NATIONAL LAW SCHOOL OF INDIA

UNIVERSITY, BANGALORE

SEMINAR PAPER
CYBER CRIMES
IMPEDIMENTS IN INVESTIGATING CYBER-CRIMES - A COMPARATIVE STUDY

SUBMITTED BYShivendu Pandey

V Year, B.A., L.L.B. (Hons.)
1928

Page | 1

TABLE

OF

CONTENTS

Introduction...............................................................................................................3
IMPEDIMENTS IN INVESTIGATING CYBER CRIMES.....................................4
Identifying Suspects...............................................................................................4
Obtaining Witness Cooperation..............................................................................7
Choosing the Appropriate Jurisdiction...................................................................8
Logistical and Practical Barriers............................................................................9
Search and Seizure...............................................................................................10
Securing extradition.............................................................................................12
Mutual Assistance................................................................................................14
Problems of Encryption........................................................................................15
Locating and Securing Relevant Material............................................................16
Practical issues.....................................................................................................17
Interview with Loknath Behera- DIRECTOR GENERAL OF POLICE, Kerala 17
Interview with the cyber crime cell (CID) Bangalore..........................................18
Suggestions and Concluding Remarks....................................................................19
Bibliography............................................................................................................25

Page | 2

INTRODUCTION

Technology has both facilitated and impeded the investigation of crime, particularly crimes

involving computing and communications technologies or what is described as cybercrime. On

the one hand, computers have enabled vast amounts of data to be searched and analyzed quickly
and permitted documents and files to be scanned and transmitted across the globe in seconds. On
the other hand, the sheer quantity of information creates considerable problems for investigators
who sometimes have to examine gigabytes of data and break encryption codes before the
material they are interested in can be discovered.

This paper reviews several barriers to the successful investigation of cross-border high tech

crimes, and identifies policy responses that may be appropriate to deal effectively with these
emerging global crime problems. The idea is to highlight legal loopholes and enabling
technologies, which facilitate acts of cyber-crime. In perusing these avenues of inquiry, the
author seeks to identify systemic impediments which obstruct police investigations, prosecutions,
and digital forensics interrogations.

Existing academic research on this topic has tended to highlight theoretical perspectives when

attempting to explain cyber-crimes, rather than presenting practical insights from those actually
tasked with working cyber-crime cases. This paper identifies a number of barriers to the effective
investigation of cyber-crimes, and offers some solutions that could be used to streamline future
investigations in cyberspace.

Page | 3

IMPEDIMENTS IN INVESTIGATING CYBER CRIMES

Some of the important issues faced by investigative agencies across the globe while investigating
cyber-crimes have been discussed below.

IDENTIFYING SUSPECTS

One of the foremost problems that face cybercrime investigators is the identification of suspects.

Occasionally, this can lead to considerable problems when the wrong person is arrested.

In March this year, a case was reported in the media in England that provides a good example of

the problem of trans-national identity-related fraud. The case concerned a 72 year-old man,

Derek Lloyd Sykes, whom the FBI was investigating in connection with alleged telemarketing
fraud involving millions of dollars in the United States.1

Since 1989, Sykes had been making use of the identity of a 72-year old retired businessman from

Bristol in the UK, Derek Bond, who had never met Derek Sykes, and had no connection with his
alleged crimes at all. The FBI issued a warrant for the arrest of Derek Sykes and this was
executed by South African Police in Durban on 6 February 2003 in the name of Derek Bond.
Unfortunately, Derek Bond, the retired businessman, who was on holiday with his wife, was

arrested instead of Derek Sykes.2

The police relied on the fact that the warrant was in the name of Mr Bond, he was the correct

age, looked similar, and had the same passport number. Mr Bond was held in custody at police
headquarters in Durban until 26 February 2003 when he was released following the arrest of the
1 BBC news, Briton may sue after FBI bungle, BBC news online (UK edition) 26 February,
2003. Available at http://news.bbc.co.uk/1/hi/england/2801673.stm, (Last visited on 23
January, 2016).

2 Smith, R. G, Impediments to the Successful Investigation of Transnational High

Tech Crime: Trends and Issues in Crime and Criminal Justice, no. 285, AUSTRALIAN
INSTITUTE OF CRIMINOLOGY, 2004. available at
http://www.aic.gov.au/documents/0/7/6/%7B076B58BA-37AE-4673-93FB9C3150D93D0C%7Dtandi285.pdf, (Last visited on 27th January 2016).

Page | 4

real suspect, Derek Sykes, the day before in Las Vegas. Mr Bond is now planning to sue the FBI
for wrongful arrest and detention for three weeks in South Africa.3

In cyberspace the problems are even worse. As the cartoon in the New Yorker observed, on the

Internet, nobody knows youre a dog! Digital technologies enable people to disguise their

identity in a wide range of ways making it difficult to know with certainty who was using a
computer from which illegal communications came.4 This problem is more prevalent in business
environments where multiple people may have access to a personal computer and where
passwords are known or shared, than in private homes where it can often be assumed who the
person was who was using the computer because of circumstantial evidence.5

On-line technologies make it relatively simple to disguise ones true identity, to misrepresent

ones identity, or to make use of someone elses identity. Remailing services can be used to
disguise ones identity when sending E-mail by stripping them of identifying information and
allocating an anonymous identifier, sometime encrypted for added security. By using several
remailing services, users can make their communications almost impossible to follow.

Anonymity can also be achieved in cyberspace using less technologically-complex means.

Simply purchasing a pre-paid Internet access service from an Internet Service Provider and
renting a telephone line from a carrier, each in a false name provides an easy means of achieving
anonymity. Free E-mail services offered by some Internet Service Providers provide another
means of securing anonymity as the user may simply register using a false name and address. In
addition, the use of Internet Kiosks often permits users to send messages without disclosing their
true identity. These services may be used for legal reasons associated with enhancing privacy or
3 Id.
4 Chen, A, The Agency, THE NEW YORK TIMES MAGAZINE, available at,
http://www.nytimes.com/2015/06/07/magazine/the-agency.html?_r=0, (Last visited
on 22nd January, 2016).

5 Bermay, F. P., & Godlove, N, Understanding 21st century cybercrime from the
common victim, 89(1), 4-5, CRIMINAL JUSTICE MATTERS, (2012).
6 Gilbert, J. N., CRIMINAL INVESTIGATIONS, 6th edi., (Pearson Education Inc., 2004).
Page | 5

for illegal reasons such as evading debts or police investigation of criminal activities. At present
there is few verification checks made when such services are obtained.7
Even E-commerce technologies that make use of public key infrastructures and digital signatures

can be manipulated simply by individuals presenting fabricated documents to support a false

identity when registering with a Registration Authority in order to obtain their key pair for use in

secure transactions. Although the subsequent transaction may be secure from hackers, the

identity of the person holding the key may nonetheless be fictitious.8

In a recent study of on-line anonymity, Forde and Armstrong argued that those Internet services

that provide the highest levels of anonymity are most likely to be used for criminal purposes.
Encrypted E-mail and Internet Relay Chat that provide higher levels of anonymity were found to
be preferred by those engaging in on-line pedophile activity and hacking, while the use of the
World Wide Web and File Transfer Protocols that provided weaker levels of anonymity tended to
be avoided by serious criminals.

