Cyber Crime – Can Locard’s Exchange Principle Be Applied to Cyber Crime?
Cyber Crime is replacing drug trafficking. Recent government findings indicate that cyber crime has pushed aside the illicit drug trade as one of the top sources for hundreds of millions of dollars in ill-gotten gains the world over. In its infancy, the Internet seemed like something that could develop into a useable tool for computercyber scientific research. If we had only known back then what potential it held, perhaps more thought would have gone into its protection.
Today the newswires are filled with reports of massive thefts of personal information as well as depleted bank accounts-all due to the criminal element that, for a small investment in a computer and an Internet connection, is changing the landscape of criminal investigation. One highly regarded research survey stated that 8.1 million Americans were victims of identity theft in 2010. Losses were in the hundreds of millions.
The Locard Exchange Principle (LEP)
Dr. Edmond Locard (1877-1966), known to many as the French “Sherlock Holmes,” was a pioneer in forensic evidence investigation. Locard formulated the basic principle of forensic science, “Every contact leaves a trace,” Of course Locard’s theory dealt with the physical contact made by the perpetrator to items in the crime scene. But today’s crime scene may not involve a physical structure-more than likely the crime scene is located out there in cyberspace.
So the question evolves, “Does Locard’s Exchange Principle apply to an electromagnet passing over a spinning disk?” Some digital detectives believe that it does. For example, a hacker gains access to a computer system that may or may not be secure. Is any computer completely secure? Granted, security software is effective against many such invasions, but a secure system will only take the hacker a little longer to get into it. Now, the question is, does the exchange principle apply?
Cyber crimes leave no physical evidence
On the surface, the infiltrator would leave no physical trace of his having been there. But other electronic trace evidence may be present. If the computer’s file access logs were accessible, it’s possible that a record will be available showing that the file was, in fact, accessed, and even that a network transmission followed. Also a possibility is that a side-channel analysis of any activity on the hard drive will uncover network operations. As a last resort, the examiner may check the access logs of the Internet Service Provider (ISP) to uncover surreptitious entry. This step will not necessarily divulge what specific data was removed, but