As with Dante, I too frequently “strayed from the True Way into the Dark Woods of Error” when investigating cyber crime. Often times, I found myself lost as a result of a lack of available information on how to handle the situations I confronted. Yet other times I wasn’t quite sure how I got to the point where I became lost. As a cyber crimes investigator, you’ve undoubtedly encountered similar situations where there was little or no guidance to aid you in your decision-making process. Often, you find yourself posting “hypothetical” questions to an anonymous list serve, in the hopes that some stranger’s answer might ring true. Although you’ve done your due diligence, sleepless nights accompany you as you contemplate how your decision will come back to haunt you.

We recently witnessed such an event with the Hewlett-Packard Board of Directors scandal. In this case, seasoned investigators within HP and the primary subcontracting company sought clarity on an investigative method they were implementing for an investigation. The investigators asked legal counsel to determine if the technique being used was legal or illegal. Legal counsel determined that the technique fell within a grey area, and did not constitute an illegal act. As a result, the investigators used it and were later arrested. This situation could befall any cyber crimes investigator.

Cyber crime investigations are still a relatively new phenomenon. Methods used by practitioners are still being developed and tested today. While attempts have been made to create a methodology on how to conduct these types of investigations, the techniques can still vary from investigator to investigator, agency to agency, corporation to corporation, and situation to situation. No definitive book exists on cyber crime investigation and computer forensic procedures at this time. Many of the existing methodologies, books, articles, and literature on the topic are based on a variety of research methods, or interpretations on how the author suggests one should proceed. The field of computer forensics is so new that the American Academy of Forensic Sciences is only now beginning to accept it as a discipline under its general section for forensic sciences. I suspect that cyber crime investigations and the computer forensic methodologies are still in their infancy stages and that the definitive manual has yet to be written.

In the following pages and chapters, areas of difficulties, misconceptions, and flaws in the cyber investigative methodology will be discussed in an attempt to bridge the gaps. This book is by no means intended to be the definitive book on cyber crime investigations. Rather, it is designed to be a guide, as Virgil was to Dante, to help you past the “Beasts” and place you back on the road to the True Way. While I anticipate readers of this book to disagree with some of the authors’ opinions, it is my hope that it will serve to create a dialogue within our community that addresses the many issues concerning cyber crime investigations. Dante was brought to the light by a guide—a guide that symbolized Human Reason. We, too, can overcome the gaps that separate and isolate the cyber-investigative communities by using this same faculty, our greatest gift.

In a research report published by the National Institute of Justice in 2001, researchers determined that uniform laws, which kept pace with electronic crimes, were among the top ten critical needs for law enforcement (National Institute of Justice, 2001). It found that laws were often outpaced by the speed of technological change. These gaps in the law were created by the length of time it took for legislation to be created or changed to meet the prosecutorial demands of cyber crimes.

In 2003, I worked a child pornography case that demonstrated the gap between the legal framework and changing technology. In this case, I arrested a suspect who was a known trader in the child pornography industry. He had set up a file server that traded pictures and videos of child porn. This site was responsible for trading child porn with hundreds of users around the world on a daily basis. So the idea was to take over control of the file server and record the activities of the users who logged on. Knowing that I would essentially be recording the live activity of unsuspecting individuals, it was prudent to think I would need a wiretap order from the court. The only problem was that child pornography was not listed as one of the underlying crimes for which you could obtain a wiretap order under the New York State Criminal Procedure Code. Some of the crimes for which wiretapping was allowed at the time included murder, arson, criminal mischief, and falsifying business records—but not child pornography. As a result, we relied on the fact that New York State was a one-party consent state. This allowed me to record my side of the conversation—in this case, the computer activity. However, a problem still arose with the issue of privacy as it pertained to the IP addresses of the individuals logging in. The legal question was whether the unsuspecting users had a reasonable expectation of privacy as it related to their IP address. This issue caused great debates among the legal scholars involved. Nevertheless, we erred on the side of caution and obtained a trap and trace order. This court order allowed us to record the inbound connections of unsuspecting suspects and trace their connection back to their Internet service provider. We then issued subpoenas to identify the connection location and referred the case to the local jurisdiction. In the end, numerous arrests were made and cases where generated around the world. This is an example where the legal framework did not address our situation.

Even though legal issues identified in the cyber porn example existed back then, little has changed to date. Revisiting the Hewlett-Packard Board of Directors scandal, the investigative techniques included pretexting and e-mail tracing. Lawyers, academic scholars, and investigators have raised the issue of whether or not HP’s actions during the investigation were in fact illegal. According to news reports, there were no specific federal laws prohibiting HP’s use of these investigative techniques (Krazit, 2006). Randal Picker, a professor of commercial law, also stated that he believes the techniques are legal, but that evidence collected from these techniques may not be admissible in a court of law (Picker, 2006).

Getting back to the child porn example from 2003, would it surprise you to know that during the writing of this chapter I perused the New York State Legislature’s Web site under the Criminal Procedure Law and still found that none of the laws pertaining to Article 263 (Sexual Performance by a Child) of the Penal Law are listed as designated offenses for which a wiretap order could be granted? Fear not, they at least updated the law to include Identity Theft (New York State, 2006). As you can see, these types of legal issues will continue to be raised as lawmakers and legislators struggle to find ways to respond adequately, and immediately, to change when technology affects the law.