Problems of identification also arise when investigating business entities. In New South Wales, a

case was investigated in which the offenders copied official Web sites of premier entertainment
venues, including the Sydney Opera House, in respect of almost every detail, including theatre
layouts and restaurant information. Programs were constantly up-dated to maintain the faade of
legitimacy. The crucial difference was that the fictitious site had its own credit card booking
arrangement, so that customers money would be credited to the offenders account. The bogus

site for Sydney appeared on the Internet with a similar URL to the genuine site. The offenders

created 23 similar sites mirroring opera houses in Europe, including Paris and Vienna. The
computer crime unit of the New South Wales Police Commercial Crime Agency contacted the
FBI after tracing the bogus site to a Miami Internet server. Since then, the server has re-located
7 P. Dubord, Investigating Cybercrime, in J. J. Barbara (Ed.), HANDBOOK OF DIGITAL AND
MULTIMEDIA FORENSIC EVIDENCE, 77, 89, (Totowa, NJ: Humana Press Inc., 2008).

8 Denning, D. E., & Baugh Jr, W. E., Hiding Crimes in Cyberspace, INFORMATION,
COMMUNICATION & SOCIETY, 2(3), 251-276, (2009).

9 Id.
Page | 6

to California. Similar problems involving mirror Websites have been reported in Australia
against on-line banking sites, although these have been quickly identified and dealt with.

10

Problems of identifying suspects are usually resolved by traditional investigative techniques,

such as the use of video surveillance or gathering indirect circumstantial evidence that locates

the accused at the terminal at a particular time and day. However the use of intrusive surveillance

is not always successful with attention having to be paid to human rights issues and legal

privileges.

11

Some investigators are beginning to use biometric means of identification. At present, few

computers have biometric user authentication systems such as fingerprint scanners when logging
on. When they become more widespread, problems of identification may be reduced, although,
of course, once a person has logged-on, this does not prevent someone else from using that
terminal without the persons knowledge if they are absent.12

DNA samples can also be gathered from keyboards which have been used to identify an

individual with a particular computer in some cases. The result, then is that it can be extremely
difficult to determine precisely who is behind particular cybercrimes.13

OBTAINING WITNESS COOPERATION

Another impediment that faces investigators is that of securing the cooperation of complainants

and witnesses. It is now well-documented that the victims of crimes of this nature are reluctant to
report them to the police. Ernst & Young found in its most recent 8th Global Survey of business
10 Chaski, C. E., Whos At The Keyboard? Authorship Attribution in Digital Evidence
Investigations,4, INTERNATIONAL JOURNAL OF DIGITAL EVIDENCE, 1, 13, (2005).

11 Robertson, J., Crime scene investigation: key issues for the future, in J. Horswell
(Ed.), THE PRACTICE OF CRIME SCENE INVESTIGATION, 389, 424, (Boca Raton: CRC Press,
2004).

12 Bennett, D., The Challenges Facing Computer Forensics Investigators in

Obtaining Information,21(3), INFORMATION SECURITY JOURNAL: A GLOBAL PERSPECTIVE ,
159,168, (2011).

13 McQuade III, S. C., UNDERSTANDING AND MANAGING CYBERCRIME, (New York: Pearson
Education, Inc., 2008).

Page | 7

fraud, that only one quarter of frauds reported in the survey were referred to the police and only
28% of those respondents were satisfied with the resultant investigation.

Some of the reasons given by the respondents of an Australian survey conducted by Deakin

University (1994)14 in Melbourne of fraud incidents against businesses in Victoria for not
reporting fraud to the police included a belief that the matter was not serious enough to warrant
police attention, a fear of consumer backlash, bad publicity, inadequate proof, and a reluctance to
devote time and resources to prosecuting the matter. In the case of cybercrime, this last
explanation is of great significance as the time and resources needed to prosecute an offender in
another jurisdiction can be considerable.

15

Similar reasons for non-reporting of electronic commerce incidents were given by the

respondents to KPMGs Global eFraud Survey (2001) in addition to the key factor of the need to

re-instate systems quickly so as to prevent loss of business. Reporting the matter to the
authorities simply prevented the organisation in question from minimising its financial losses,
and possibly leading to further losses being incurred in prosecuting the matter.16

Businesses are reluctant to report cybercrime simply due to a fear of sending good money after

bad as experience may have led them to believe that it will be impossible to recover losses
successfully through legal avenues and that the time and resources which are required to report
an incident officially and to assist in its prosecution simply do not justify the likely return on
investment. Prosecution may entail countless interviews with the police, extensive analysis of
financial records, and lengthy involvement in court hearings for staff. The result is that
investigators may face considerable barriers in securing cooperation from victims and witnesses,
especially those located in other countries.

14 Deakin University, Fraud Against Organisations in Victoria, Deakin University,

Geelong, (1994).

15 Goodman, M. D., Why The Police Don't Care About Computer Crime, , 10(3),
HARVARD JOURNAL OF LAW & TECHNOLOGY , 466, 495, (1997).

16 KPMG, Global e.fr@ud Survey, KPMG Forensic and Litigation Services,

Switzerland, (2001).
Page | 8

CHOOSING

THE

APPROPRIATE JURISDICTION

Where offences are committed in various countries or where the offender and victim are located

in different places, questions arise as to which court should deal with the matter. If the offence in
question can be charged in the country in which the offender is located then problems of
extradition will be avoided, but if the offence must be charged in the country in which the victim
is located or where the effect of the conduct occurred, then the offender will need to be
extradited to that country.

A recent case that illustrates this question concerned a resident of Melbourne in Victoria who

was accused of stalking a woman in Canada by sending letters and E-mail messages and using
the telephone and the Internet. The Canadian woman complained to police in Toronto who
referred the case to the Victoria Police. When the case came before a Magistrate in Melbourne,
the accused argued that the effect of his activities, if any, was in Canada and not in Victoria and
so the court had no jurisdiction to hear the charges. The Magistrate agreed and dismissed the
charges deciding that the fear or apprehension had to be experienced in Victoria for Victorian law
to apply.17

The Director of Public Prosecutions appealed against the decision and the Supreme Court held

that the legislation did have extra-territorial effect and that the defendant could be dealt with in
Victoria even though the victim was located in Canada.18
The problem of so-called negative international jurisdiction also arises. That is, cases that are

not investigated because they could be prosecuted in one of many countries, but none wants to
take action. There is also the reverse problem of too many countries wanting to prosecute a
particularly noteworthy case. What may be needed to deal with this situation is the creation of an
international protocol along the lines of the United Nations protocol on negotiating jurisdiction,
setting out how jurisdiction is best determined in these cases. Generally, the rule is that if a
17 Dr Russell G. Smith, Investigating Cybercrime: Barriers and Solutions, available
at http://www.aic.gov.au/media_library/conferences/other/smith_russell/2003-09cybercrime.pdf, (Last visted on 31st January, 2016).

