International Journal of Cyber CriminologyVol 9 Issue 1 January – June 2015Copyright 2015 International Journal of Cyber Criminology (IJCC) – Publisher & Editor-in-Chief – K. JaishankarISSN: 0973-5089 - January – June 2015. Vol. 9 (1): 55–119. DOI: 10.5281/zenodo.22387This is an Open Access article distributed under the terms of the Creative CommonsAttribution-NonCommercial-ShareAlike 4.0 International (CC-BY-NC-SA 4.0) License,which permits unrestricted non-commercial use, distribution, and reproduction in anymedium, provided the original work is properly cited. This license does not permitcommercial exploitation or the creation of derivative works without specific permission.HTUUTHTTTInvestigating and Prosecuting Cyber Crime:Forensic Dependencies and Barriers to Justice1Cameron S. D. BrownAustralian National University, AustraliaAbstractThe primary goal of this paper is to raise awareness regarding legal loopholes and enablingtechnologies, which facilitate acts of cyber crime. In perusing these avenues of inquiry, the author seeksto identify systemic impediments which obstruct police investigations, prosecutions, and digital forensicsinterrogations. Existing academic research on this topic has tended to highlight theoretical perspectiveswhen attempting to explain technology aided crime, rather than presenting practical insights from thoseactually tasked with working cyber crime cases. The author offers a grounded, pragmatic approachbased on the in-depth experience gained serving with police task-forces, government agencies, privatesector, and international organizations. The secondary objective of this research encourages policymakers to reevaluate strategies for combating the ubiquitous and evolving threat posed by cybercriminality. Research in this paper has been guided by the firsthand global accounts (via the author’score involvement in the preparation of the Comprehensive Study on Cybercrime (United NationsOffice on Drugs and Crime, 2013) and is keenly focused on core issues of concern, as voiced by theinternational community. Further, a fictional case study is used as a vehicle to stimulate thinking andexemplify key points of reference. In this way, the author invites the reader to contemplate the realityof a cyber crime inquiry and the practical limits of the criminal justice process.Keywords: Agency, Anonymity, Attorney, Attribution, Capacity, Case, Cloud,Computing, Cooperation, Counsel, Court, Crime, Cross-Border, Cryptography, Cyber,Dark, Data, Decryption, Defense, Electronic, Encryption, Enforcement, Evidence,Expert, Forensics, Hack, Illicit, Information, Intelligence, Intercept, International,Internet, Investigation, Judge, Jurisdiction, Jury, Justice, Law, Lawyer, Legal, Liability,Monitoring, Net, Online, Order, Police, Policing, Policy, Privacy, Prosecution,Quantum, Proxy, Reporting, Security, Stalking, Surveillance, Sovereignty, Territorial,Threat, Transparency, United Nations, Universality, Web, Witness.1Visiting Associate Investigator and Senior Research Officer - Australian National University Information Security Professional - Cyber Defense, Strategic Intelligence, Digital Forensics,Incident Response International Legal Practitioner - Public Policy Engagement, Governance,Data Privacy, Regulatory Compliance, Transactional Risk, Crisis Management, EvidenceAuthentication. Address: PO Box 328, Lorne VIC 3232, Australia.Email:[email protected] 2015 International Journal of Cyber Criminology. All rights reserved. Under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Brown - Investigating and Prosecuting Cyber Crime: Forensic Dependencies and Barriers to JusticeIntroductionWith escalations in reports of serious cyber crime, one would expect to see acorresponding increase in conviction rates (Broadhurst, Grabosky, Alazab, Chon, 2014;Kaspersky Lab, 2015; Ponemon Institute, 2015). However, this has not been the case withmany investigations and prosecutions failing to get off the ground (Frolova, 2011;Onyshikiv & Bondarev, 2012; Zavrsnik, 2010). The chief causes of this outcome may beattributed to trans-jurisdictional barriers, subterfuge, and the inability of key stakeholdersin criminal justice systems to grasp fundamental aspects of technology aided crime. In thesame way that science influences the utility of forensic inquiry, the capacity ofinvestigators, prosecutors, judges and jurors to understand illicit use of technology alsodirectly impacts conviction rates (Dubord, 2008; Leibolt, 2010). The ease with whichcyber crime crosses national borders, irreconcilable differences between national legalframeworks, and deceptions employed by cyber criminals impedes attribution, andprevents crime fighters from interrogating suspects and apprehending offenders.Cyber crime offending can be technically complex and legally intricate. Rapidadvancements in the functionality of information communication technologies (ICTs) andinnate disparities between systems of law globally