Feeds

You've been arrested for computer crime: Here's what happens next

The knock on the door you REALLY don't want to hear

Beginner's guide to SSL certificates

It isn't just paedophiles. It is the accountant who thinks he is worth more than the company decides to pay him, and decides to create and pay fictitious invoices. It is the card-cloning gangs buying and selling mag stripes and card dumps. It is the drug dealers who think they are smarter than the police.

Or it is just the plain unlucky techie, who has been been swept up into a cybercrime investigation through no real fault of their own.

Tiny ginger kitten puts its paws up in the manner of a person being arrested.

What follows is a blow-by-blow account of what will happen if you, or someone you know, gets arrested for a computer-related crime. It is written with the guidance and help of an expert in IT forensics as well as a detective with over 20 years experience of dealing with the darker side of IT.

You're under arrest

Everyone hopes it never happens to them. Mud sticks, especially where computer crimes are concerned. Contrary to popular belief, the 5am door knock is rarely used for e-crime suspects as they are usually in custody by the time the evidence collection happens.

The information that leads to your arrest is not dreamed up by some bored copper. Rather, it will likely come from one of two distinct avenues. It can be allegations made by individuals, or alternatively, it can be what the police call “intelligence-led” - where potential information comes from other police operations.

An example of intelligence-led investigations are where people who use their credit cards to purchase illegal porn are revealed. Sometimes evidence even comes from rape or murder cases. When such cases occur, computers are taken as they can contain a whole treasure trove of information, such as a suspect using Google to research “How poisons work” in preparation for carrying out a murder.

A computer crime suspect would be treated in the same manner as any other. They would be arrested, their homes searched, and they would be questioned about any evidence found during the search. This would be done under caution, with the famous rubric: "You do not have to say anything. But it may harm your defence if you do not mention when questioned something which you later rely on in court. Anything you do say may be given in evidence."

The type of police officer who seizes the offending items depends on the perceived complexity of the case and mitigating factors such as the expected level of knowledge of the user.

If the suspect is an average home user then a specially trained PC would pay a visit the home and seize any and all computer equipment and associated media on the premises. These officers, although not forensic experts, are trained in preserving and logging evidence into custody. The shocked residents sharing the house with the suspect would be treated to a hard door knock, a signed warrant and a house full of burly coppers collecting all the evidence they could find, ripping the place apart looking for anything incriminating. Not an ideal way to start the day, for sure.

Seized items are bagged with tamper proof ID and tags, clicking shut like the same cable ties we use to keep our own systems in order. The tag holds details such as item description and photographs of the evidence as it was seized. Inside the clear bags would be all the IT gear belonging to the suspect. Other attributes include the time and place of seizure, as well as case references and exhibit ID. Evidence is not just computers and disks, but can also be passwords on Post-It notes or scraps of paper, printouts or even financial statements. The potential mountain of IT paraphernalia will then be put in the back of a police van and driven away - just as we’ve seen on countless news and cop shows.

In situations where a business computer is involved the collection method can be very different. In cases such as these you can't take all the computers or the business would just fold.

Sometimes the police will be invited in by the business after financial irregularities or incriminating logs have been found and the individual has had their access keys and VPN access cancelled before being summarily marched off the premises, or if they are lucky, put on gardening leave. In such instances the suspect’s computer may be seized as evidence.

Other computers in the office would be cloned using a specialist software forensic tool such as EnCase in conjunction with a write blocker to preserve the integrity of the source disk. A write blocker is a hardware device that prevents any writes to the source disk. Any source disk that is written to is considered tainted evidence.

If police even suspect there might be illegal images on the computer in question, the computer will be removed for inspection. If a financial crime is suspected the police will still seize the equipment. Rarely is anything left behind.

You will then be taken to the police station.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Why Oracle CEO Larry Ellison had to go ... Except he hasn't
Silicon Valley's veteran seadog in piratical Putin impression
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.