Computer Forensics refers to information collected from and about computer systems that are admissible in a court of law. Because computer data is intangible, can be easily modified and is a critical part of an organization’s day to day operations, computer crime investigations have the following characteristics.
Because the Internet and World Wide Web are global, computer crime can be committed from extremely diverse geographic locations. A perpetrator in Russia may be committing fraud in the U.S. using the internet. The prosecution is impeded because of differences in laws, attitudes toward computer crimes, definitions of computer crimes as well as difficulty in obtaining search warrants.
A plan should be prepared beforehand on how to handle reports of suspected computer crimes.
Investigators and prosecutors have a compressed time frame for the investigation.
A computer crime investigation will involve an organization’s computers. As a result, the inquiry might interfere with the organization’s business activities. In some cases, computers may be seized.
In a corporate environment, an investigation will involve management, corporate security, human resources, the legal department, and other appropriate staff members.
The act of investigation may also affect critical operations.
Investigating may prompt a suspect to commit retaliatory acts that could compromise data, result in a Denial of Service (DoS) attack, generate negative publicity or open individual privacy issues.
A committee of appropriate personnel should be set up to address investigative issues in advance.
To accommodate the prosecution of computer crimes, many jurisdictions have expanded the definition of property to include electronic information.