18 Per Gillard J, DPP v Sutcliffe [2001] VSC 43 (1 March 2001).

Page | 9

country refuses to extradite an offender and if it has power to take action, then it should be
obliged to do so.19

LOGISTICAL

AND

PRACTICAL BARRIERS

Conducting investigations across national borders raises many practical problems that delay

matters and increase cost. Often, for example, investigators have to contact people on the other
side of the globe at inconvenient times. Teleconferences are difficult to arrange at times suitable
for all concerned.20

Documents often need to be translated, particularly if required for diplomatic purposes. This can

cost considerable sums and again delays investigations. Witnesses from non-English speaking
countries may need the assistance of interpreters which can also be expensive and slow down
investigations.21

Finally, countries have different priorities in terms of the importance of cybercrime

investigations. Economic crimes committed using computers are often at the bottom of the
hierarchy of importance in countries where violent crime is prevalent, or where national security
interests may be at stake. The result is that requests for assistance in cybercrime cases may
simply be given a much lower priority, especially if they have come from a country with no
history of cooperative action.

22

19 Brenner, S. W., & Koops, B.-J., Approaches to cyber crime jurisdiction, 15(1),
JOURNAL OF HIGH TECHNOLOGY CRIME, 1,46, (2004).

20 Broadhurst, R. G., Developments in the global law enforcement of cyber-crime,

29(3), POLICING: AN INTERNATIONAL JOURNAL OF POLICE STRATEGIES AND MANAGEMENT ,
408,433, (2006).

21 Collier, P. A., & Spaul, B. J, Problems in Policing Computer Crime, 2(4), POLICING &
SOCIETY, 307,320, (June, 2006).

22 Dubord, P., Investigating Cybercrime, in J. J. Barbara (Ed.), HANDBOOK OF DIGITAL

AND MULTIMEDIA FORENSIC EVIDENCE, 77, 89, Totowa, (NJ: Humana Press Inc., 2009).

Page | 10

SEARCH

AND

SEIZURE

Two methods of obtaining data from a computer system can be distinguished on technical and

legal criteria. In the first, data are obtained as part of a search of premises or the place where the
system is located. The second involves the interception or monitoring of data being transmitted
from, to or within the system. This is an important distinction as remote access to computers via
the Internet can sometimes result in the search amounting to an interception of
telecommunications that needs to comply with special rules concerning warrants.23

One recent case involved the investigation of two Russian computer hackers, Vasily Gorshkov

and Alexey Ivanov who stole large numbers of credit card details and attempted to extort money
from account holders. In an undercover operation, FBI agents posed as representatives of a
security firm and made contact with the accused, ostensibly to discuss employment prospects in
the United States. The two accused demonstrated their hacking expertise for the agents who then
invited them to come to the United States.24

While in the United States the FBI agents used a key logging program to discover the accused

persons passwords that would provide access to their computers in Russia. They were then
arrested and charged with various offences.25

In order to preserve the computer evidence in Russia, the FBI agents immediately copied data

from the servers in Russia via the Internet prior to obtaining a search warrant in the United

States. The defence raised various objections to this arguing that the search was unconstitutional,

being in breach of the Fourth Amendment that requires warrants to be issued prior to searches
being conducted. The United States court held that the Fourth Amendment did not apply to these
23 Casey, E., DIGITAL EVIDENCE AND COMPUTER CRIME, (San Diego: Academic Press,
2008).

24 Ciardhuin, S. & Gillen, P., GUIDE TO BEST PRACTICE IN THE AREA OF INTERNET CRIME
INVESTIGATION, Report from EU FALCONE Project No. JAI/2001/Falcone/127 Training:
Cyber Crime Investigation Building a Platform for the Future, (Dublin, Ireland: An
Garda Sochna, 2002).

25 Marshall, A., DIGITAL FORENSICS, DIGITAL EVIDENCE IN CRIMINAL INVESTIGATION, (United

Kingdom: Wiley-Blackwell, 2008).

Page | 11

actions as the data had been obtained outside the United States. The court also held that there had
been no seizure of the data as it had merely been copied but not read prior to the warrant being
obtained.26

Another problem concerns evidence that is discovered during the course of a search that exceeds

the scope of the warrant. In one case, for example, police had obtained a warrant to examine the
accuseds computer for evidence to support charges of drug dealing, but discovered child
pornography on the computer. The police downloaded the 244 JPEG files and charged the
accused with possession of child pornography. The court in the United States decided, however,
that this evidence had been obtained illegally as it had exceeded the scope of the original
warrant.27

Difficult problems arise in obtaining digital evidence in cybercrime cases, although in some

ways computers have made the process easier through the ability to conduct searches of hard
drives remotely via the Internet. Some of the main difficulties, however, relate to obtaining
permission to conduct such a search, securing the relevant access device such as a password,
decrypting data that have been encrypted, and imaging a hard drive without interfering with the
evidence. There is also the practical problem of conducting searches quickly so that data cannot
be removed.28

A final problem concerns the retention of material by investigators. If child pornography has

been seized by police, they may be unable to return it to accused persons as this would entail the
illegal distribution of obscene materials. In the United Kingdom, the Possession of Unlawful

Items Act could be used to enable police to dispose of child pornography that had been found of
computers- but this is not yet in force.

29

26 United States v. Gorshkov 2001 WL 1024026, No. CR-550C (W.D. Wash 23 May
2001).

27 United States v. Carey 172 F. 3d 1268 (10th Cir 1999).

28 Nuth, M. S., Crime and technology Challenges or solutions? Taking advantage
of new technologies: For and against crime, COMPUTER LAW & SECURITY REPORT, 24,
437. 446, (2008).

Page | 12

SECURING

EXTRADITION

Where an accused person is resident in a country other than the one in which criminal

proceedings are to be taken, it is possible for that person to be extradited to that country to stand
trial. Extradition requires not only that an appropriate treaty exist between the two countries
concerned, but also that the conduct in question be criminalised in both the referring and
receiving country. In cases of computer crimes this if often not the case.30

McConnell International, for example, recently carried out a survey of cybercrime laws in 52

countries and found that 33 of the countries surveyed had not yet updated their laws to address
any type of computer crime. Of the remaining countries, 9 had enacted legislation to address five

or fewer types of computer crime, and 10 had updated their laws to prosecute six or more of the
ten types of computer crime identified.

