Conducting Reactive and Proactive Internet Investigations By Ayodeji Omotade BSc, PgDip, MSc, CEH, CHFI Digital Forensics Limited
Introduction According to a recent United Nations survey over 90% of responding countries indicated that cybercrime most frequently comes to Law Enforcement’s attention through reports by individual or corporate victims.
Internet Investigations When police responds to crime that has already occurred, we call it ‘Reactive’. Proactive investigations occur before and during the commission of the offence.
Challenges of Reactive Internet Investigations Jurisdictional Blind Spot as Compared to Offline Crimes Lack of Basic Training Regarding Internet Crimes The Costs of Investigation is High Preservation of Evidence can be very Fragile
Proactive Internet Investigations Varieties of Proactive Internet Investigations includes Intelligence Collection of Information such as Undercover Investigations Looking for Child Pornographers or Traditional Vice Violations. Investigations Concerning Peer to Peer Networks for Sharing of Contraband or Illegal Trade in Music or Videos. These are Just Examples
Proactive Investigations According to The Bureau of Justice Assistance, The Presence of Social Media, Law Enforcement and Private Sector need to take a broader approach, getting the community at large involved. This brings us to Community Policing in Cyberspace.
Community Policing in Cyberspace
Community Policing in Cyberspace Initiatives Collaboration between the police And community at large that identifies and solves community problems. The creation of police department webpage or portal for community members to facilitate online communication. Chicago Tribune reported a police department sergeant for creating a dynamic website for the community for reporting crime online which was later picked up by other police departments. This increase in number of success rates in both proactive and reactive investigation were many times higher than when a static webpage which only gave the police information only existed.
Community Policing in Cyberspace Initiatives The use of social media sites such as Facebook, Twitter, Youtube and others. The partnership between private technology cyber security organizations. Sharing of information amongst other arms of law enforcement agencies. In 2012, LexisNexis Risk Solutions, in partnership with PoliceOne, conducted a survey of 1,221 law enforcement officers. The findings revealed that 4 out of 5 police officers were using social media platforms, such as Facebook, Youtube and Twitter to help solve crimes. The investigations consisted of both reactive and proactive responses.
3 Ways of Proactive and Reactive Internet Investigation on Social Media Apparent or Overt use: This when an officer access public areas of the internet for instance ‘Googling’ or open Facebook search. Discreet use: This occurs when the investigator uses undercover techniques and even attempts to conceal the IP address to avoid being tracked. Covert use: Most intrusive investigative use which involves not only concealing the information but includes creating an identity
Key Elements for Police Developing Social Media Policy for Investigation The use of social media resources will be consistent with applicable laws Define if and when social media sites or tools are authorized Articulate and define authorization level needed to use information on social media sites Specify that information obtained from sites visited will undergo evaluation: source reliability and content evaluation.
Key Elements for Police Developing Social Media Policy for Investigation Specify the documentation storage and retention requirements related to information obtained. Identify dissemination procedure for criminal intelligence and investigative products that contain information obtained.
Internet Monitoring Tools: Social Media There are three categories of monitoring tools for both reactive and proactive investigations Free tools: like icerocket, plancast, socialpointer etc Commercial Tools: Netbase, Topsy etc Law Enforcement Specific : like IBM solutions, Encase range of solutions SOCMINT which is Social Media Intelligence is a department created by the Metropolitan Police in the United Kingdom to monitor social media for proactive and reactive investigations, gathering of intelligences and also doubles as a CCTV on ground.
Law Enforcement and Private Sectors Working Together Cybercrime investigations are carried out by specialists in specific skills. The scope of Cybercrime investigations are very wide in relation to the traditional offline crimes. The synergy of high technology companies and Law Enforcement in Nigeria can be a starting point to increase successful proactive and reactive investigations
Operations Planning for Internet Investigation Identify intent and scope of the undercover operation Identify the legal restrictions around the undercover operations Determine the limit of the investigators Authority Identify the available resources to support the undercover investigations Prepare risk assessment of the operation Identify data collection requirements
MPS (UK) Association of Chief Police Officers (ACPO): Principles Principle 1: No action taken by law enforcement agencies, persons employed within those agencies or their agents should change data which may subsequently be relied upon in court. Principle 2: In circumstances where a person finds it necessary to access original data, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions. Principle 3: An audit trail or other record of all processes applied to digital evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result. Principle 4: The person in charge of the investigation has overall responsibility for ensuring that the law and these principles are adhered to. Extracts from Janet Williams QPM Deputy Assistant Commissioner Metropolitan Police Service ACPO lead for the e-Crime Portfolio ACPO Good Practice Guide for Digital Evidence
Cybercrimes (Prohibition and Prevention) ACT May 2015 The act provides an effective, unified and comprehensive legal, regulatory framework for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria. This act also ensures the protection of critical national infrastructure, and promotes cyber security and the protection of computer systems and networks, electronic communications, data and computer programs, intellectual property and privacy rights.
An Idea of Some Cybercrime Investigations Offences against critical national information infrastructure Unlawful access to a computer. System Interference Interception of Electronic messages Tampering with Critical Infrastructure Computer Related Forgery Theft of Electronic Devices
Some more Ideas on Types of Investigations. Unauthorized Modification of Computer Systems, Network Data and Systems Interference. Electronic Signature Cyber Terrorism Exceptions to Financial Institutions Posting and Authorized Options Reporting Cyber Threats
Cont… Identity Theft and Inpersonation Child Pornography Cyberstalking Attempt, Consipracy, Aiding and Abeting Breach of Confidence by Service Providers Manipulation of ATM/POS Terminals Phishing Electronic Cards Related Fraud
Investigative Tools All Law Enforcement Agencies conducting investigations that may require the use of digital forensics must ensure the investigations can be supported by forensically sound and legally sufficient digital forensic examinations.
Conclusion Reactive and Proactive investigations is still at its infancy in Nigeria. With the advent of the cybercrime act which still needs to be streamlined and the increased awareness of the wide scope which cybercrime in relation to many major crimes affecting our society especially in areas of terrorism, financial fraud and blatant corruption, a lot needs to be done in areas of infusing technology, advocating of new policies and providing resources for capacity building, increased manpower and financial resources.
Digital Forensics Limited www.digitalforensicsng.com info@digitalforensicsng.com 07068866999