are stark challenges for first responders,investigating authorities, forensic interrogators, prosecuting agencies, and administrators ofcriminal justice. It is critically important to explore factors impeding investigation andprosecution of cyber crime offending to raise awareness and expose these barriers tojustice. This paper examines criminal justice responses to cyber crime under the commonlaw model. The capacity of criminal justice actors to perform their core function isanalyzed and discussed. The author contends that the investigation and prosecution ofcyber crime offending, including forensic services in support of inquiries, is hampered by aconfluence of factors that influence the criminal justice process. This thesis is illustratedwith aid of a case study examining the criminal justice lifecycle throughout a cyber crimeinquiry. Based on notorious instances of cyber crime offending, Mary’s Case charts theinitial commission of criminal activity through until the ultimate determination ofculpability at trial.This paper proposes a practical definition of cyber crime, which is linked to the impactof technology on modes of criminal offending. Victimology and impediments to cybercrime reporting are outlined. The common law model of criminal justice is surveyed, witha focus on the effect of both law and technology on policing cyber crime globally.Investigative techniques and operational challenges are discussed in detail. Evidentiaryissues surrounding collection and presentation of electronically stored information (ESI) incriminal trials are evaluated. The key elements that coalesce to constitute serious criminaloffending are deduced and contrasted with defenses to criminal capacity and culpability.The author also highlights issues concerning evidence admissibility, roles performed bylawyers, experts, and adjudicators during legal proceedings, and the media’s influenceupon public perceptions of forensic science. Finally, recommendations for removingbarriers to the effectiveness of cyber crime inquiry are considered, including new strategiesfor streamlining the administration of criminal justice.56 2015 International Journal of Cyber Criminology. All rights reserved. Under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

International Journal of Cyber CriminologyVol 9 Issue 1 January – June 20151. Criminal Activities Perpetrated Electronically1.1. Defining Cyber CrimeTechnical experts, police, lawyers, criminologists, and national security expertsunderstand the concept of ‘cyber crime’ differently (Alkaabi, Mohay, McCullagh &Chantler, 2010). It is increasingly unclear whether cyber crime refers to legal, sociological,technological, or legal aspects of crime and a universal definition remains elusive (Kshetri,2010). Analysts have attempted to frame the fundamental characteristics of cyber crimewith limited consensus (Gordon & Ford, 2006; Snyder, 2001; Wall & Williams, 2001;Yar, 2005). Current definitions vary significantly, depending on the legal instrument ororganization defining the term (Pocar, 2004). The abuse of ICTs by criminals isinterchangeably referred to as cyber crime, computer crime, computer misuse, computerrelated crime, high technology crime, e-crime, technology-enabled crime, amongst others(Goodman & Brenner, 2002). Yet, these terms are not synonymous (Chik &Bartholomew, 2011). Highlighting the extent of confusion and lack of consistency, thedefinition of ‘e-crime’ provided by the Association of Chief Police Officers (ACPO) is atodds with that provided by the Australian Institute of Criminology (AIC). According tothe ACPO, “e-Crime” involves the “use of networked computer or Internet technologyto commit or facilitate the commission of crime” (Association of Chief Police Officers,2009). Contrastingly, the AIC regards “E-crime” as “A general label for offencescommitted using an electronic data storage or communications device” (AustralianInstitute of Criminology, 2011).The semantics of 'cyber crime' point to a legal and technical phenomenon thatproscribes criminal activity connected with the cyber domain. Such activity is categoricallydifferent to behavior deemed ‘unethical’ or ‘against the law’ which does not in itselfamount to ‘criminal conduct’. The author asserts that criminal justice processes shouldonly be engaged when a course of conduct is determined to be truly criminal and warrantsprosecution. Fundamental to most legal systems is the principle of ‘nullum crimen sine lege’,meaning no matter how harmful the behavior, it cannot be prosecuted unless it is formallyprohibited by law (Grabosky, 2007; Tikk, 2011). For the purposes of this research, thefollowing elements must be present for an act to be classified as cyber crime offending: The conduct is facilitated by information and communications technology;The conduct is motivated by intent to commit harm against a person or organization;The perpetrated or intended harm encompasses conduct amounting to