Cybercrime CSIs Have to Avoid Many of the Same Mistakes as Traditional CSIs

Unbeknownst to many outside the law enforcement community – and even some within it – forensic science and crime scene investigations have crossed over into the realm of computer crime. Computer forensic investigations are certainly new to the world of criminal investigations relative to its traditional counterpart that investigates physical crime scenes. Still, it has been around long enough that many CSI professionals are specializing in this unique brand of forensic science.

While cyberforensics and physical forensics obvious are distinguishable from one another in plenty of ways, there is also quite a bit of overlap in their methodology. What blood spatter and microfibers do for CSIs at a physical crime scene, application scans and network traffic do for cyberforensics investigators examining and analyzing computer crimes.

Sponsored Content

With that in mind, some of the overlap between the two disciplines exists in the potential mistakes that can be made during the respective investigations. Some of those potential mistakes are as follows.

  1. Lack of Communication – Communication is essential in any professional relationship and is particularly critical as it pertains to CSI work for physical and computer crimes. Cyber investigators need to communicate with other detectives, pathologists, cyber security personnel, and crime lab scientists in order to maintain the integrity of the overall investigation.


  1. Lack of Rules, Plans, and Best Practices – There is a lot to be said for standard operating procedure when it comes to any kind of crime scene investigation and cybercrimes are no exception. Without detailed policies and procedures in place, even the most skilled cyber CSI can compromise an investigation.


  1. Insufficient Preservation of the Crime Scene – One of the first and most important elements of a cybercrime investigation is determining the severity of the attack and finding out what information has been compromised. There is both volatile and non-volatile data that must be assessed by the investigators and must be done so in a way that will not disrupt metadata before, during, and after analysis.