The forensic evidence in a cybercrime case is usually composed of electronic evidence, such as the contents of a computer or phone database, flash drive, chat history, etc. Individuals involved in Cybercrime monetize information by selling credit card numbers, access to PayPal accounts or gift cards, login information to social media accounts for the creation of dummy accounts, etc. Evidence in the form of databases containing the information that was hacked or sold is critical in these cases.

Guilty pleas are common in criminal cases, which obviously presents the issue of sentencing. Since the sentence a defendant receives will largely be based upon the losses caused by the cybercrime, it is imperative to determine the total amount of actual losses.

When a crime involves access devices, such as credit cards, debit cards, and similar financial accounts, the United States sentencing guidelines dictate that the losses are presumed at $500 per Access Device. This presumption often leads to Defendants being sentenced based on exaggerated loss amounts, loss amounts that have nothing to do with actual losses caused to Cybercrime victims or with what was gained by a Defendant. Examining the database and then trying to determine the actual losses becomes extremely important as it often arms the defense counsel with arguments as to why alternative methods of calculating loss amounts should be used by the Court.

Each case is unique; some require looking at servers and subpoenaing information from third parties, whereas more standard cases involving the resale of credit cards or personal information like social security numbers will require an examination of the database, identification of IP addresses, and a review of any communications which express intent. Like many of my clients, I speak Russian, which is why many of the cybercrimes I deal with are committed overseas. The government tends to connect the dots in various ways, primarily by identifying the IP address. All of this information is crucial in a cybercrime case.

What Forensic Evidence is Critical in Defending Someone Charged with a Cybercrime?

An individual has a right to wipe clean their computer and should not be charged with evidence tampering for doing so unless there was an ongoing investigation and they had been put on notice that they needed to preserve evidence. With that said, during the trial the government may try to use it as indicative of guilt, such as by asserting that the incriminating data was wiped clean only after news of the investigation, arrest, or contact by the FBI. During a jury trial, they could say something like, “On Monday morning, the New York Times came out with an article that Mr. Igor Litvak hacked them, and two hours later, he wiped his computer clean; what does that show?” This type of argument, if allowed by the Court, could be used to show the jury the defendant’s state of mind, but should not result in another charge of tampering with the evidence.

For more information on Forensic Evidence in Cybercrime Cases, an initial consultation is your next best step. Get the information and legal answers you are seeking by calling (718) 989-2908 today.