By Declan McCullagh
Staff Writer, CNET News.com
January 16, 2007
Police trying to learn how to use the Internet to investigate everything
from cyberstalking to spam and illegal hacking have some new advice,
thanks to the U.S. Department of Justice.
The department's Office of Justice Programs on Tuesday published what
amounts to a manual for tech-challenged gumshoes, covering everything
from how to track suspects through an Internet Relay Chat network to
targeting copyright thieves on peer-to-peer networks.
Local and state law enforcement have bungled some high-tech
investigations recently. The Pennsylvania Supreme Court rejected
prosecutors' attempts to seize newspaper reporters' hard drives, and the
8th Circuit Court of Appeals ruled that police illegally seized a
computer in a methamphetamine investigation. A federal judge permitted
an Internet service provider to sue police after it was raided because
of Usenet posts its employees knew nothing about.
The new 137-page manual (click for PDF ) appears to represent the
Justice Department's attempt to offer at least some basic technical and
legal tips to law enforcement agencies that may not have computer
experts on the payroll.
"Criminals can trade and share information, mask their identity,
identify and gather information on victims, and communicate with
co-conspirators," the manual says. "Web sites, electronic mail, chat
rooms, and file sharing networks can all yield evidence in an
investigation of computer-related crime."
The manual warns of the perils of assuming that the owner of a
computer--especially Windows PCs, which can be vulnerable to security
breaches--is responsible for what's actually on it.
"Because investigations involving the Internet and computer networks
mean that the suspect's computer communicated with other computers,
investigators should be aware that the suspect may assert that the
incriminating evidence was placed on the media by a Trojan program," it
says. "A proper seizure and forensic examination of a suspect's hard
drive may determine whether evidence exists of the presence and use of
Defendants in criminal cases have been known to raise what's become
known as the Trojan defense. In a dawn raid, Arizona police stormed into
the house of a 16-year-old boy named Matthew Bandy and accused him of
downloading child pornography--which carried a maximum penalty of 90
years in prison.
It turned out that, contrary to claims by police and Maricopa County
District Attorney Andrew Thomas, Bandy's home computer was thoroughly
infected by malware. After being contacted by reporters, the Maricopa
County Attorney's Office offered the boy a plea bargain without jail
The Trojan defense was also tried by an eighth-grade math teacher in
Georgia, but with less success. In November, the 11th U.S. Circuit Court
of Appeals upheld the teacher's conviction on federal child pornography
Subscribe to InfoSec News