31

An example of the kind of difficulties that can arise concerns the case of Onel de Guzman who

was alleged to have sent out the so-called Love Bug virus in May 2000. The virus which

infected Microsoft Windows operating systems was sent by E-mail attachments which when
opened damaged files in the computer and then replicated itself by sending similar messages to
all the addresses in the infected computers address book. The estimated damage caused globally
was estimated to be between $6.7 billion and $15.3 billion.32

The virus was traced to an Internet Service Provider in the Philippines who cooperated with

police to locate the residence in question. A computer science student named Onel de Guzman
29 Supra note 23.
30 Roth, B. R., State sovereignty, international legality, and moral disagreement, Paper
presented at the Annual Meeting of the American Political Science Association, (September
2005), available at http://www.ihrr.net/files/2006ss%20/State-Sovereignty-Int-LegalityMorality-Roth-2005.pdf, (Last visited on 29 January, 2016).

31 McConnell International, Cybercrime and Punishment? Archaic Laws Threaten Global

Information,(2000), available at http://mcconnellinternational.com/servic
es/CyberCrime.htm, (Last visited on 30 January, 2016).2001).

32 Supra note 13.

Page | 13

was arrested but the creation and release of a computer virus was not proscribed by Philippine
law at the time. Because the conduct was not illegal in the Philippines he could not be extradited
to the United States where the conduct was illegal because of the principle of dual criminality.33

The so-called Citibank case also provides an illustration of the problems associated with securing

extradition in cybercrime cases. Between June and October 1994, a group of Russian computer
hackers attempted to steal approximately US$10.7 million from various Citibank customers
accounts in the United States by manipulating its computerised funds transfer system.34

One offender, Vladimir L. Levin, was working in a Russian firm, and gained access over 40

times to Citibanks funds transfer system using a personal computer and stolen passwords and
account identification numbers. Using a computer terminal in his employers office in St
Petersburg, he authorised transfers of funds from Citibanks head office in New Jersey to
accounts which he and his co-conspirators held in California, Finland, Germany, the Netherlands,
Switzerland, and Israel.35

After Levin was identified as a suspect an arrest warrant was issued in a Federal Court in the

United States. At the time there was, however, no extradition treaty between Russia and the
United States. Levin, however, made the mistake of visiting England to attend a computer
exhibition and was arrested at Stansted Airport, in England on 3 March 1995. There was an
extradition treaty between the United States and the United Kingdom but it was necessary to
establish that the offences charged in the United States had a counterpart in the United Kingdom.
This did not present problems as the offences had equivalents under the Computer Misuse Act
(Eng). There was, however, legal argument about whether or not the United States had

33 Supra note 13.

34 Supra note 21.
35 Forde, P. and Armstrong, H., The Utilisation of Internet Anonymity by Cyber Criminals,
Paper presented at the INTERNATIONAL NETWORK CONFERENCE, 16-18 July, Sherwell Conference
Centre, University of Plymouth, Plymouth, (2002), available at
http://www.cbs.curtin.edu.au/Workingpapers/other/Utilisation%20of%20Internet
%20Anonymity%20by%20Cyber%20Criminals.doc (Last visited on 29 January 2016).

Page | 14

jurisdiction to act. It was concluded that there was jurisdiction because the conduct affected
magnetic disks located in the United States.36

After protracted legal proceedings which went to the House of Lords, he was extradited to stand

trial before the Federal District Court in New Yorks Southern District. On 24 February 1998, he
pleaded guilty to conspiracy to defraud and was sentenced to thirty-six months imprisonment
and to pay Citibank US$240,015 in restitution.37

Citibank was able to recover all but $240,000 of the $10.7 million worth of illegally transferred

funds. None of the banks depositors lost money and since the fraud was discovered, Citibank
required customers to use an electronic password generator for every transfer of funds. The
consequences for Citibanks business reputation were, however, considerable.38

MUTUAL ASSISTANCE

In order to facilitate criminal investigations carried out internationally, use is often made of

mutual assistance treaties. These provide a legal basis for authorities in one country to obtain
evidence for criminal investigations at the request of authorities from another country.39

Instruments of this kind cover a range of assistance including: the identification and location of

persons; the service of documents; the obtaining of evidence, articles and documents; the
execution of search and seizure requests; and assistance in relation to proceeds of crime.40

36 Id.
37 Supra note 35.
38 R. v. Governor of Brixton Prison; Ex parte Levin [1996] 3 WLR 657; In re Levin
House of Lords, 19 June 1997.

39 Roberts, L., Jurisdictional and definitional concerns with computermediated

interpersonal crimes, (January, 2008).

40 McQuade III, S. C., UNDERSTANDING AND MANAGING CYBERCRIME, (New York: Pearson
Education, Inc., 2008).

Page | 15

There are, however, various problems associated with using mutual legal assistance

arrangements. The central difficulty is the slow and cumbersome nature of official requests.
There are also problems with the direct transmission of documents as mail can only be faxed in
an emergency and to a court tribunal. It is also difficult to use direct requests for assistance
unless the person seeking assistance knows specifically to whom the request should be sent.

Costs associated with mutual legal assistance are borne by the party providing assistance. This

creates hardship where small countries are concerned that are required to process many requests
for assistance from large countries, but they rarely seek assistance themselves. This means that
such small countries are subsidising the legal process of much larger nations.

Obtaining evidence in cybercrime cases through the use of formal mutual assistance

arrangements entered into between nations can be exceedingly slow and ineffective. Often
searches need to be conducted immediately in order to preserve evidence held on servers and the
prospect of waiting weeks or even months for official diplomatic procedures to be complied with

is daunting. Often by the time that assistance has been obtained the trail of evidence has gone

cold.41

As an alternative to the use of formal mutual assistance arrangements, investigators often rely on

informal networks of contacts in different countries established through prior joint investigations
or through contacts made during conferences such as the present. Such good working
relationships are crucial to conducting an investigation in a timely and effective way.

42

PROBLEMS

OF

ENCRYPTION

A difficult problem that faces cybercrime investigators concerns data that have been encrypted

by accused persons who refuse to provide the decryption key or password.

41 Capus, N., Sovereignty and criminal law: the dual criminality requirement in
international mutual legal assistance in criminal matters, (Munich: Max Planck
institute, 2009).

42 Gabrys, E., 11(4), The international dimension of cyber crime. Part 1. Special
issue coverage: Information warfare/cyber crime, Information Systems Security, 21,
32, (2002).

