A computer crime investigator, or cybercrime investigator, is an individual who works to solve crimes occurring on the Internet or other multi-user computer network, such as a work or school computer system. There are many different forms of computer crime, ranging from cyber warfare and cyber terrorism to offensive content or spam emails. In most cases, a computer crime investigator is responsible for identifying cases of computer crime; identifying the computer, server, or network from which the criminal activity originated; and identifying the individual responsible for the crime. An investigator must also keep track of the laws and regulations governing the various forms of computer and Internet use. He generally is required to keep track of changes in technology as well, as new technological advancements often introduce new ways for individuals to commit crimes.
Many computer crime investigators work for law enforcement agencies and are tasked with finding and investigating computer crimes. A computer crime investigator may, however, also work on a private basis and take jobs for clients who have fallen victim to computer crimes. A private computer crime investigator does not, in general, need to search for computer crimes and is concerned instead with investigating specific crimes against clients. An individual or company also may turn to a private investigator instead of an agency in order to avoid dealing with bureaucratic concerns that often characterize large, government-controlled agencies.
The particular manner in which a computer crime investigator investigates a crime may vary substantially based on the nature of the crime. Finding an online predator, for instance, may involve posing as a child in an online chat room. Identifying an employee committing fraud, on the other hand, may involve a detailed exploration of the computer use histories of a variety of individuals as well as an examination of financial statements and other records. Some crimes, such as denial-of-service attacks, may be highly difficult to examine because many different people and computers in different locations are often involved.
In many cases, it can be difficult for a computer crime investigator to collect sufficient evidence in computer crime cases. A user may, for instance, commit his crimes on a public computer or take pains to hide his identity and geographic location. Additionally, much of the evidence in such cases must be gathered online or on computer systems. A lack of physical evidence may make conclusive identification of a computer criminal difficult. In many cases, however, a computer crime investigator associated with a government agency can, upon collecting sufficient evidence, obtain a warrant to collect and examine an individual's computer or hard drive for physical evidence of criminal activity or materials.