NCJ Number
81708
Date Published
1981
Length
21 pages
Annotation
This pocket guide is designed for those investigators who have little or no experience in the field of computer crime investigations and explains the necessary points the must be covered in a computer case.
Abstract
A primary difference between the evidence-gathering process in a computer crime and other crimes is that, in the case of computer crime, the evidence may not be visible to the investigator in the form of a printed document. The evidence may be in tape form, on a disk drive, or in the electronic circuitry of an operating system. A basic knowledge of data processing is almost essential for any investigator to be effective. The guide reviews the computer fraud process and outlines investigation planning, which covers case initiation, loss information, criminal violation, the organization's prosecution policy, legal case search, evidence gathering, and expert witness assistance. Areas for possible technical assistance at the investigative stage include detecting the crime, developing an overall theory of the case, advising on patterns of known computer abuse in a given industry, and operating complex technical surveillance equipment. The chain of custody and computer evidence are discussed, marking tools for identifying computer media are listed, forensic equipment is delineated, and methods for caring for evidence are detailed. Sample report and documentation forms are included. A flow chart illustrates the investigation process.