interferenceor damage to either tangible or intangible property owned by a person or organization;andThe conduct concerned is criminalized within either the jurisdiction of the victim orthe jurisdiction of the accused.Under this definition, cyber crime is merely a sub-set of conventional crime whereICTs are used as a vehicle or tool to commit traditional criminal offences (Lupsha, 1996;Zhigang, 2011). This definition adheres to the rudiments of legal interpretation applied totraditional criminal offending. Legislators should be mindful to avoid creating ‘sui generis’legal categories of cyber crime offences by tailoring laws to meet changes in technology.57 2015 International Journal of Cyber Criminology. All rights reserved. Under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Brown - Investigating and Prosecuting Cyber Crime: Forensic Dependencies and Barriers to JusticeInstead, laws should be crafted to encompass technology broadly within establishedcategories of criminal conduct.Mary’s Case: Cyber-StalkingMary is a student in her late-twenties attending a public university in Australia. After receiving aseries of emails and instant messages containing sexually explicit comments she seeks help from herparents. Content within the messages indicates that the sender knows where Mary attends university,the people in her friendship circle, and other personal information. The identity of the sender is notdisclosed in the correspondence. Concerned that the sender may be using personally identifiableinformation about Mary available on the Internet, her father performs online research. He discoversvarious comments mentioning Mary by name in postings on erotic websites, which appear to be hostedoverseas. Nevertheless, both Mary and her parents are reluctant to report the matter, as they believepolice lack the capacity to investigate crimes associated with the Internet and technology. Mary is alsoembarrassed about the content of the postings and maintains the incident is probably not seriousenough for police to investigate.1.2. Technology and OffendingEvidence in judicial proceedings is increasingly being stored, transmitted, or processedin electronic form. Technology has become the symbol, subject (place), tool (instrument),and object (target) of crime (Savona & Mignone, 2004). Although technology facilitatesthe commission of traditional crimes, including offences against property and offencescausing personal harm (McQuade, 2006), existing national legal frameworks may beincapable of addressing evolving ‘modus operandi’ related to cyber crime offending(Hughes, 2003). It is common for cyber crime to be transnational in terms of the physicallocation of victims, perpetrators, and evidence. The interconnectivity of the globaleconomy enables criminals to operate trans-jurisdictionally, with discrete elements of theircrimes speckled widely across the globe in both time and space (Herrera-Flanigan &Ghosh, 2010). Despite extra-territorial legal provisions for criminal acts perpetrated inforeign jurisdictions, the practical application of these laws is rather ineffective (Geist,2003). Whilst an offender may be apprehended in one jurisdiction, the digital evidencerequired to progress an investigation may reside in another country (Scientific WorkingGroup on Digital Evidence, 2000).Trans-border elements are apparent in Mary’s Case and accessing information stored inforeign jurisdictions complicates investigations significantly. Ultimately, cyber crime canbe perpetrated inexpensively and easily, and victims are often left wondering if theoffender is “half a block or half a world away” (Goodno, 2007, p. 129). The anonymity ofcyber crime also increases the volume of offending and obstructs efforts to identifyculprits, thereby distinguishing it from physical crimes (Brenner, 2008; Casey, 2004;Denning, 2001; Post, Ruby & Shaw, 2000). The disinhibiting effect of technology servesto psychologically distance criminals from the consequences of their victimizing behavior(Bocij & McFarlane, 2003; D’Ovidio & Doyle, 2003; Lidsky & Cotter, 2007). Moreover,purely text-based interactions may engender a false sense of intimacy, promote fantasydevelopment (McGarth & Casey, 2002), and facilitate misleading and deceptive behaviordue to reduced availability of sensory information (Finn & Banach, 2000; Spitzberg &Cupach, 2003). In addition to advanced technical aptitudes, cyber criminals have skills inlinguistics and psychology, which they combine to execute social engineering deceptions,58 2015 International Journal of Cyber Criminology. All rights reserved. Under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

