ICT crime investigation personnel

This section documents the basic minimum of personnel required for an ict-crime syndicate to function effectively. The modern approach to Investigation emphasises team work, gone are the days when an inspector ‘Derricks ’ or ‘Charlock Holms’ would seem to anticipate everything a criminal does and like an onion, layer by layer unravels the crime exposing the criminal and the criminal acts to bare nakedness.

Today the concept of teamwork has gained more prominence as yielding better results. This is so because, teamwork benefits from various expertise available or necessary for the eventual solution of the crime. Hence depending on the nature of a crime a team of necessary experts is put together under a specialised investigator to carry out the investigations. Below we list some of the common experts necessary for any such investigation:

Investigating Officer;

The Investigating Officer is expected to have a good grasp of diverse subjects. An ICT- Crime Investigating Officer is especially expected to have a good grasp of Criminal Law, Law of evidence and Information Technology. In addition:

• He is the overall in-charge of the Investigation,

• He co-ordinates all the investigative activities including deploying experts to perform specific duties,
• Applies for search warrants from the Court,
• Ensures the proper Chain of custody is established and maintained,
• Maintains the Single-Evidence Form
• Ensures that necessary supplies and other logistical needs are available to the investigation team,
• He prepares the investigation report and submits it to the relevant authorities,
• Sometime he appears in court to testify on matters pertaining the investigation,

Computer Data Recovery Expert;

• Discovers all files on the subject system. This includes existing normal files, deleted yet remaining files, hidden files, password-protected files, and encrypted files.

• To duplicate and process all recovered storage devices
• Accesses (if possible and if legally appropriate) the contents of protected or encrypted files.
• Reveals (to the extent possible) the contents of hidden files as well as temporary or swap files used by both the application programs and the operating system.
• Recovers all (or as much as possible) of discovered deleted files,
• To trace the location and IP-address of any remote hacker,
• To record all his activities in the crime scene,
• Prints out an overall analysis of the subject’s computer system, as well as a listing of all possibly relevant files; and discovered file data. Further, provides an opinion of the system layout, the file structures discovered, any discovered data and authorship information, any attempts to hide, delete, protect, encrypt information, and anything else that has been discovered and appears to be relevant to the overall computer system examination.
• Reports to the Investigation Officer

Crime Scene Documentation Officers;

• One to do overview photography of how the crime scene was found,

• Look out for any attempt to use the computer by any user during the incident response process (The period of accessing and taking over the scene).
• Another to sketch the scene of crime, including highlighting where specifically the evidence was collected from, and to;
• Keep a record of all physical evidential material recovered at the crime scene using a Multi- Evidence Form,
• Yet another to video record all the activities of all personnel at the crime scene,
• Reports to the Investigating Officer.

Crime Scene Security Officers;

• Systematically ensures all the security concerns are adhered to on arrival at the incidence scene. That is, people are moved out of the scene (no one who is not part of the team should touch any computer device until the investigation is complete).

• To ensure that only the right personnel have access to the crime scene,
• Ensure that nobody leaves with otherwise evidential material unless the person authorised to do so,
• Safeguards scene integrity when work has to continue to the following day, (Sometimes this may be as easy as closing the door)
• Keeps a crime scene log to document; all that entered the scene, reason for entry and time in time out.
• Crime scene security means keeping out even senior personnel if they are not part of the investigation at the crime scene.
• Reports to the Investigating Officer,