This paper examines cybercrime and cybercrime forensics, analyzing their consequences and effects on individuals, businesses, and governments. It defines cybercrime broadly — from viruses and worms to identity theft — and describes forensic methods used to investigate such crimes, including network forensics and hash-based tools for detecting child pornography. The paper explores the serious consequences of cybercrime, such as financial losses running into billions of dollars, and the challenges forensic investigators face in collecting and preserving digital evidence. It also discusses the positive effects of advancing forensic capabilities alongside potential negative outcomes, including more sophisticated criminal techniques, privacy concerns raised by the PATRIOT Act, and the implications of data retention laws in the United States and Europe.
The paper demonstrates effective use of direct quotation integrated with analytical commentary. Rather than simply dropping block quotes, the author frames each with context and follows up with interpretation — for example, citing identity theft cost projections and then connecting them to broader social consequences such as employment and credit access.
The paper opens with a definitional section covering cybercrime and forensic methods, then moves into a cause-and-effect analysis divided into "Consequences" and "Effects" subsections. The consequences section addresses harms to victims and evidentiary problems; the effects section weighs the positive impact of forensic advances against risks like increasingly sophisticated attacks and civil-liberties implications of surveillance law. A brief conclusion synthesizes the findings. The structure is straightforward and appropriate for an undergraduate survey paper.
Cybercrime has become a serious problem in the modern world. The abundance of personal computers available at relatively low prices has fueled the growth of cybercrime across the globe. As a result, law enforcement agencies have developed cybercrime forensics — a discipline designed to track down those responsible for such offenses. This paper analyzes the subject and discusses the consequences and effects of cybercrime and cybercrime forensics through evidence and reasoned argument.
Cybercrime involves a wide range of offenses, including everything from the creation and spreading of worms and viruses to identity theft. According to the Department of Justice, cybercrime is defined as "any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution (Ditzion, et al.)." More specifically, cybercrimes that have taken place in the last decade include viruses, worms, Trojan horses, sniffers, logic bombs, and denial-of-service attacks (Ditzion, et al.).
According to an article entitled "Cybercrime Facts," approximately 80% of all cybercrime is the result of insider attacks. Sometimes the attacker is a recently laid-off system administrator whose remote-account privileges are still active, or one who created back doors into the network. Organized crime groups can also be behind security breaches (Panczenco).
The increase in cybercrime over the past decade has forced law enforcement agencies to find new ways of identifying perpetrators. Cybercriminals are particularly difficult to locate because they can operate from anywhere in the world, and some countries lack laws prohibiting certain types of offenses carried out over the internet. These jurisdictional challenges, combined with the ease with which perpetrators can erase digital evidence, make investigation especially difficult.
In recent years, both businesses and individuals have been adversely affected by cybercrime. Many businesses have hired cybercrime investigators to determine who the perpetrators are and how their computer networks were breached. According to an article entitled "The Role of Organizations in Identity Theft Response: The Organization-Individual Victim Dynamic," those who investigate cybercrime are often engaged by victimized companies through private firms that specialize in computer forensics examinations (Lacey et al.). These private-sector firms then involve law enforcement once they confirm that illegal activity has occurred (Lacey et al.). The article explains that:
"Cooperation between law enforcement and private-sector investigators is still a fairly new idea, however. Several years ago, when the author's company first started conducting forensics investigations, it was often met with distrust by both their private sector clients, who feared bad publicity or losing control of company data, and law enforcement agents, who were reluctant to share information with third-party vendors. However, this reluctance is diminishing as law enforcement becomes more accustomed to working with third-party cyber forensics experts and as clients see that the process can work. Companies like Ubizen work under strict conditions and with detailed nondisclosure agreements, which protects clients and helps allay fears" (Lacey et al.).
Cybercrime forensics is defined as "the preservation, identification, extraction, documentation and interpretation of computer data (Kruse and Heiser)." Several types of cybercrime forensics exist. One that is used frequently is network forensics, which involves searching for anomalies in files and reviewing log entries (Panczenko). Such forensics can help investigators establish how a system was attacked (Panczenko).
