5.2 Victimology

Previous page
Table of content
Next page

5.2 Victimology

Victimology is the investigation and study of victim characteristics. Conducting a thorough victimology leads to understanding why an offender chose a specific victim and what risks the offender took to gain access to that victim. This information can be used to identify possible links between the victim and offender. If investigators can understand how and why an offender has selected a particular victim or target, they may also be able to establish a link of some kind between them. These links may be geographical, work-related, schedule-oriented, school-related, hobby-related, or even more substantial.

Keep in mind that victims can include individuals, organizations, or an industry as a whole. For instance, pharmaceutical companies that test their products on animals are targeted by animal rights groups in various ways, including denial of service attacks against their Web and e-mail servers to disrupt their daily operations. One of the most important things to establish when a computer is directly involved in the commission of a crime is who or what was the intended target or victim. Although many computer intrusions are not intended to impact a specific individual, always consider the possibility that the intruder intended a particular individual or organization to suffer as a result of the crime. Also recall from Chapter 2 that the particular victim or target may not be as significant to the offender as what they symbolize. In this type of situation, there may not be any connection between the offender and victim prior to the offense.

When looking for offender-victim links, it is helpful to create a timeline of the period leading up to the crime. In crimes against individuals, the 24 hours leading up to the crime often contains the most important clues regarding the relationship between the offender and the victim. Cyberstalking and computer intrusions can extend over several weeks or months, in which case investigators can look for pivotal moments and focus on those during the reconstruction process. Crimes against an organization often involve significant planning, in which case it may be necessary to consider events in the months preceding the crime.

Such a timeline can organize the many details of a day, week, or month and thus clarify how a victim came into contact with an offender. When reconstructing the period before the crime, include any Internet activity. For instance, when investigating a computer intrusion, log files on the victimized organization's network may reveal reconnaissance or other related activity. When investigating crimes against individuals, their Internet activities may reveal whom they communicated with and where they were planning on going. In such situations, it can be fruitful to question individuals with whom a victim or suspect interacted on the Internet.

In addition to reconstructing the recent past of a victim or target, try to imagine how the crime might have been committed. For instance, in a child exploitation case, consider that the offender may have spent time grooming the victim as discussed in Chapter 20. Investigators should also ask themselves whether or not the offender performed surveillance on the victim or target. For example, computer intruders may have probed the target system for the information necessary to gain access. Signs of probing and failed attempts to access the computer suggest that the offender is not very familiar with the computer. A lack of probing indicates that the intruder either knows the system intimately or is very good at removing signs of probing and intrusion.

5.2.1 Risk Assessment

Among the most informative aspects of offender-victim relationships are victim risk and the effort that an offender was willing to make to access a specific victim. Offenders who go to great lengths to target a specific, well-protected individual have specific reasons for doing so - these reasons are key to understanding an offender's intent, motives, and even identity. Conversely, if a victim did not employ any self-protective measures, an offender may have selected them for convenience and may not have a prior relationship with the victim. Also, the circumstances surrounding a crime can contribute to victim risk. If an attack against an organization occurred during a labor dispute, investigators should consider the possibility that a disgruntled employee is responsible. If the risks present during the crime are not understood, the relationship between the offender and victim cannot be well understood.

Keep in mind that the operative question when assessing risk is: Risk of what? A woman who is new to the Internet, uses her real name online, puts personal information in her AOL profile, and tries to meet people in non-sexual online chat rooms may be at high risk of cyberstalking but not necessarily of sexual assault. However, if the same woman participates in sexually oriented discussions and meets men to have sex is at higher risk of sexual assault.

Because the Internet can significantly increase a victim's risk, victimology should include a thorough search for cybertrails, even in traditional criminal investigations. It might not be obvious that a victim used the Internet but if a thorough search of the victim's computer and Internet activities is not performed, information that could drastically change victimology might be missed. Consider Sharon Lopatka, the woman who traveled from Maryland to North Carolina to meet her killer. Friends described Lopatka as a normal woman who loved children and animals. However, Lopatka's activities on the Internet give a very different impression. Lopatka was evidently interested in sex involving pain and torture. Victimology that did not include her Internet activities would have been incomplete, lacking the aspects of her character most relevant to the crime being investigated and would probably describe her as a low-risk victim when in fact she was quite a high-risk victim.

When a computer is the target of an attack, it is also useful to determine if the system was at high or low risk of being targeted. For instance, a machine with an old operating system, no patches, many services running (some with well-known vulnerabilities), located on an unprotected network, containing valuable information, and with a history of intrusions or intrusion attempts is at high risk of being broken into. Since computer security professionals often make risk assessments of computer networks, they may already have information that is useful for developing a risk assessment in an investigation involving one of their systems.

While assessing the risk of a target computer, investigators should ask themselves: Did the offender need a high level of skill and, if so, who possesses such talents? Similarly, if an offender required a significant amount of knowledge about the target system to commit the crime, investigators should try to determine how this knowledge was obtained. Was it only available to employees of an organization? Could the offender have obtained the information through surveillance and if so, what skill level and equipment was required to perform the surveillance?



Previous page
Table of content
Next page
Digital Evidence and Computer Crime
Digital Evidence and Computer Crime, Second Edition
ISBN: 0121631044
EAN: 2147483647
Year: 2003
Pages: 279
Authors: Eoghan Casey BS MA
BUY ON AMAZON
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
802.11 Wireless Networks: The Definitive Guide, Second Edition
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
Python Standard Library (Nutshell Handbooks) with
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy