What You Can Do to Help

The question that people always ask about this type of forensics is “What do you do with the information once you’ve got it?” Unfortunately, there is no simple answer to that. In most of the instances that you investigate, you are not going to uncover a lot of information. But every so often you will come across a more complete picture, such as the Tidball example from Chapter 11. In those cases, I encourage you to pass the information on to the appropriate group. You may not get the response from them that you want. In many cases, you will get no response at all. But the information you submit may provide the critical missing link in an existing investigation. You have to view the process as providing a public service. It can be a frustrating business but that does not make it a waste of time.

Without wanting to sound too Zen about it, the process of exploring a web site or a scam can be its own reward. You are improving your skills with every site that you investigate. I learn something new from the majority of the scams that I look into.

Documenting an Investigation

A fundamental part of any forensic investigation is the gathering, documentation, and preservation of evidence. The photographs and DNA swabs taken from a real-world crime scene have their counterparts in the emails and downloaded web pages from an Internet scam.

In the case of phishing attempts, my interest is triggered by receiving an email that introduces the scam. The first thing I do is create ...

Get Internet Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.