International Journal of Cyber CriminologyVol 9 Issue 1 January – June 2015manipulate decision-making processes, and distort perceptions (Chen, 2015; Holt, 2012;Mutnick & Simon, 2002; Waltz, 1998). In Romania, it is reported that cyber criminalsengage native English speakers to give a veneer of legitimacy to online scams(Bhattacharjee, 2011). Compared to traditional criminal offending, cyber crime requiresfundamentally different strategic and tactical responses from legislators, investigators,lawyers, and judicial officers (Wall, 2001).1.3. Victimization and ReportingThe relatively anonymous and faceless nature of cyber crime complicates issuesassociated with victimology and cyber crime reporting (Bermay & Godlove, 2012). Thereexists widespread misunderstanding among communities about the nature of cyber crimeand capacity of law enforcement to apprehend offenders. A number of factors impact thelow proportion of cyber crime acts that are brought to the attention of police. Mary’sCase is consistent with underreporting due to a lack of public confidence in the capabilityof police to investigate cyber crime offending (Collier & Spaul, 1992) There is also awidespread belief that law enforcement agencies are inflexible and intrusive (Davies, 1999;Walden, 2005; Wolf, 2000). Victims fear that prosecutors will not take on their case, or ifthey do, will publicize the case widely to raise the profile of the prosecutor or departmentconcerned, without due regard to the impact of such publicity on the victim (Goodno,2007; Herrera-Flanigan & Ghosh, 2010; Shafritz, 2001; Spitzberg & Hoobler, 2002).Many victims are also reluctant to come forward due to shame or the mistaken belief thatthe cyber crime incident is simply not serious enough to warrant police attention (UnitedNations Office on Drugs and Crime, 2013).Cyber crime reporting is also impeded by a lack of awareness regarding reportingmechanisms (United Nations Office on Drugs and Crime, 2013). Identifying victims andperpetrators of cyber crime can be a very complex matter, and the disinclination of victimsto come forward substantially impairs the capacity of police to respond. Widespreadunderreporting by Internet Service Providers (ISPs) indicates that new laws may berequired to compel them to report suspicious activity on their networks (U.S. Departmentof Justice, ‘A Review of the FBI's Investigations of Certain Domestic Advocacy Groups’,2010). Ultimately, the prevailing tendency for underreporting makes cyber crimeoffending increasingly less visible.Mary’s Case: Threats to harmAbout a week after the initial contact, Mary informs her parents that she received a call from astranger expressing interest in participating in ‘sexual fantasies’. The caller claimed to be respondingto an online message before he disconnected. Mary shows her parents a posting she found on an onlinebulletin board containing her name and phone number and a message broadcasting that she fantasizesabout being raped. Mary subsequently receives an email message containing threats to harm her.Attached to the message are several photos depicting the house where she lives and images of hermeeting with friends for coffee at university. There is also a photo showing an item of her clothing thatshe believes was taken from the clothesline. Mary and her parents report the matter to local police laterthat day.59 2015 International Journal of Cyber Criminology. All rights reserved. Under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Brown - Investigating and Prosecuting Cyber Crime: Forensic Dependencies and Barriers to Justice2. Law Enforcement and Policing2.1. The Common Law ModelWithin the common law tradition, police play the leading role in the investigation ofcriminal activity and have significant independent powers (O’Connor, 2012). Typically,an investigation is commenced as soon as an alleged crime is brought to the attention oflaw enforcement personnel. Judges perform an integral oversight function duringinvestigations, particularly where police activity interferes with the rights of suspects orother individuals (Hodgson, 2010). The requirement for police to obtain a warrant from ajudge theoretically ensures that individual rights are given judicial consideration as policeseek to move ahead with an inquiry.Police are responsible for interviewing suspects, victims and witnesses. The informationgathered is usually assembled in the form of a brief or case file. For lesser offences, policecan charge the accused and present the case in court. For those instances, involving thecommission of serious criminal offences, the police will collaborate with a prosecutor whoassumes chief responsibility for deciding which charges are appropriate, if any. Whilstpolice are responsible for collecting and securing evidence, in some common lawcountries the prosecutor may advise police during the evidence-gathering phase. It is therole of the prosecutor to present the charges to the court for confirmation and approval.In the common law tradition, defense counsel performs an active role by advisingclients during police interviews and acting on their behalf. During the investigative phase,defense counsel can gather evidence independently and hire expert witnesses. Due to theadversarial nature