In August, 2008, federal authorities announced the largest computer hacking case ever processed by the Justice Department: the indictments of 11 people who allegedly stole more than 40 million credit-card and debit-card numbers from at least nine major U.S. retailers. Local law-enforcement agencies frequently are the first responders when individuals and organizations report credit-card fraud and identity theft.
It is an all-too-common situation, however, that a law enforcement officer receives a complaint from a victim of Internet fraud or harassment, and while the officer does his best to capture the details, valuable information on the victim's computer goes uncaptured and never gets to those with the expertise to decipher it. When faced with this scenario, many law enforcement first responders (LEFRs) are confused as to what to do, usually unable to do anything but take down the most basic information. This is because, in part, LEFRs are not sufficiently trained, do not have sufficient computer knowledge, and may lack the computer hardware and software tools that can capture this valuable information. The same can be said of other investigators that may not be considered “law enforcement.” Once a computer is turned off or power removed from a computer, e.g., for transport to a police station or investigator's office, any data that is stored in volatile memory is lost, and can never be captured. Some of this data may include cached information, internet-related browsing data and related temporary files, among other data.
With criminals becoming more sophisticated and with more crimes that take place in or through cyber space, i.e. cybercrime, it is becoming increasingly important that LEFRs be more prepared to capture and analyze digital computer evidence from potential evidentiary or target systems, including volatile data and Web-based service information. This prevents the loss of investigation-critical data that could not only lead to capture of the perpetrator or criminal, but also help build a legal case against the perpetrator or criminal.