Page | 16

An illustration of the use of strong encryption by a criminal organisation was uncovered during

Operation Cathedral by police in 1998, which led to the largest ever global seizure of

paedophile material. This involved police in 15 countries who uncovered the activities of the
Wonderland Club, an international network with members in Europe, North America, and
Australia who used the Internet to download and exchange child pornography including real-time
video images. The Club used a secure network with regularly changed passwords and encrypted
content. In Europe alone, over 750,000 images were recovered from computers, along with over
750 CDs and 1,300 videos and 3,400 floppy disks. The encryption used was able to be overcome
because one member of the Club cooperated with police and provided access to the files. This led
to approximately 100 arrests around the world in September 1998.43

The other way in which to decrypt data is to install a key logging program onto a computer that

will capture the password used for decryption. The installation of such a program, of course,
must be done without the knowledge of the accused and a special warrant needs to be obtained
for this. In one famous case in the United States, evidence obtained in this way was challenged
on the grounds that the key logger involved the illegal interception of wire communications that
requires a special warrant. It was held, however, that the key logger only operated when the

computers modem was not connected, thus excluding any interception of telecommunications. 44

If all else fails, investigators may seek to break encryption codes, although this is difficult, time

consuming and costly and would be inappropriate in all but the most serious of matters.45

Some computer crimes legislation is beginning to expand the range of investigatory powers

available to law enforcement agencies, for example, by making it an offence for a person with
knowledge of a computer system to refuse to divulge passwords or to refuse to provide
information about encryption. The Australian Cybercrime Act 2001, for example, provides a
maximum penalty of six months imprisonment for failure to comply with a Magistrates order to

43 Australasian Centre for Policing Research, 126, (2000).

44 United States v. Scarfo, 2001. See: www.epic.org/crypto/scarfo.html).

45 Russell G. Smith, Impediments to the Successful Investigation of Transnational

High Tech Crime, 285,

Page | 17

provide such information to investigating officials (see s. 3LA Criminal Code Act 1995 and s.
201A of the Customs Act 1901).46

LOCATING

AND

SECURING RELEVANT MATERIAL

Considerable difficulties arise in locating and securing electronic evidence as the mere act of

switching on a computer may alter critical evidence and associated time and date records. It is
also necessary to search through vast quantities of data in order to locate the information being
sought.47

The Australian Federal Police, for example, has seen an exponential increase in the size of data

storage systems that are required to be analysed during investigations. Where a law enforcement
examination of a computer hard drive in 1990 involved 50,000 pages of text, a contemporary
examination would involve between 5 and 50 million pages of text. This increase in investigative
capacity has created considerable resource implications for police that will no doubt increase in
the years to come.48

A major problem concerns the seizure of digital evidence from hard drives on networked

computers in which both relevant and irrelevant material (as well as legally privileged material)
are contained together. The practical problem arises when imaging hard drives and then having to

determine which material is relevant to the charges in question. This creates problems with

search warrants where non-specified data are included in the hard drive, arguably leading to the
invalidity of the whole search and seizure procedure. It is practically impossible to examine
80GB of data held on a hard drive in order to determine what is relevant. In the United Kingdom

46 TRENDS & ISSUES IN CRIME AND CRIMINAL JUSTICE, (2004).

47 Rao I. J., 1(X), Cyber crimes: issues and concerns, INDIAN STREAM RESEARCH JOURNAL,
111,115, (201).

48 Sussmann M, The critical challenges from international high tech and computerrelated crime at the millennium, DUKE JOURNAL OF COMPARATIVE AND INTERNATIONAL LAW,
9(2), 451, 490, (2011), available at http:// www.g7.utoronto.ca/scholar/sussmann/
duke_article_pdf.pdf, (Last visited on 29 January, 2016).

Page | 18

the problem of unseparated material seized on hard drives will be resolved when legislative
amendments to the Criminal Justice and Police Act 2001 come into force.49

Other problems relate to disabling networks when seizing data, especially for large public or

private sector organisations which rely on 24 hour access to networks, and also the problem of
offenders storing data externally on other peoples computers in order to evade detection.50
PRACTICAL

ISSUES

The researcher conducted two interviews with the relevant authorities to gain some relevant
insight into the practical difficulties faced by investigating agencies while investigating cyber
crimes in India. The same have been discuseed below.
INTERVIEW

WITH

LOKNATH BEHERA- DIRECTOR GENERAL OF POLICE,

KERALA
According to Mr. Loknath Behra, collection of evidence from IT enabled devices is a challenge
for the police forces and agencies in India. Investigation and collection of evidence in such cases
requires knowledge and skill that most police personnel in the country do not have. This gives
the perpetrators an edge over the agencies.51
He further added that the police do not know how to conduct a proper search in a computerised
environment, particularly in a networked ecosystem. Most of the times, the police is also not
aware of the correct tool or software that needs to be used to collect evidence. He acknowledged
that while investigating and collecting cyber evidence, the police usually do not take the help of
cyber forensic experts. They lose out on vital evidence and clues. This leads to acquittal of
criminals. Finally, he noticed that there are not many cyber forensic experts in the country and
the solution lies in training police officers in cyber forensics. According to him, each police
station should have at least one such expert.52

49 Supra note 45.

50 Supra note 45.
51 Interview with Loknath Behera- DIRECTOR GENERAL OF POLICE, Kerala,
conducted on January 15th, 2016.
Page | 19

INTERVIEW

WITH THE CYBER-CRIME CELL

(CID) BANGALORE

In the words of a senior officer at the cyber cell, cyber forensic facility in India is inadequate. He
further stated that we have a long way to go before we can establish state-of-art labs and we need
modern standard operating procedures (SOPs) like those in developed countries.
As far as tools for collection of digital evidence, there are a number of tools available in the
market. Few police officers, however, acquire and use them. The problem is that they are not
sure whether these are standard tools. They are also not aware of their source codes, making
them challengeable in court.

52 Id.
Page | 20

SUGGESTIONS

AND

CONCLUDING REMARKS

Based on the issues outlined above, the researcher has made certain suggestions to improve upon
the investigation of cyber-crimes. They have been discussed below.

