header image
January 17th, 2007 by dm Forensics, Law & Policy none Comments

The Department of Justice has released a 137-page "Investigations Involving the Internet and Computer Networks" manual aimed at local (and unsophisticated in fighting cybercrime) law enforcement units. The DoJ’s concern seems to be that local law enforcement who lack the resources to train/employ forensic analysts may either miss entirely cybercrimes or wrongfully prosecute.

This manual comes after several local law enforcement agencies bungled  some high-tech investigations.  The Pennsylvania Supreme Court rejected prosecutors’ attempts to seize newspaper reporters’ hard drives, and the 8th Circuit Court of Appeals ruled that police illegally seized a computer in a methamphetamine investigation. A federal judge permitted an Internet service provider to sue police after it was raided because of Usenet posts its employees knew nothing about.  Also, in a dawn raid, Arizona police stormed into the house of a 16-year-old boy named Matthew Bandy and accused him of downloading child pornography–which carried a maximum penalty of 90 years in prison — only to later find out that his computer was thoroughly infected by malware.

The manual is not only aimed at local law enforcement agencies.It should also prove to be useful to small organizations, schools, or small IT departments who do not have the resources to hire a forensic analyst but want to get a very basic idea of what may be happening. Having said that, it is very important to understand that if you suspect you are a victim of cybercrime, it is imperative that you 1) report the crime to the appropriate law enforcement agency; and 2) do not touch the original media, do not boot the computer, or do anything that may otherwise affect the storage media which contains the possible evidence - failure to do so may render law enforcement unable to prosecute if they discover useful, but tampered with evidence.