Сybеrсrimе Маjоr Аssignmеnt Essay Example

  • Category:
  • Document type:
  • Level:
  • Page:
  • Words:

Сybеrсrimе Маjоr Аssignmеnt


Compared to traditional crimes, cybercrime is relatively easy to commit, but often hard to detect, investigate and prosecute.  This is because as opposed to traditional crimes, which are committed from places that can be easily located and their effects are restricted to a given geographical area, cybercrimes can be committed by individuals whose identity and even location may not be easy to detect. In addition, the effects of cybercrime may be felt across a large area and even across many countries when the systems such as computers that are used to commit the crimes are interconnected. Therefore, there are unique challenges that face the police and investigators when conducting cybercrime investigations.

Based on the background information above, this essay will discuss various aspects of cybercrime and dealing with electronic evidence. The first of part of the discussion is the differences between investigating traditional criminal offences and cyber-related offences. The second part of the discussion will be an analysis of the elements that would be included in a plan of investigation when investigating cybercrimes. Finally, the third part of the discussion will be a review of the greatest challenges that the police and investigators face when dealing with electronic evidence.

Differences between investigating traditional criminal offences and cyber offences

In order to understand the differences between investigating traditional criminal offences and cyber offences, it is important to first identify the differences between traditional criminal offences and cyber offences. This is because it is the nature of the differences between the two forms of crime that forms the basis for the differences that exist when investigating the two kinds of crime.

To start with, one of the major differences between traditional criminal offences and cyber offences is that in general, traditional crime happens in defined place and its effects are felt by one set of victims who are targeted and are in the location of the crime (Home Office 2010, p. 5). On the other hand, given that cybercrime is a crime committed using technology (PGI Cyber 2016), it can be carried out from a location that is difficult to determine and its effects could be felt across the globe because of the interconnectedness between the systems used by the perpetrators of cybercrime and the systems that are targeted by the criminals (Home Office 2010, p. 5). Specifically, according to Bajovic (2017, p. 89), as opposed to traditional criminal offences, which are carried out in a defined location, cybercrimes entail a “territorial disconnection” between the crime and the effects of the crime. This is because in most cases, the perpetrator of a cybercrime and the effects of the crime are likely to be located in different places, and even in different continents. Additionally, cybercrimes do not require the criminal and the victim or victims of the crime to be located close to each other, and a perpetrator of cybercrime can carry out many crimes across the world in a matter of seconds or minutes (Bajovic 2017, p. 89). As well, the number of victims in cybercrime offences is usually much higher in comparison to the number of victims who are targeted by cases of traditional crimes (Bajovic 2017, p. 89). For instance, a scammer (a case of cybercrime) can target many people in several countries and in different continents with a given scam, while a traditional thief is likely to just target certain individual, group of people or a store on which to commit the crime of theft.

Specific examples of differences between traditional criminal offences and cyber offences

There are various ways in which traditional ways of committing crimes are different from the methods that are used to conduct cybercrimes. Below is a comparison of how crimes such as theft, fraud, blackmail and abuse, identity theft, and children abuse and exploitation are committed traditionally and in cyberspace. The differences give an indication to as to the differences in the methods that are used when investigating the two forms of crime.

In regard to theft, the traditional method of stealing involves, for instance, breaking and entering a premises with the purpose to steal (Șinca 2015, p. 2). It can as also involve taking someone’s property without their knowledge. On the other hand, theft in cyberspace can be done in the form of activities such as hacking. Hacking involves the infiltration into a gadget or a communication system by means of unauthorised access (Șinca 2015, p. 2). The hacker will then steal the information that he or she requires from the gadget, which could be a computer, server, phone, or any other device.

As regards fraud, the traditional techniques of committing fraud include obtaining information such as financial data from a person with the intent of a committing a crime. Traditional ways of committing fraud can also involve deception, acting in bad faith to earn money by breaching the victim’s rights, and so forth (Șinca 2015, p. 2). On the other hand, fraud in the cyber environment can involve forms such as phishing and Internet fraud. Phishing involves a computer deception that sends spam messages to a victim in order to gain access to the victim’s personal information such as financial data (Șinca 2015, p. 2). Through a phishing scam, a person can be tricked into disclosing his or her personal information such as bank account information, passwords, and credit card details to the offender (Scamwatch, n.d.). Fraud in cyberspace can also be in the form of Internet fraud, which can involve people creating a profile that is similar to that of a victim by unlawfully getting information about the victim and using that information to commit fraudulent and deceitful activities, usually with an objective of getting material rewards (Roddel 2011, p. 84; Șinca 2015, p. 2).

