U.S. flag

An official website of the United States government, Department of Justice.

Investigations Involving the Internet and Computer Networks

NCJ Number
Date Published
January 2007
137 pages
This report provides information for investigators responsible for probing Internet or other computer-related crimes.
The report offers information on the investigation process from the first responder to the courtroom. Specific topics addressed include: (1) electronic crime scene investigation by first responders; (2) forensic examination of digital evidence; (3) internet and network investigations; (4) investigative uses of technology; (5) courtroom presentation of digital evidence; and (6) development of a digital evidence forensic unit. Chapter 1 introduces the main issues facing investigators of computer-related and Internet crimes. Sources of information are identified as well as the major issues investigators should be concerned with, such as the fragility of digital evidence and rules governing the chain-of-custody and other legal processes. Chapter 2 offers information on tracing an Internet address to a source, which is a key component of investigations involving the Internet and computer networks. Chapter 3 focuses on investigations involving e-mail, which are now easily exchanged using cell phones, personal digital assistants, and pagers. Chapter 4 offers methods and practices for investigations involving Web sites and suggests the use of an undercover computer and Internet Service Provider (ISP) account or other covert methods to disguise the efforts of investigators. Chapter 5 moves along to investigations involving instant messengers (IM), chat rooms, and Internet Relay Chat (IRC), which allow real-time communications. File sharing networks are increasingly being exploited for criminal activities; chapter 6 offers tips for investigations involving file sharing networks, which may encompass child pornography, copyrighting, intellectual property, financial, or personal identification offenses. Chapter 7 presents information regarding the investigation of network intrusion/denial of service offenses. These investigations, which may involve the use of viruses, Trojans, or worms, can be complex and the assistance of outside expertise may be required. Chapter 8 addresses investigations involving bulletin boards, message boards, listservs, and newsgroups while chapter 9 focuses on the legal issues governing investigations of computer-related crimes. Appendixes

Date Published: January 1, 2007