An understanding of basic security concepts gives a cybercrime investigator a distinct advantage in communicating intelligently with IT personnel and a better idea of exactly how a cybercrime was committed, based on the security measures in place at the time. Additionally, investigators should be proactive in helping the victims of cybercrime protect themselves against subsequent attacks. Although the investigator probably cannot and will not be expected to provide in-depth advice about the technical implementation of security systems, he or she should be able to discuss options in a general way and point crime victims in the right direction with some general suggestions.

A good investigator, like a good network security specialist or a good crime prevention officer, realizes that any security plan must be multilayered in order to be effective. It is important that all major security areas be addressed. These include physical security, perimeter security (through placement of firewalls at the network s entry points), security of data stored on disks (through file/disk encryption), security of data traveling across the network (through IP Security), and a means of verifying the identities of users, computers, and other entities that have access to network resources (through the building of a PKI).

Many security technologies are based on or use cryptographic techniques. An investigator might encounter encrypted data or even suspect that the existence of additional data is being concealed using steganography. An understanding of how cryptography developed and how it works in the computerized environment can be invaluable in investigating many...