In the traditional form of crime, blackmail and abuse may take the form of an unlawful or abusive use of authority to get undue benefits, influence or power. On the other hand, as regards the cyber environment, blackmail and abuse occurs in the form of “Internet blackmail and abuse” (Șinca 2015, p. 2). This involves getting illegal access to an entity’s or a person’s information and altering or blocking such information with the aim to blackmail the affected entity or person so as to obtain monetary gains and other benefits (EC-Council 2017, p. 277).

Another difference between traditional criminal offences and cyber offences is in regard to the crime of identity theft. In traditional crimes, identity theft means the impersonation of another person using their personal information to gain access to certain benefits or favours (Șinca 2015, p. 2). In contrast, in the cyber environment, identity theft means getting illegal access to a person’s information and using it in various networks such as the Internet to commit deceit and fraud (Roddel 2011, p. 72).

Lastly, another comparison between traditional criminal offences and cyber offences may be in regard to actual physical abuse as well as exploitation of children through activities such as sexual abuse and pornography (Șinca 2015, p. 2). On the other hand, child exploitation and abuse in the cyber environment may involve using children in pornographic videos that are posted on the Internet, cyber bullying and even blackmailing children by threatening to expose their videos or photos that have pornographic content (EC-Council 2017, p. 277).

Differences between investigating traditional criminal offences and cyber offences

From the examples above, it is evident that traditional criminal offences are easier to detect since they are carried out at a certain location and target specific victims. For instance, in the event of stealing, investigators will target the offender through evidence such as camera footage, finger print evidence, or possession of the stolen items. Investors can also rely on witness of accounts of what transpired in regard to the theft (e.g. that a person broke into an office and stole a computer). Conversely, cyber offences are more intricate and harder to detect. For example, a hacker may steal passwords using one computer and use that information to log into a given system using a different computer. In such a case, investigators and the police would have to follow the trail from how the hacker stole the information to how he or she used the stolen information. Such processes are complicated given that digital information can be easily altered, damaged or destroyed (Dutelle 2017, p. 381). As well, cybercrimes may be carried out from locations that are not easy to find.

Investigating cyber offences is particularly more difficult compared to investigating traditional criminal offences because of the equipment and systems that are used in cyberspace. According to Gladyshev and Rogers (2011), the Internet has made it much easier for criminals to carry out crimes by providing them with a platform to launch attacks with considerable anonymity. Further, the increasing complexity of information communication technology infrastructure makes investigation of cyber crimes more difficult. For instance, a crime may have been committed, but investigators have to sift through huge volumes of data to detect the crime and gather evidence. In the case of Internet-based fraud and scams for example, investors have to collect evidence such as the media access control (MAC) address of the device used by the offender and the Internet protocol (IP) address that was used in committing a given crime (Hess & Orthmann 2010, p. 506; U.S. Department of Justice 2004, p. 11). But even when such information has been gathered, successfully linking the information to the person who committed the crime in question is quite a challenge (Ernesto 2014; Osborne 2016).

What to put in an investigation plan when conducting a cybercrime investigation

A cybercrime investigation plan needs to have steps that make it possible to conduct the investigation, identify the possible digital evidence, and work with different types of digital evidence (such as social media, emails, IP addresses and so on (Centre Cyber Law Enforcement 2017).

The components that need to be included in a cybercrime investigation plan are discussed in the following sections.

  1. How to assess the situation

The investigating officer needs to determine the specific elements of the crime and assess whether the laws in the area of jurisdiction can be used as a basis for prosecution. For example, the officer needs to determine if charges can be sustained in regard to the offence in question (Centre Cyber
Law Enforcement 2017). In particular, the officer should be able to tell whether a certain act committed by a suspected offender can be said to be in breach of certain sections of the law, and should be in a position to support the deduction with evidence of how the law has been breached.

  1. A plan for conducting the initial investigation

It is important to ask the “who, what, where, when, why and how questions” as part of the initial investigation (Centre Cyber Law Enforcement 2017). Therefore, the investigators need to ask themselves following questions:

  • Who is the potential

  • What crime has been committed?

  • When was the crime committed?

  • Was the crime restricted to a jurisdiction of the state or country?

  • What evidence exists that can be collected?

  • Where could the digital and physical evidence be located?

  • What kinds of digital and physical evidence are related to the crime?

  • Do any of the pieces of evidence need to be captured and preserved immediately?

  • How can the pieces of evidence be safeguarded and stored for court proceedings?

