The FBI’s Innocent Images National Initiative investigates online child pornography and child sexual exploitation. Their caseload has increased by 2062 percent from the years 1996 to 2007. 113 cases were opened in 1996, and 2443 were opened in 2007.
The High Technology Crimes Investigation Association is the “largest organization worldwide dedicated to the advancement of training, education and information sharing information between law enforcement and corporate cybercrime investigators. They conducted a survey of their member organizations and their first listed major finding is the increase of criminal use of digital technology. Agencies and companies reported their level of investigation for fourteen categories as show in Figure 5. Major increases were reported in all categories with very few respondents indicating a decrease in a particular activity.
Do we have enough personnel? According to the Bureau of Labor Statistics 883,600 police and detectives were employed in 2008. Their projected employment for 2018 is 968,400, a ten percent increase. This includes first-line supervisors of police and detectives, detectives and criminal investigators, fish and game wardens, police and sheriff’s patrol officers, and transit and railroad police. Additionally, 45,500 private detectives and investigators were employed in 2008. Their projected employment for 2018 is 55,500, a twenty-two percent increase. This includes computer forensic investigators, legal investigators, corporate investigators, financial investigators, and store detectives. How do these employees address computer crime when within one organization, the IC3, reported a twenty-two percent increase in complaints from 2008 to 2009? Dedicated computer forensic investigators only make up some of those employed.
This is validated by the responses in the HTCIA survey of the question of how cybercrime investigators and cyber forensic scientists spent their effort in a dozen categories as shown in Figure 6. In Figure 7, we see that few people are responsible. It seems to be that investigators’ perform many of the aspects of the investigation, and they do not have much help to do so. According to a 2001 report by the National Institute of Justice, electronic crime is not an investigative priority (Figure 8). My guess is this is because investigators can always come back to their work at their computer. The work is not necessarily time sensitive whereas a recent crime may need immediate investigation such as other violent crimes and property crimes. It is better to search for evidence in those situations closer to the time of the offense. Computer crimes are different because the “scene” can be preserved by copying a hard drive bit for bit in a process called imaging. The investigator can come and go as he/she wishes without time tampering the scene or the evidence.
The good news is that the other areas of crime are decreasing, but there is an increase of computers in those crimes where the computers are used to plan a crime, are an instrument of the crime, are used to communicate with conspirators and victims, and are used to keep records important to the user. This is shown in Figure 9 where about two percent of HTCIA member agencies or companies saw a decrease across these activities.
This increase in computer crime introduces organization, quality assurance, and other policy issues. It is difficult to store terabytes of data from a single investigation. How should physical drives be stored in a lab? How are they organized and labeled? What prevents the evidence from being mislabeled when many look the same? How should labs be managed? Should multiple investigators work on one case or should they collaborate? What policies should be in place for the investigators to ensure standards are met?
There are many more questions to be asked. Maybe I'll write about that later. For now I hope you understand the impending crisis of the growth of technology in investigators hands due to technology propagation in criminal circles and personnel limitations. I'll talk about some ideas of how we should address this problem next time.