Cyber Investigation Methodologies

In the purest sense, intelligence is the end product of an analytic process that evaluates information collected from diverse sources; integrates the relevant information into a logical package; and produces a conclusion, estimate, or forecast about a criminal phenomenon by using the scientific approach to problem-solving (analysis). Intelligence, therefore, is a synergistic product intended to provide meaningful, trustworthy and actionable knowledge to law enforcement decision makers about complex criminality, criminal enterprises, criminal extremists, and terrorists.

The law enforcement intelligence function has essentially two broad purposes:

1. Prevention involves gaining or developing information related to threats of terrorism or crime and using it to apprehend offenders, harden targets, and use strategies that will eliminate or mitigate the threat. Two generally accepted types of intelligence are specifically oriented toward prevention:

  • Tactical Intelligence: Actionable intelligence about imminent or near-term threats that is disseminated to the line functions of a law enforcement agency for purposes of developing and implementing preventive, and/or mitigating, response plans and activities.
  • Operational Intelligence: Actionable intelligence about long-term threats that are used to develop and implement preventive responses. Most commonly, operational intelligence is used for long-term inquiries into suspected criminal enterprises and complex multi-jurisdictional criminality.

2. Planning and resource allocation provides information to decision-makers about the changing nature of threats, the characteristics, and methodologies of threats, and emerging threat idiosyncrasies for the purpose of developing response strategies and reallocating resources, as necessary, to accomplish effective prevention.

  • This is known as strategic intelligence. It provides an assessment of the changing threat picture to the management of a law enforcement agency for purposes of developing plans and allocating resources to meet the demands of emerging threats.

While the investigation is clearly related to the information collection and intelligence processes, the intelligence function is often more exploratory and more broadly focused than a criminal investigation, per se. For example, a law enforcement agency may have a reasonable suspicion to believe that a person or group of people have the intent, capacity, and resolve to commit a crime or terrorist act. Evidence, however, may fall short of the probable cause standard, even for an arrest for criminal attempt or conspiracy. Moreover, there may be a compelling community safety reason to keep an inquiry open to identify other criminal offenders—notably leaders—and weapons that may be used.

Cyber Investigation Preparation

At the beginning of our cyber investigations, preparation is critical to our success and intelligence is an important factor in identifying our subject.

I Purpose

II Determining the Scope of the Investigation

A Investigation Scope

  1. Type of Crime
  2. Date of Crime
  3. Impact of the Crime
  4. Primary subject / subjects

B. Intelligence Information

  1. Background Checks
  2. License Plates
  3. Driver’s License
  4. Employment Application
  5. Informants
  6. CCTV

C. Include All Possible Subjects

  1. Friends
  2. Relatives
  3. Acquaintances
  4. Co-Worker

III. Preparatory Measures

  1. Anonymous email account (Gmail, AOL, Yahoo)
  2. Prepaid credit card with a balance (Vanilla Visa, AMEX)
  3. Prepaid cellular phone (NET10, Cricket)
  4. DropBox (FedEx, Kinkos, etc.)
  5. Investigator account with platform


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment

Michael Clayton wrote: Apr 10, 2019

This was interesting to read