United States General Accounting Office Office of Special Investigations GAO February 2001 ELECTRONIC LAW ENFORCEMENT Introduction to Investigations in an Electronic Environment Contains Sensitive Law Enforcement Information: Not for Distribution Outside Federal Law Enforcement Entities GAO-01-121G United States General Accounting Office Office of Special Investigations Washington, DC 20548 February 2001 Electronic Law Enforcement: Introduction to Investigations in an Electronic Environment is published as a service to the federal law enforcement community by GAO. The guide contains sensitive information and is not for distribution outside federal law enforcement organizations. The guide is comprised primarily of resources available from various law enforcement organizations. It is intended to be a useful aid for criminal investigators by discussing the various tools and other resources available for assisting investigations involving electronic evidence. Chapters 1, 2, and 3 discuss the conduct of an investigation in an electronic environment: • investigating illegal online activity, • the Internet as an investigative tool, and • search and seizure methods involving electronic evidence. Chapter 4 discusses impediments to electronic investigations posed by • cryptography and encryption and • the anonymity that the Internet can provide. The guide's appendixes augment these areas by citing applicable statutes (app. I); by providing links to selected Internet resources (app. II); and by discussing basic cryptography and encryption (app. III), digital signature and public-key infrastructure (app. IV), and biometrics as an identification and authentication technology (app. V). We hope that the glossary of terms will provide a useful reminder of related items as they reappear in the guide's discussions and in the criminal investigator's work. The information provided in this guide is current as of the date of this publication. It is intended both as an introduction for the criminal investigator concerning issues of electronic evidence and as an aid for the investigator in developing basic investigative strategies. We are providing the guide in hard copy and on a compact disk (CD) for agency duplication as needed. However, please do not release the document or the CD outside the federal law enforcement community. If you wish to access the encrypted guide on GAO's Web site, please send your request via e-mail to digitalguide@gao.gov. We will assess your request and inform you of how access will be provided. The guide is also available in an encrypted format at the Cybercop Secure Communities VPN, a secure Web site which is a joint project of Cybercop.org and the ESP Group at https://cybercop.esportals.com. We wish to acknowledge the significant assistance provided by others to the development of this guide. Chief among these were Kevin Manson, Instructor, Financial Fraud Institute, Federal Law Enforcement Training Center; the Small Business Administration's Counsel to the Inspector General; and special agents of the National Aeronautics and Space Administration; the U.S. Attorney's Office, Southern District of New York; the Federal Bureau of Investigation; and the Department of the Treasury, Office of the Inspector General for Tax Administration. We request your assistance in periodically updating and improving the guide. Please submit updates and suggestions on how to better meet users' needs to the e-mail address above or by fax to (202) 512-3086. You may also write to us at the Office of Special Investigations, U.S. General Accounting Office, 441 G. Street NW, Suite 6K17S, Washington D.C. 20548-4243. Robyn D. Stewart, M. Jane Hunt, and Keith A. Rhodes were key contributors to the guide. Robert H. Hast Managing Director Office of Special Investigations To Gain Access to the Guide If you wish to access the encrypted guide, as stated in the preceding letter, send your e-mail request to digitalguide@gao.gov. Include your name, law enforcement affiliation, and office telephone number in the request. We will assess your request and inform you of how access will be provided.