of the common law system, the defense is given full access to the casefile and must be afforded reasonable opportunity to examine all evidence in advance oftrial. A process of ‘discovery’ or ‘disclosure’ is the formal legal mechanism regulating thesharing of evidence between the defense and prosecution (O’Connor, 2012).There are complex rules related to admissibility of evidence (Thaman, 2013). As thetrial unfolds, the chief protagonists are the prosecutor and defense counsel. The judgefunctions as an impartial referee between the parties and is tasked with instructing the juryon matters of law (Acharya, 2003). The common law trial can be a lengthy process, aswitnesses are typically required to deliver their evidence via ‘live testimony’ before thecourt (O’Connor, 2012). Initially, the witness is examined by the party calling them. Thisis also referred to as ‘examination-in-chief’. The witness is then cross-examined by theother party, after which the party calling the witness has the opportunity re-examine thewitness again. This process continues until all witnesses have delivered their testimony(Parker & Kobayashi, 1999). In theory, the drive to win encourages each party to carefullyexamine the evidence and lead persuasive argument in support of their case. Ideally, thetruth emerges as the judge or jury observes the proceedings.A key issue with this model is that the capacity to discover evidence is usually tied tothe resources of the opposing parties, which may be unequal. Ultimately, each party isentitled to the best representation that they can afford. The ease of access to forensicsfacilities for policing agencies stands in stark contrast to the expense of engaging forensicsupport for many defendants. This inequity is regarded by some as “an economicpresumption of guilt” (Kelly & Wearne, 1998, p. 15). The danger here is that sources ofexculpatory evidence may not be revealed due to investigative bias among criminal justice60 2015 International Journal of Cyber Criminology. All rights reserved. Under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

International Journal of Cyber CriminologyVol 9 Issue 1 January – June 2015officers, who ultimately decide what tests are performed and which aspects of the forensicevidence is reported upon (Zonderman, 1999).2.2. Legal Frameworks, Police Mandates and PolicyDespite the valiant efforts of the Council of Europe (CoE), Interpol, Europol, theEuropean Union (EU), the Organization for Economic Cooperation and Development,the G8 Group of States, and the United Nations (UN), amongst others, much work isneeded to regulate international dimensions of cyber crime. Although the CoE Conventionon Cybercrime (2001) and the Additional Protocol (2003) (hereinafter referred to as theBudapest Convention) has been signed and ratified by non-member states, it is largely aproduct of regional collaboration, reflective of conditions and premises among CoEMember States. As of August 2015, only 47 nation-states had ratified the Convention(Council of Europe Treaty Office, 2015). Unsurprisingly, various provisions within theBudapest Convention are considered a threat to state sovereignty by pockets within theinternational community. Russia’s National Coordinator for the Shanghai CooperationOrganization (SCO) described the Budapest Convention as less than satisfactory, and inviolation the Russian Constitution by permitting foreign law enforcement agencies toconduct investigations within Russian borders via the Internet (Kizekova, 2012).In 2011, Russia, China, Tajikistan and Uzbekistan submitted a draft of the InternationalCode of Conduct for Information Security before the 66th UN General Assembly Meeting(United Nations General Assembly, 2011). The Code seeks observance of human rightsand freedoms within the information space (Brown, 2015). Respect for the sovereignty,territorial integrity and political independence of all nation-states is also addressed, and thecode pushes for the development of transparent multilateral and democratic internationalInternet governance arrangements (Kshetri, 2013). In 2015, Secretary of State John Kerryaffirmed the view of the US during remarks made to an audience in South Korea. Hestated that “basic rules of international law apply in cyberspace” and “countries shouldwork together to deter and respond effectively to online threats” (U.S. Department ofState, 2015). He also promoted the Budapest Convention as “the best legal framework forworking across borders to define what cybercrime is and how breaches of the law shouldbe prevented and prosecuted” (U.S. Department of State, 2015).However, without a universal cyber crime convention, cross-jurisdictional conflict ofcriminal laws raises the unavoidable dilemma of “what law should be applied to determinethe legal effect of a person's conduct when he does an act in one state which producesharmful effects in another” (Stimson, 1936). Cyber crime cases that demand cooperativemechanisms