  1. A plan on how to identify the possible evidence

Digital evidence can be in the form of many types of files of different capacities. As well, the evidence might be protected, encrypted or hidden. As such, there is need to make arrangements on how to get resources and tools to capture the required evidence data (Centre Cyber Law Enforcement 2017). It is possible that the evidence that is collected may include too much or too little information. If too much information is gathered, it may also require too much time to analyse and sift (Cohen 2013, p. 61). On the other hand, if too little information is gathered, then some important pieces of evidence may be missed (Cohen 2013, p. 61). Therefore, the plan needs to include the specific information that is required and how it will be collected.

  1. How to secure devices and preserve the evidence

In most cases, the people involved in cybercrime investigation may get hold of electronic devices such as computers that contain the digital evidence that is required, but they must obtain a court order in order to carry out a search on the device or devices (Centre Cyber Law Enforcement 2017). Several court orders may have to be obtained if a given device is linked to more than once crime (Centre Cyber
Law Enforcement 2017). Therefore, the cybercrime investigation plan needs to have information on how the devices that contain potential digital evidence will be secured, how the permission to examine those items will be sought and the legal implications of such requests, and how the evidence will be secured or preserved. Also, there is need to outline whether assistance will be required from other organisations such as communication companies and Internet service providers (ISPs) (Centre Cyber
Law Enforcement 2017).

  1. A plan on how to analyse the information with the prosecutor

Since the ultimate goal of conducting cybercrime investigation is to prosecute the perpetrators of cybercrimes, the police and investigators need to work hand-in-hand with the prosecutor to in order to identify the specific laws that are associated with the cybercrime or cybercrimes that have been committed by the offender (Centre Cyber Law Enforcement 2017). Such collaboration is important because it helps in identifying additional information or evidence that may be required to support the charges against the suspected offender (Centre Cyber Law Enforcement 2017).

The greatest challenges faced by the police and investigators when dealing with electronic evidence

One of the biggest challenges that the police and investigators face when dealing with electronic evidence is the delicate nature of such evidence. It has been argued that digital evidence is “volatile, has a short life span, and is frequently located in foreign countries” (Roscini 2015, p. 240). As well, Dutelle (2017, p. 381) has pointed out that digital evidence that is located in computers and a variety of other electronic devices can be easily changed, removed from the device or destroyed. The two statements by Roscini and Dutelle suggest that digital evidence can easily be manipulated, is easy to destroy, and may be difficult to find, especially if the cybercrime has been committed by a perpetrator who is located in another country. Digital evidence may also be abused by some parties. For instance Brown (2015, pp. 58, 91) has analysed a case in which female a computer scientist who had broken up with her boyfriend possibly used her skills to sent herself sexually explicit messages and alleged that it was the ex-boyfriend who had sent those messages. The lady also used her IT skills to tamper with the digital evidence that could have been used in identifying the perpetrator of the cyber stalking crime (Brown 2015, pp. 58, 97). Therefore, the police and investigators not only have difficulties in accessing digital evidence, but also face the challenge of securing the evidence to ensure that it is not altered or destroyed by the perpetrator of a cybercrime or any other person.

Another challenge relates to the fact that the process of collecting digital evidence can be take a lot of time and requires collaboration between the investigators and other organisations such as ISPs, which may be quite difficult if the crime has been committed from another country (Dutelle 2017, p. 381). In addition, the process of collecting digital evidence is made even more difficult by the point that it is not always easy to locate the computer that was used to commit a crime since it is possible for cybercriminals to conceal their identities without leaving any physical evidence at the place from which the crime was committed (Bajovic 2017, p. 89). Further, the police and investigators may not have adequate skills and resources to sift through many files and identify the specific evidence that relates to a particular cybercrime (Casey 2011, p. 666), yet such evidence may as well have been removed by the suspected offender. As such, it is possible for the investigators to miss evidence that needs to be included as crucial digital evidence, such as storage devices, deleted files, contents of networked computers, backups, secondary storage and related information (Cohen 2013, p. 62).

The third challenge is that is that even if the digital evidence that the police and investigators gather leads to the identification of a device or a system from where a cybercrime originated, the evidence does not necessarily identify the parties responsible for the crime. This is because the device may have been attacked or the MAC and IP addresses may have been spoofed (Roscini 2015, p. 240). In short, digital evidence does not always lead to the identification of a suspect in a cybercrime (Roscini 2015, p. 240). Therefore, after collecting electronic evidence, investigators and the police still have to do more to link the evidence to a suspect.


