Cybercrime is replacing drug trafficking. Recent government findings indicate that cybercrime has sidelined illicit drug trafficking as one of the main sources of hundreds of millions of dollars in illicit profits worldwide. In its infancy, the Internet seemed like something that could become a useful tool for scientific research. If only we had known then what potential it had, perhaps more thought would have been given to its protection.

Today, news cables are littered with reports of massive theft of personal information, as well as depleted bank accounts, all due to the criminal element that, for a small investment in a computer and an Internet connection, is changing the landscape of criminal investigation. A prestigious research survey indicated that 8.1 million Americans were victims of identity theft in 2010. The losses were in the hundreds of millions.

The Locard Exchange Principle (LEP)

Dr. Edmond Locard (1877-1966), known to many as the French “Sherlock Holmes”, was a pioneer in forensic evidence investigation. Locard formulated the basic principle of forensic science: “Every contact leaves a trace.” Of course, Locard’s theory referred to physical contact made by the perpetrator with items at the crime scene. But the actual crime scene may not involve a physical structure; the crime scene is most likely located in cyberspace.

So the question evolves: “Does the Locard exchange principle apply to an electromagnet passing over a rotating disk?” Some digital detectives think so. For example, a hacker gains access to a computer system that may or may not be secure. Is any computer completely safe? Of course, security software is effective against many of these invasions, but a secure system will only take a bit longer for the hacker to break into. Now the question is, does the exchange principle apply?

Cyber ​​crimes leave no physical evidence

On the surface, the infiltrator would not physical trace of his having been there. But there may be other evidence of electronic traces. If the computer’s file access logs could be accessed, there may be a log available showing that the file was indeed accessed and even that a network transmission occurred. There is also the possibility that a side channel analysis of any activity on the hard drive will discover network operations. As a last resort, the examiner can check the access logs of the Internet service provider (ISP) for surreptitious entries. This step will not necessarily reveal what specific data was removed, but it will indicate that the data was indeed removed from the line.

Industrial espionage is becoming common

Personal information and cash are not the only targets of this growing threat. Online industrial espionage is a growing threat to the United States economy, as well as to our national security. US intelligence agencies recently warned elected officials that China and Russia are involved in cyber espionage. “Trade secrets developed over thousands of working hours by our brightest minds are stolen in a split second and transferred to our competitors,” said a counterintelligence executive. These foreign governments deny this claim.

The principle of Cyber ​​Exchange

Perhaps when it comes to cyber crime, the “Cyber ​​Exchange Principle“It applies. Forensic examination of a computer or server will uncover invasion artifacts. The investigator is then faced with a situation where the crime scene is not limited to a single computer and may involve another computer on the other side of the world. .

The hacker will not leave latent fingerprints, footprints or traces of physiological fluids in the wake of their intrusion. But electronic activity in this case can be much more valuable in the bits and bytes that this activity leaves behind. The principle that Locard advocated so long ago should be at the forefront of our digital detectives’ minds as they search for what clues an invaded computer contains, as well as what traces are waiting to be discovered in cyberspace.