The Digital Trails That Get Computer Criminals Caught

Written by on April 13, 2013 in Technology - No comments | Print this page


Computer PyramidCriminals who use the Internet to perpetrate crimes are very common, but most of them aren’t quite the technological wizards that people tend to envision when they think about this type of crime.

In fact, some criminals are very sloppy and leave behind tell-tale signs that allow forensic investigators to determine who they are, where their attacks were launched from and other information.

This information is the same type of information that your computer is likely providing right now, as you read this page.

IP Address

Your computer’s IP address is a numerical address that’s used to send information to your computer when you request it from a site. It’s rather like your postal address.

In order for a server to send you information, it has to know where your computer “lives”, so to speak. This address can be masked, but some criminals don’t bother to do this and leave themselves wide open to being detected by investigators.

An example of this can be seen just about every time someone gets caught leaving videos with criminal activity depicted on them, when people bully others online and so forth. This information can be gleaned from the site where the offending posts were put up and, when given a subpoena for this information, most sites will gladly hand it over to law enforcement.

Using this IP address, law enforcement can establish what computer posted the information, when it was posted and so forth. For many criminals who engage in behaviors such as bullying and cyber stalking, or posting illegal content, their biggest mistake is thinking that the Internet is truly anonymous. It is not.

Embedded Information

Some programs have information embedded in every file that criminals sometimes forget about. For instance, some word processing programs will embed your information, including your name and anything else you input into the program, into the files that they generate.

When someone sends harassing letters over the Internet or other digital information that is part of a crime, they sometimes do so in a way that is the practical equivalent of mailing a threatening letter with your own signature on the bottom.

If they haven’t bothered to disguise their IP address, it’s akin to sending that same, signed threat with your return address right on the envelope.

It’s Not Deleted

One tactic that criminals use when they’re sure they’re about to get caught is simply deleting any files that they may think will provide evidence against them. A crooked accountant, for instance, may try to destroy one set of books that they’re keeping by deleting them off of hard drives.

The problem with this tactic is that the information isn’t necessarily deleted off of your hard drive when you hit the “OK” button when you’re ready to delete a file.

In some cases, the file is simply taken out of the indexes the computer uses to access files on the hard drive. This means that the computer will, eventually, overwrite those files but it doesn’t mean that those files are gone right away. In fact, they may persist for quite a while and that is how some criminals end up getting busted.

They think that they got rid of the evidence against them, but they did no such thing. Computer forensics experts will sometimes be able to find and recover those files off of the hard drive, leading to a conviction.

Even though hackers are usually portrayed as being evil geniuses, sometimes they’re really just technically illiterate opportunists who aren’t aware of the fact that their actions are completely traceable.

Anita Schepers provides advice and information on computer forensics training at

Image courtesy of Stuart Miles /


About the Author

Guest Blogger

This article was written by a guest contributor. You will find their details at the bottom of the post. To submit your own Guest Post to our website, please visit our SUBMIT page for details about adding your article.