HARMONIZATION

OF

LAWS

The continuing harmonisation of laws and the adoption of international conventions on

cybercrime and transnational and organised crime will make prosecutions easier and will greatly
improve mutual assistance and extradition of offenders. Already this is starting to occur with the
adoption in November 2000 of the United Nations of the Convention Against Transnational
Organised Crime and the adoption by the Committee of Ministers of the Council of Europe on 8
November 2001 of the Convention on Cybercrime. These Conventions contain provisions
criminalising certain conduct, as well as provisions dealing with special investigative techniques,
witness and victim protection, cooperation between law enforcement authorities, exchange of
information, training and technical assistance, and prevention at the national and international
levels.53

Although the Convention and the Cybercrime Act resolve problems to do with copying data from

hard drives on premises and remotely, obtaining access to encrypted files, and seizing aggregated
data, questions still remain concerning the scope of warrants, the ability to intercept E-mails
prior to delivery, data held not on the accuseds premises, extra-territorial searches, and the scope
of mutual assistance orders.54
53 Morris, S., THE FUTURE OF NETCRIME NOW: PART 1 THREATS AND CHALLENGES, Home
Office Online Report 62/04, available at
http://www.globalinitiative.net/download/cyber crime/europerussia/Home%20Office
%20-%20The%20future%20of%20netcrime%20now%20%20Part
%201%20%E2%80%93%20threats%20and%20challenges.pdf, (Last visited on
January 29, 2016).
54 Ritter, N., Digital Evidence: How law enforcement can level the playing field with
criminals. NIJ JOURNAL, 254, 20, (2006), available at
http://www.nij.gov/journals/254/Pages/digital_evidence.aspx, (Last visited on January
30, 2016).
Page | 21

In addition, there is a need for as many countries as possibly to enact local legislation in order to

prevent safe havens from continuing to exist where criminals can base their operations.

Finally , development and promotion of national, regional, and international polices related to

collecting electronic evidence, including improving national, regional and international

coordination between law enforcement agencies is really important. Ideally, this should take the

form of a binding legal instrument such as a convention on cyber-crime under the auspices of the
United Nations.55

IMPROVING

TECHNICAL CAPABILITIES

The investigation of cross-border cybercrime also requires adequate forensic and technical

expertise. This implies the formulation of training programs and the development of investigative
software tools. International training programs could be developed and expertise could be shared
between different nations. The United Nations, under its crime prevention and criminal justice
program, could examine the desirability of reviewing its manual on computer crime and further
support the work already undertaken by other international organisations. Similarly, the
Computer Crime Manual developed by the European Working Party on Information Technology
Crime needs to be continually up-dated, particularly with respect to the development of specific
software tools used to detect cybercrimes.56

The level of funding required for training and also for up-grading equipment is not

inconsiderable. This ultimately leads to costs associated with investigations increasing. The
result may be that in the future only large -scale criminal activities will able to be investigated, a
problem that already exists in many countries.

One solution may be to share the investigatory burden between public and private sector

agencies. Already specialist cybercrime units have been established within police services in
55 United Nations (1999, May 12). United Nations Manual on the Prevention and
Control of Computer-Related Crime. International Review of Criminal Policy - Nos. 43
and 44, available at http://www.uncjin.org/Documents/irpc4344.pdf, (Last visited on
January 29, 2016).
56 Supra note 53.
Page | 22

many countries and as these continue to expand they will become a repository of expertise that
the private sector can utilise. Similarly, law enforcement agencies are continuing to outsource
specialist forensic tasks to the large accounting consultancy companies who often have former
police-trained personnel working for them.

CREATING

AWARENESS- WEB-BASED REPORTING PORTALS, AND CYBER CRIME

HOTLINES

Creating awareness among the victims and the witnesses is another important aspect which could
help investigative agencies. In this regard, the Australian Model is worth emulating where the
establishment of web-based reporting portals which has seen a significant rise in the reportage of
cyber-crimes in the country.

SHARING

OF INFORMATION

There needs to be greater sharing of information between investigators, both within the public

and private sectors. This already occurs in the public sector but openness needs to be encouraged
in the private sector as well, even where commercial competitive interests may be at stake.
Organisations such as the Association of Certified Fraud Examiners can help to facilitate the
exchange of information and to set standards which will enhance the ability to respond
effectively to cybercrime.57

It is important at the outset for organisations to establish networks of information so that when

an investigation begins, contact can be made immediately with the appropriate person in another
country. Secure Intranets, such as that used by the Australian Bureau of Criminal Intelligence,
are an excellent way in which this can be achieved. Subject to constraints of privacy legislation,
these could be used in the private sector as well.58
57 Allen, G., Responding to cybercrime: A delicate blend of the orthodox and the
alternative, NEW ZEALAND LAW REVIEW, 2, 149,178, (2009).

58 Smith, R. G. (2004). Impediments to the Successful Investigation of Transnational

High Tech Crime. Trends and Issues in Crime and Criminal Justice, no. 285,
Australian Institute of Criminology, available at
http://www.aic.gov.au/documents/0/7/6/%7B076B58BA-37AE-467393FB9C3150D93D0C%7Dtandi285.pdf, (Last visited on January 29, 2016).

Page | 23

Twenty-four hour computer crime response centers are now being established in many countries.

These centers, which are to be used for genuine emergencies only, enable requests for real-time
computer investigations to be handled at any time of the day or night in the participating country.
In Australia, the Australian Federal Police handles such requests and refers queries to relevant
state and territory police services of other Australian Federal Police regional offices.59

In the European Union, Europol, which was created in 1998 and based in the Hague, is an

information clearing house and analysis centre with law enforcement liaison officers in various
member states. It aims to increase cooperation and communication between and among law

enforcement agencies in member states rather than acting as a European police service.60

OUTSOURCING

TO THE PRIVATE SECTOR-

THE US MODEL

The G-8s High-Tech Crime Group has also recommended the establishment of cooperative

arrangements between public sector police and regulatory agencies and the private sector. For
example, there is a need for telecommunications carriers and ISPs to make certain information
available to investigators on production of an appropriate search warrant. Ideally, such
arrangements need to be uniform across jurisdictions. In order to facilitate timely responses to a
request for assistance from another State, the G8 agreed to establish a system of contact points,
available 24 hours a day and for 7 days a week (24/7) which are now in place.

One example of a cooperative venture involving public and private sector bodies is the

Cybercrime Unit created by the International Chamber of Commerces Commercial Crime

Bureau in London in 1999. This brings together law enforcement bodies such as Interpol,
Scotland Yard, and the FBI, as well organisations within the private sector including major
financial institutions and businesses. The Unit acts as a clearinghouse for information on
electronic crime and passes details of frauds and solutions between companies and the police.61
59 Downing, R. W., Shoring Up the Weakest Link: What Lawmakers Around the
World Need to Consider in Developing Comprehensive Laws to Combat Cybercrime,
COLUMBIA JOURNAL OF TRANSNATIONAL LAW, 43, 741,762, (2005).