that are not provided for within existing legal instruments create significantdifficulties for police and prosecuting agencies (Bermay & Godlove, 2012; Gercke, 2012;International Telecommunications Union, 2012). The following multilateral and bilateralinstruments are only able to deliver solutions within certain contexts: Budapest Convention; United Nations Convention against Transnational Organized Crime (2000) and its threeprotocols; European Convention on Mutual Assistance in Criminal Matters (1959); Inter-American Convention on Mutual Assistance in Criminal Matters (1992);61 2015 International Journal of Cyber Criminology. All rights reserved. Under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Brown - Investigating and Prosecuting Cyber Crime: Forensic Dependencies and Barriers to Justice Stanford Draft International Convention to Enhance Protection from Cyber Crime andTerrorism (1999); Draft African Union Convention on the Establishment of a Credible Legal Framework forCyber Security in Africa (2011); and Commonwealth Model Law on Computer and Computer Related Crime (2002).When police receive an incident report at the local level, a number of conditions mustbe met before a formal investigation can be initiated. To have the requisite jurisdiction,the type of behavior, which forms the substance of the report, must be regarded ascriminal conduct under the national legal framework concerned. In other words, thepolice must determine which criminal law has been violated, if any (Goodman & Sofaer,2001). The ‘principle of territoriality’ in international criminal law holds that a crimecommitted within the territory of a nation-state may be tried there. Yet, in a networkedworld, the territoriality of criminal law does not always coincide with territorialsovereignty (Cassese, 2001). “While with physical crimes, such as in murder,the elements are generally concurrent, with information-based criminal activity, such asin cybercrime, a jurisdictional distinction between the initiation and termination of an actbecomes the norm” (Walden, 2003, p. 295). As such, an act may be initiated in onejurisdiction and the effect or harm felt in another.Many cyber crime offenders have evaded prosecution due to weaknesses in substantivecriminal laws that do not address technological means of offending (Downing, 2005).Determining the place where an offence was committed (locus delicti), and overcomingpositive and negative conflict of laws can present difficulties for police, prosecutors andjudicial officers when issuing warrants, drafting subpoenas, and committing a case for trial(Brenner & Koops, 2004). Compared to serious violations of human rights, many acts ofcyber crime do not invoke the ‘principle of universality’ as grounds for criminal jurisdiction(Broadhurst, 2006). Doctrines enshrined in one legal system may not impose obligations inforeign jurisdictions. The “sovereign equality” existing between nation-states is afundamental principle of international law, which demands respect for the lawmakingautonomy of other countries (Roth, 2005, p. 1). Ultimately, criminal law is simply a toolfor targeted governance and protection of public mores within a specific locality.Whilst not an offence in itself, cyber stalking in Mary’s Case would be covered bystatutory provisions associated with stalking in Australia. However, any inconsistency indefining the constituents of crime among nation-states can be problematic. For example,in some countries there are no laws criminalizing possession and distribution of childpornography (Commonwealth Internet Governance Forum, 2012), and cyber-stalkinglegislation in some jurisdictions requires that a credible threat to the victim besubstantiated (Schwartz, 2009). In order to address trans-jurisdictional cyber crimeoffending, international legal frameworks must be harmonized (U.S. Department ofJustice, 2009). However, enacting legislation and ratifying treaties is a slow processcompared to the rapid uptake of new technologies by diverse communities globally.Police function to reassure the public, reduce crime, investigate crime, provideemergency services, maintain peace and order, and safeguard the security of the state(Bowling & Foster, 2002). These undertakings seek to fulfill fundamental police mandatestargeting community safety and support, criminal and disorder control, and provision ofservices for the administration of criminal justice (Broadhurst & Davies, 2009). Yet,62 2015 International Journal of Cyber Criminology. All rights reserved. Under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

International Journal of Cyber CriminologyVol 9 Issue 1 Januar

Kaspersky Lab, 2015; Ponemon Institute, 2015). However, this has not been the case with many investigations and prosecutions failing to get off the ground (Frolova, 2011; Onyshikiv & Bondarev, 2012; Zavrsnik, 2010). The chief causes of this outcome may be attributed to trans-jurisdictional ba