Another type of cybercrime forensics involves tracking down those who download child pornography. According to an article entitled "DoD Targets Child Porn on Military PCs," the Defense Cyber Crime Center is seeking to quickly investigate child pornography cases with a new software tool developed under the military's Project KIDS (Known Image Database Systems) initiative (Messmer). The software automates analysis through a hashing technique that searches for both known and potential child pornography in data files (Messmer). The author explains that "the tool also looks for malware, such as backdoors or Trojans, that might indicate the PC was subverted to download child pornography without the PC user's knowledge. Currently, the center has approved more than 300 tools for computer forensics purposes in the military. The three primary tools are EnCase from Guidance Software, the Forensic Toolkit from AccessData, and iLook, a tool originally developed by Scotland Yard, which is licensed in the U.S. by the Internal Revenue Service only to government users" (Messmer).
Cybercrime has serious consequences, particularly for large corporations and for individuals who are victims of identity theft. In recent years, cybercrimes have affected large financial institutions such as Bank of America, resulting in identity theft that carries costs for both victimized individuals and credit card companies that absorb fraudulent charges. According to the Journal of Consumer Affairs:
"Identity theft threatens the very essence of an individual's sense of self and his or her capacity to participate in society. The consequences of this form of criminality are significant and wide-ranging, with current assessments of its impacts exceeding billions of dollars each year... Available evidence indicates that identity theft is becoming increasingly attractive for perpetrators vis-à-vis other forms of crime. In the United States, for example, identity theft is described as growing at a rate of 30% per year, with its losses estimated at reaching $8 billion by 2005 (Supreme Court of the State of Florida 2002). The loss of funds and/or other forms of property, a tarnished credit history, and a criminal record are all potential outcomes for the identity theft victim, with ongoing consequences for the ability to secure employment, obtain goods and services on credit, travel freely, and participate in the wider society in a generally unencumbered fashion (Ditzion, et al.)."
The consequences of cybercrime are also severe when worms and viruses are used to collapse the networks of large corporations and even governments. Recovering from such attacks costs companies billions of dollars per year. In addition, many have feared that terrorists could use vulnerable systems to attack the nation's utility grids.
Beyond the consequences of cybercrime itself, there are also significant challenges associated with cybercrime forensics. One of the most critical is the inability to properly collect and store evidence. It can be difficult to acquire evidence without altering the data that was originally seized (Kruse and Heiser). Additionally, some cybercrime forensics experts may have difficulty authenticating the recovered data as the data that was originally seized (Kruse and Heiser), and analyzing the data without altering it presents its own challenges (Kruse and Heiser).
As a consequence of these problems, many cybercrime perpetrators may be able to evade criminal prosecution. This is especially detrimental in cases involving child pornography and pedophilia. Similarly, perpetrators who have created and spread worms over the internet or through networks could escape prosecution if the forensic evidence is in any way suspect. Experts must therefore be properly trained to gather and store digital information correctly (Messmer).
There are also consequences related to storing collected data. This problem is particularly acute with hard drives, which can hold enormous volumes of information that is difficult to transfer to other storage media (Messmer). For instance, "a challenge facing the Defense Cyber Crime Center is finding secure ways to store seized data in all computer crime cases. The center's practice has been to store data for each case on a separate PC. 'We're getting cases so big we can't store the evidence on even four networked PCs, so we need a storage-area network,' said Jim Christy, director of the Cyber Crime Institute, the Defense Cyber Crime Center's research arm. 'But we haven't seen the kind of system to prevent cross-contamination of data.' In one case, Christy recalled, the amount of data reached a whopping 75 terabytes" (Messmer).
Cybercrime and cybercrime forensics have a profound effect on society. As it pertains to cybercrime, the effects can be devastating and costly. In addition, it can damage the credibility of the company or individual who is victimized and diminish their quality of life.
The effects of cybercrime forensics, on the other hand, can be very positive. As experts find new ways to track cybercriminals, the cost and trauma caused by these crimes can be greatly reduced. This is because cybercrime forensics experts are able to retrieve information that has been deleted from a hard drive. An article entitled "Digital Forensics Is Growing Field" explains that suspects can purge evidence from their hard drives, but an expert can often find the information anyway:
The research asserts that cybercrime is a problem that has grown in significance and severity over the past decade. The research also found that cybercrime forensics is a developing technique that can be both rewarding and challenging. The investigation highlights that the consequences and effects of cybercrime forensics can be positive in that they help prevent future attacks. However, the advance of forensic techniques may also result in the development of more sophisticated criminal methods, presenting an ongoing challenge for law enforcement and policymakers alike.
You’re 60% through this paper. Sign up to read the remaining 1 section.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.