60 Supra note 35.

61 Supra note 29.
Page | 24

SPECIFIC SUGGESTIONS

FOR INDIA

There is a need to ensure specialized procedures associated with expertise manpower for
prosecution of cybercrime cases so as to tackle them on a war footing.
Just like the U.S. Secret Service or the FBI, which provides training to state and local law
enforcement officials in cybercrime forensics and related topics, similar programs can be
conducted by CBI, which has its separate cyber cell and a manual for conducting investigation.
The methods of the CBI can be used by the Police include close supervision of investigation of
the important cases by senior officers and evolving a mechanism so that the investigating officers
and Superintendents of Police can get legal advice during the investigation.
Cyber projects like National Cyber Coordination Centre (NCCC) of India, Cyber Attacks Crisis
Management Plan of India, Internet Spy System Network And Traffic Analysis System
(NETRA) of India, Crime and Criminal Tracking Network and Systems (CCTNS) Project of
India, etc. have still not been implemented successfully by Indian government and there is an
urgent need to implement these projects in India as soon as possible.
Quick response to the Interpol references and bilateral requests, liberal sharing of forensic
technology and more cross-country training exchange programs besides timely alert can be a
major step to curb the cyber menace.
Cyber-crime can only be effectively countered when there is a proper coordination and guidance
available from various stakeholders, such as industries, local police as well as the state and
central governments. To facilitate such cooperation as well as to give impetus and to govern the
effective implementation of various initiatives, we need to have adequately tasked and staffed
agencies working at various levels. Indian Computer Emergency Response Team (CERT-In) is
the national nodal agency set up to respond to computer security incidents as and when they
occur. Some of the activities undertaken by CERT-In toward cybersecurity include coordination
of responses to security incidents and timely advice regarding imminent threats, conduct
trainings on specialized topics of cybersecurity and development of security guidelines on major
technology platforms.62
62 Supra note 57.
Page | 25

There should be an e-filing system for filing of FIR keeping in mind the digitalization of many
government bodies and also to reduce the burden on the victims to approach physically at the
police station. Process re-engineering is required to ensure that the current cumbersome
procedure of a complainant having to go to a police station to file an FIR is replaced with a

single emergency response interface, which can bring the police to the doorstep of the victim in
distress. There is a need of a centralized online cybercrime reporting mechanism in India, which

provides victims of cybercrime, a convenient and easy reporting mechanism that alerts
authorities of suspected criminal or civil violations. Also for law enforcement agencies at the
national, state, and local level, there should be a central referral mechanism for complaints
involving cybercrime.
In many cases, private corporations have more experience with cybercrime investigations than
local police agencies & henceforth, the Police can seek cooperation with private corporations
without compromising the security.63 For example in the United States, a privately-led Identity
Ecosystem Steering group (IDES) has been established to support the National Strategy for
Trusted Identities in Cyberspace (NSTIC).
A number of police agencies have formed partnerships with computer science departments at
local universities. These partnerships not only provide expertise to the police, but also serve as a
recruiting tool for students who have an interest in cybercrime and policing. A knowledge hub
thus can be established which can also attract students to pursue a career as cyber investigators.

To conclude, as society evolves and technology marches forward, our understanding of the

origins of criminality must be continuously revised. The persistence, prevalence and seriousness
of cyber-crimes demand a greater response from the international community.

Technology is now deeply enmeshed within the fabric of society. Criminals understand that

technology is a highly effective force which can be abused to enable illicit activity, and leveraged
to facilitate access to victims living online globally.64

63 Cybercrime one of the key concerns for Indian organisations: Study, available at
http://www.ibnlive.com/news/tech/cybercrime-one-of-the-key-concerns-for-indianorganisations-study-1192916.html, (Last visited on January 29, 2016).
Page | 26

Our collective dependency on technology makes this threat extremely difficult to eliminate. The

relative ease with which offenders engage in cyber-crime, and the high gains afforded to
perpetrators, ensures that motivation for committing such crimes remains strong. Manifestations
of crime emanating from the cyber domain are among the most formidable challenges for
workers in criminal justice systems worldwide. The magnitude of this challenge is clearly

acknowledged by the US Intelligence Community who classify cyber as the prime global threat

to national security, ahead of terrorism, proliferation of weapons of mass destruction, and

transnational organized crime. The status quo has now reached a critical tipping point where

proactive measures must be taken to raise awareness, identify barriers and effectively tackle
them, in order to counter a growing threat which is highly organized, well-funded, and
immensely lucrative.

BIBLIOGRAPHY
ARTICLES

AND REPORTS

Allen, G., Responding to cybercrime: A delicate blend of the orthodox and the

alternative, NEW ZEALAND LAW REVIEW, 2, 149,178, (2009).

Australasian Centre for Policing Research, (2000).
BBC news, Briton may sue after FBI bungle, BBC news online (UK edition) 26

February, 2003. Available at http://news.bbc.co.uk/1/hi/england/2801673.stm.

Bennett, D., The Challenges Facing Computer Forensics Investigators in Obtaining
Information,21(3),

INFORMATION

SECURITY

JOURNAL:

GLOBAL

PERSPECTIVE, 159,168, (2011).

Bermay, F. P., & Godlove, N, Understanding 21st century cybercrime from the common

victim, 89(1), 4-5, CRIMINAL JUSTICE MATTERS, (2012).

Brenner, S. W., & Koops, B.-J., Approaches to cyber crime jurisdiction, 15(1),
JOURNAL OF HIGH TECHNOLOGY CRIME, 1,46, (2004).

64 Shavers, B., USING DIGITAL FORENSICS AND INVESTIGATIVE TECHNIQUES TO IDENTIFY CYBERCRIME SUSPECTS, (Waltham, MA: Syngress, 2013).

Page | 27

Broadhurst, R. G., Developments in the global law enforcement of cyber-crime, 29(3),

POLICING: AN INTERNATIONAL JOURNAL OF POLICE STRATEGIES AND

MANAGEMENT, 408,433, (2006).

Chen, A, The Agency, THE NEW YORK TIMES MAGAZINE, available at,

http://www.nytimes.com/2015/06/07/magazine/the-agency.html?_r=0.
Collier, P. A., & Spaul, B. J, Problems in Policing Computer Crime, 2(4), POLICING &

SOCIETY, 307,320, (June, 2006).

Cybercrime one of the key concerns for Indian organisations: Study, available at
http://www.ibnlive.com/news/tech/cybercrime-one-of-the-key-concerns-for-indian-

organisations-study-1192916.html.
Deakin University, Fraud Against Organisations in Victoria, Deakin University, Geelong,

(1994).
Denning, D. E., & Baugh Jr, W. E., Hiding Crimes in Cyberspace, INFORMATION,

COMMUNICATION & SOCIETY, 2(3), 251-276, (2009).

Downing, R. W., Shoring Up the Weakest Link: What Lawmakers Around the World
Need to Consider in Developing Comprehensive Laws to Combat Cybercrime,

COLUMBIA JOURNAL OF TRANSNATIONAL LAW, 43, 741,762, (2005).