It has been noted that the differences between investigating traditional criminal offences and cyber offences are related to differences in how crimes are committed using traditional ways and in the cyber environment. Notably, cybercrimes are committed using technologies such as computers and as such, the investigation of cybercrimes has to focus largely on collecting digital evidence. Additionally, the investigation of cyber offences is more difficult because of the nature of the systems used to commit crimes and the evidence to be collected.

A cybercrime investigation plan will typically have information such as how to assess the crime situation, details for conducting the initial investigation, how to identify the possible evidence, how to secure devices and preserve the evidence, and how to analyse the evidence with the prosecutor.

Finally, it has also been noted that the greatest challenges faced by the police and investigators when dealing with electronic evidence are as follows. First is the delicate nature of digital evidence. Second is the complexity of digital evidence and the cumbersomeness that is associated with collecting such evidence. The third point is that electronic evidence, even if collected, does not straightforwardly identify the perpetrator of a given cybercrime. This means that the police and investigators, after collecting digital evidence, still have to do more to establish the connection between a suspect and the evidence.


Bajovic, V 2017, ‘Criminal proceedings in cyberspace: the challenge of digital era’, in EC Viano (eds),
Cybercrime, organized crime, and societal responses: international approaches, Springer International Publishing Switzerland, Cham, pp. 87-102.

Brown, CSD 2015, ‘Investigating and prosecuting cyber crime: forensic dependencies and barriers to justice’, International Journal of Cyber Criminology, vol. 9, issue 1, pp. 55-119.

Casey, E 2011,
Digital evidence and computer crime: forensic science, computers, and the Internet, 3rd edn, Elsevier Inc, Waltham, MA.

Cohen, F 2013, ‘Challenges to digital forensic evidence in the cloud’, in K Ruan (ed), Cybercrime and cloud forensics: applications for investigation processes, Information Science Reference, Hershey, PA, pp. 59-78.

Dutelle, AW 2017, An Introduction to crime scene investigation, 3rd edn, Jones & Barlett Learning, Burlington, MA.

EC-Council 2017,Computer forensics: investigating network intrusions and cybercrime (CHFI), 2nd edn, Cengage Learning, Boston, MA.

Ernesto 2014, ‘Judge: IP-address is not a person and can’t identify a bittorrent pirate’, TF, 24 March, viewed 30 April 2017, <https://torrentfreak.com/ip-address-not-person-140324/>.

Gladyshev, P & Rogers, MK (eds) 2011, Digital forensics and cyber crime, Springer, New York.

Hess, KM & Orthmann, CH 2010, Criminal investigation, 9th edn, Delmar, Clifton Park, NY.

Home Office 2010, Cyber crime strategy, Home Office, London.

Șinca, GM 2015, ‘Cybercriminology: transition from traditional criminal techniques to cybercrime’, AGORA International Journal of Juridical Sciences, viewed 30 April 2017, <http://univagora.ro/jour/index.php/aijjs/article/viewFile/1910/605>.

Centre Cyber Law Enforcement 2017, Cyber crime Investigations, viewed 30 April 2017, <http://www.iacpcybercenter.org/officers/cyber-crime-investigations/>.

Osborne, C 2016, ‘FBI refuses to release Tor exploit details, evidence thrown out of court’, ZDNet, 26 May, viewed 30 April 2017, <http://www.zdnet.com/article/fbi-refuses-to-release-tor-exploit-details-evidence-thrown-out-in-court/>.

PGI Cyber 2016, What is the difference between cyber crime and traditional crime?, PGI Cyber , 28 June, retrieved from <https://pgicyber.com/NewsandEvents/What-is-the-difference-between-cyber-crime-and-traditional-crime%E2%95%95>.

Roddel, V 2011,
The ultimate guide to Internet safety, 2nd edn, Victoria Roddel, La Belle, Florida.

Roscini, M 2015, ‘Evidentiary issues in international disputes related to state responsibility for cyber operations’, in JD Ohlin, K Govern & C Finkelstein (eds),
Cyberwar: Law and ethics for virtual conflicts, Oxford University Press, Oxford, pp. 215-248.

Scamwatch n.d. Unexpected money, viewed 30 April 2017, <https://www.scamwatch.gov.au/types-of-scams/unexpected-money>.

U.S. Department of Justice 2004, ‘Forensic examination of digital evidence: a guide for law enforcement’, National Institute of Justice Special Report, viewed 30 April 2017, <https://www.ncjrs.gov/pdffiles1/nij/199408.pdf>.