Cyber Crime – Can Locard’s Exchange Principle Be Applied to Cyber Crime?

Cyber Crime is replacing drug trafficking. Recent government findings indicate that cyber crime has pushed aside the illicit drug trade as one of the top sources for hundreds of millions of dollars in ill-gotten gains the world over. In its infancy, the Internet seemed like something that could develop into a useable tool for scientific research. If we had only known back then what potential it held, perhaps more thought would have gone into its protection.

Today the newswires are filled with reports of massive thefts of personal information as well as depleted bank accounts-all due to the criminal element that, for a small investment in a computer and an Internet connection, is changing the landscape of criminal investigation. One highly regarded research survey stated that 8.1 million Americans were victims of identity theft in 2010. Losses were in the hundreds of millions.

The Locard Exchange Principle (LEP)

Dr. Edmond Locard (1877-1966), known to many as the French “Sherlock Holmes,” was a pioneer in forensic evidence investigation. Locard formulated the basic principle of forensic science, “Every contact leaves a trace,” Of course Locard’s theory dealt with the physical contact made by the perpetrator to items in the crime scene. But today’s crime scene may not involve a physical structure-more than likely the crime scene is located out there in cyberspace.

So the question evolves, “Does Locard’s Exchange Principle apply to an electromagnet passing over a spinning disk?” Some digital detectives believe that it does. For example, a hacker gains access to a computer system that may or may not be secure. Is any computer completely secure? Granted, security software is effective against many such invasions, but a secure system will only take the hacker a little longer to get into it. Now, the question is, does the exchange principle apply?

Cyber crimes leave no physical evidence

On the surface, the infiltrator would leave no physical trace of his having been there. But other electronic trace evidence may be present. If the computer’s file access logs were accessible, it’s possible that a record will be available showing that the file was, in fact, accessed, and even that a network transmission followed. Also a possibility is that a side-channel analysis of any activity on the hard drive will uncover network operations. As a last resort, the examiner may check the access logs of the Internet Service Provider (ISP) to uncover surreptitious entry. This step will not necessarily divulge what specific data was removed, but it will indicate that data was, in fact, lifted from the line.

Industrial espionage is becoming commonplace

Personal information and cash are not the only targets of this spreading menace. Online industrial espionage is a growing threat to the U.S. economy as well as our national security. U.S. intelligence agencies recently warned elected officials that China and Russia are engaged in cyber-espionage. “Trade secrets developed over thousands of working hours by our brightest minds are stolen in a split second and transferred to our competitors,” said one counterintelligence executive. These foreign governments deny this claim.

The Cyber Exchange Principle

Perhaps when relating to cyber crime, the “Cyber Exchange Principle” applies. Forensic examination of a computer or server will uncover artifacts of invasion. The investigator is then, faced with a situation that the crime scene is not limited to a single computer and may involve another computer half the world away.

The hacker will not be leaving latent fingerprints, foot prints, or traces of physiological fluids in the wake of his intrusion. But electronic activity in this case can be far more valuable in the bits and bytes this activity leaves behind. The principle that Locard espoused so long ago must be forefront in the minds of our digital detectives as they seek what clues an invaded computer holds as well as what traces are awaiting discovery out there in cyberspace.

Increase in Digital Crime and Rise in Security Concerns Shall Pace the Computer Forensics Market

The computer forensics market is expected to experience an upsurge on account of the increase in sophisticated digital crime and terrorist attacks and economic growth in developing countries. Computer forensics which refers to analysis and reporting of digital data for a legal purpose is the most prominent market within the overall digital forensic market. Computer forensics have become much dynamic in the field of cyber-crime, to perform a structured investigation, in order to detect hidden facts for accurate investigation results. A variety of techniques are used by investigators to inspect and search hidden, encrypted or deleted files or folders.

Computer forensics have gained wide-popularity in developed regions such as North America and Europe owing to technological advancements and increased cyber-crime rates. While, rise in corporate fraud has increased the demand for computer forensics. The UK and other European countries such as Italy and Germany, have observed an increasing trend for computer forensics as the various industries in the region have become more aware about safety and security of their data. Consequently, manufacturers are exploring innovative products and services to strengthen their market presence and meet the growing demand. Computer forensics have also gained popularity in developing countries such as India and China owing to the increased piracy threats and cyber-crimes, coupled with increased governments expenditure in digitalization of sectors such as banking, law enforcement, defense, and information technology, among others. Rise in disposable income and increase in the number of educated consumers have also supplemented the growth of the market in the region.

The recommendation of computer forensics as a necessity for proper investigation by government organizations, has rapidly increased their adoption rate in both developed and developing economies. For instance, in order to maintain integrity, the governments of different countries in regions such as China and Brazil among others have formed new regulations that are based on the access to data and penalty in the case of modification of data or wrong entry in data records.

To compete with established players, other manufacturers such as Paraben Corporation, Binary Intelligence, and Digital Detectives, among others plan to develop new computer forensic tools to gain consumer attraction and increase their market share. However, the major players in the market such as, Access Data Group Inc., Guidance Software, Inc., and LogRhythm Inc. have been utilizing economies of scale to meet the rising demand for computer forensic. The established brands have adopted product launch, partnerships, and business expansion as their growth strategy to strengthen their foothold in the market. For instance, in February 2015, Access Data Group Inc. announced the development of newly improved software version Summation 5.6, which provides case assessment, processing of comprehensive data, and management, final review and transcript management. The main aim of this product launch was to reveal the enhanced feature of this software among consumers, to gain popularity in the market. However, rising complexity of mobile devices and increased utilization of cloud based applications may hamper the growth of digital forensics market.

Geographically, North America has emerged as the largest market for digital forensics. Increase in cyber-crime rates and technological advancement make this region favorable for growth in the forecast period. However, Asia-Pacific is projected to have the maximum growth rate in the digital forensics market driven by increase in cyber-crimes and rise in consumer awareness in developing countries such as China and India.