for the destination and then checking the navigation carried out with 'blind' searches that, as a result of positive terms (search objectives) and negative (words that can threaten communications, privacy ...), can take us directly to the focus of the investigation.

6. Documentation and results: It is very important to document all the research in a report and do it well, because otherwise, it is not valid. These reports should be understandable to non-experts. The investigation process of the digital crime carried out must be collected step by step so that the opposing party can reach the same conclusions following the same steps.

7. Ratification in court and defense of the report: In the judicial process, computer experts must present all the information gathered in their investigation. The exposition of his research work should be understandable to non-experts in the field. This is based on efficiency in the judicial process.

Marisol Nuevo Espín
Advice: Carlos Aldama. Computer Engineer of Aldama Computer Legal

Video: CSI: - Behind the Scenes: 'Kitty'


Interesting Articles

Travel to Indonesia as a family, do you dare?

Travel to Indonesia as a family, do you dare?

Indonesia It's an amazing country, to feel like a child again ... and to travel with children. This country, spread over thousands of islands, hides as many surprises and adventures as natural...

High capacities: the pending subject in education

High capacities: the pending subject in education

In recent years, research into certain behavioral disorders such as ADHD has deepened. However, High capacities remain the unfinished business in education. Although the educational system considers...

Dental checkups needed by children

Dental checkups needed by children

Children need periodic dental check-ups as prevention to detect possible decay or cavities. The American Academy of Pediatric Dentistry recommends making the first visit to the dentist by the first...

Spots on the face, how to hide them?

Spots on the face, how to hide them?

Why do we get spots on the face? Do they have a solution? These are the questions that lurk when we see that, with the passage of time, we begin to have dark spots on the skin, which tend to become...

Popular Categories - 2024



Recommended