Dr Russell G. Smith, Investigating Cybercrime: Barriers and Solutions, available at
http://www.aic.gov.au/media_library/conferences/other/smith_russell/2003-09-

cybercrime.pdf.
Forde, P. and Armstrong, H., The Utilisation of Internet Anonymity by Cyber Criminals,
Paper presented at the INTERNATIONAL NETWORK CONFERENCE, 16-18 July,
Sherwell Conference Centre, University of Plymouth, Plymouth, (2002), available at
http://www.cbs.curtin.edu.au/Workingpapers/other/Utilisation%20of%20Internet

%20Anonymity%20by%20Cyber%20Criminals.doc.
Gabrys, E., 11(4), The international dimension of cyber crime. Part 1. Special issue
coverage: Information warfare/cyber crime, Information Systems Security, 21, 32,

(2002).
Goodman, M. D., Why The Police Don't Care About Computer Crime,10(3), HARVARD

JOURNAL OF LAW & TECHNOLOGY, 466, 495, (1997).

KPMG, Global e.fr@ud Survey, KPMG Forensic and Litigation Services, Switzerland,
(2001).

Page | 28

McConnell International, Cybercrime and Punishment? Archaic Laws Threaten Global

Information,(2000),

available

at

http://mcconnellinternational.com/servic

es/CyberCrime.html.
Morris, S., THE FUTURE OF NETCRIME NOW: PART 1 THREATS AND
CHALLENGES,

Home

Office

Online

http://www.globalinitiative.net/download/cyber

Report

62/04,

available

at

crime/europerussia/Home%20Office

%20%20The%20future%20of%20netcrime%20now%20%20Part

%201%20%E2%80%93%20threats%20and%20challenges.pdf.
Nuth, M. S., Crime and technology Challenges or solutions? Taking advantage of new
technologies: For and against crime, COMPUTER LAW & SECURITY REPORT, 24,

437. 446, (2008).

Ciardhuin, S. & Gillen, P., GUIDE TO BEST PRACTICE IN THE AREA OF
INTERNET CRIME INVESTIGATION, Report from EU FALCONE Project No.
JAI/2001/Falcone/127 Training: Cyber Crime Investigation Building a Platform for

the Future, (Dublin, Ireland: An Garda Sochna, 2002).

Rao I. J., 1(X), Cyber crimes: issues and concerns, INDIAN STREAM RESEARCH

JOURNAL, 111,115, (201).

Ritter, N., Digital Evidence: How law enforcement can level the playing field with
criminals.

NIJ

JOURNAL,

254,

20,

(2006),

available

at

http://www.nij.gov/journals/254/Pages/digital_evidence.aspx.
Roberts, L., Jurisdictional and definitional concerns with computermediated interpersonal

crimes, (January, 2008).

Roth, B. R., State sovereignty, international legality, and moral disagreement, Paper
presented at the Annual Meeting of the American Political Science Association,
(September 2005), available at http://www.ihrr.net/files/2006ss%20/State-Sovereignty-

Int-Legality-Morality-Roth-2005.pdf.
Russell G. Smith, Impediments to the Successful Investigation of Transnational High

Tech Crime, 285, TRENDS & ISSUES IN CRIME AND CRIMINAL JUSTICE, (2004).
Smith, R. G, Impediments to the Successful Investigation of Transnational High Tech
Crime: Trends and Issues in Crime and Criminal Justice, no. 285, AUSTRALIAN
INSTITUTE

OF

CRIMINOLOGY,

2004.

available

http://www.aic.gov.au/documents/0/7/6/%7B076B58BA-37AE-4673-93FB9C3150D93D0C%7Dtandi285.pdf.
Page | 29

at

Smith, R. G. (2004). Impediments to the Successful Investigation of Transnational High

Tech Crime. Trends and Issues in Crime and Criminal Justice, no. 285, Australian
Institute

of

Criminology,

available

at

http://www.aic.gov.au/documents/0/7/6/%7B076B58BA-37AE-4673

93FB9C3150D93D0C%7Dtandi285.pdf.
Sussmann M, The critical challenges from international high tech and computer-related
crime

at

the

millennium,

INTERNATIONAL

LAW,

DUKE
9(2),

JOURNAL

451,

490,

OF
(2011),

COMPARATIVE
available

at

AND
http://

www.g7.utoronto.ca/scholar/sussmann/ duke_article_pdf.pdf.
United Nations (1999, May 12). United Nations Manual on the Prevention and Control of
Computer-Related Crime. International Review of Criminal Policy - Nos. 43 and 44,
available at http://www.uncjin.org/Documents/irpc4344.pdf.

BOOKS

Capus, N., Sovereignty and criminal law: the dual criminality requirement in
international mutual legal assistance in criminal matters, (Munich: Max Planck institute,

2009)
Casey, E., DIGITAL EVIDENCE AND COMPUTER CRIME, (San Diego: Academic

Press, 2008).
Chaski, C. E., Whos At The Keyboard? Authorship Attribution in Digital Evidence

Investigations,4, INTERNATIONAL JOURNAL OF DIGITAL EVIDENCE, (2005).

Dubord, P., Investigating Cybercrime, in J. J. Barbara (Ed.), HANDBOOK OF DIGITAL

AND MULTIMEDIA FORENSIC EVIDENCE, (NJ: Humana Press Inc., 2009).

Gilbert, J. N., CRIMINAL INVESTIGATIONS, 6th edi., (Pearson Education Inc., 2004).
Marshall, A., DIGITAL FORENSICS, DIGITAL EVIDENCE IN CRIMINAL

INVESTIGATION, (United Kingdom: Wiley-Blackwell, 2008).

McQuade III, S. C., UNDERSTANDING AND MANAGING CYBERCRIME, (New

York: Pearson Education, Inc., 2008).

McQuade III, S. C., UNDERSTANDING AND MANAGING CYBERCRIME, (New

York: Pearson Education, Inc., 2008).

P. Dubord, Investigating Cybercrime, in J. J. Barbara (Ed.), HANDBOOK OF DIGITAL
AND MULTIMEDIA FORENSIC EVIDENCE, (Totowa, NJ: Humana Press Inc., 2008).

Page | 30

Robertson, J., Crime scene investigation: key issues for the future, in J. Horswell (Ed.),
THE PRACTICE OF CRIME SCENE INVESTIGATION, (Boca Raton: CRC Press,

2004).
Shavers, B., USING DIGITAL FORENSICS AND INVESTIGATIVE TECHNIQUES
TO IDENTIFY CYBER-CRIME SUSPECTS, (Waltham, MA: Syngress, 2013).

CASES

DPP v Sutcliffe [2001] VSC 43 (1 March 2001).

In re Levin House of Lords, 19 June 1997.
R. v. Governor of Brixton Prison; Ex parte Levin [1996] 3 WLR 657;
United States v. Carey 172 F. 3d 1268 (10th Cir 1999).
United States v. Gorshkov 2001 WL 1024026, No. CR-550C (W.D. Wash 23 May 2001).
United States v. Scarfo, 2001.

INTERVIEWS

Interview with Loknath Behera, Director General of Police, Kerala.

Interview with the Cyber-Crime Cell (CID), Bangalore.

Page | 31