Contact. How is the device used to communicate? Does it log voice communications, chat logs, or whom the individual talks to?
Cost. What are the legal risks of what individuals can do with the digital tool?
Being familiar with digital technology helps first responders ask the right questions when determining the appropriate technology to seize. Armed with this knowledge, they know to ask things like: Do you have IT routers? Do you have hard-wired computers? Do you have cell phones? Do you have an Xbox or PlayStation? Where are they? Did the suspect or victim have access to them?
Good, old-fashioned police work
Still wondering what to do when getting the cybercrime call?
"Good, old-fashioned police work," says Aftab. "You can't make a cyber case if you don't know how to make a regular case."
Here's where things get dicey: Sometimes first responders fail to take any action when cybercrime calls come in. "Depending on the agency, some will take a report and do something with it; some will take the report and do nothing with it; and some won't take a report at all," says Shipley.
"But cybercrime is here to stay and it's affecting all of our citizens," he adds. "If agencies are not out there helping to address the crime problems plaguing this space, they are throwing their citizens to the wolves and failing to give them the protection they need."
Unfortunately, the situation in many agencies mimics the one described on the National Center for Super Computing Applications (NCSA) Web site: "A law enforcement officer receives a complaint from a victim of Internet fraud or harassment, and while the officer does his best to capture the details, valuable information on the victim's computer goes uncaptured and never gets to those with the expertise to decipher it. When faced with this scenario, many law enforcement first responders are left scratching their heads, unable to do anything but take down the most basic information."
"Many officers we've talked to admit being pretty nervous when they are called into anything related to the computer," says Randall Butler, director of the NCSA CyberSecurity Directorate.
According to Butler, NCSA research found first responders take notes about the complaint; they may even get printouts. But the department high-tech expert often finds the collected information insufficient. Then, this individual, who often has more cases than he or she can handle, must revisit the scene to collect missed information — if it's still available.
Enter a new tool — the Cyberinvestigation Law Enforcement Wizard (CLEW).
The NCSA and the National Institute of Justice have teamed together to develop a live collection tool designed to simplify cyber data collection. The tool, slated for release in late 2010, enables first responders to quickly and easily gather evidence, ask the right questions and preserve evidence for further investigation.
CLEW helps first responders navigate through consent-based searches involving digital media in order to collect actionable information. The officer plugs CLEW's USB stick into the system under investigation, which launches the triage tool and walks the responder through the investigation with a series of questions. The device then initiates live data collection. Later, the officer takes the USB back to the department where the data can be uploaded for further analysis.
Gathering the evidence
Data collected from digital tools leads to further investigation, which can transcend to issues with obtaining data from Internet Service Providers (ISPs), Web sites or social networking platforms. Even with a search warrant in hand, it can take days to retrieve information, and by the time officers secure permissions from the ISP, the information may no longer exist, as most companies only house this data for a short time.
Cybercrime investigators frustrated with the speed of gathering ISP information seek to alter the ground rules of online investigations. They want a national Web interface linking police computers with those of Internet and e-mail providers. They also wish to mandate that ISPs store user data up to five years and respond to police inquiries within hours instead of days.