Cybercrime investigations involve identifying and analysing evidence with the goal of exposing a cybercrime. Cybercrime investigations can require the use of many digital tools and looking at a range of social media platforms. The process can be stressful and time-consuming, as proving an online crime may prove to be more difficult. Investigators need to deal with tracking down the offender while also understanding what took place and how. 

What does a cybercrime investigation cover?

Cybercrime investigations are used by organisations for a number of situations including:


Cyberbullying is affecting more people than ever before as individuals tend to use social media for work and for entertainment purposes. A Pew Research survey found that over 40% of adult Americans were harassed online in some shape or form, including sexual harassment, physical threats and sustained harassment. Cyberbullying is generally not a crime and unfortunately may not be followed up on unless it leads to significant consequences. However, in some circumstances it may breach telecommunications laws, or stalking/harassment laws. A cybercrime investigation might be necessary in some circumstances to uncover who was involved and the extent of the cyberbullying. Even though cyberbullying isn’t a crime, it maylead to crimes if actions are taken offline. 

Cyberbullying is not always between random people on the internet, it can be between colleagues. It is advisable to check on employee wellbeing often because if cyberbullying is taking place they might not report it due to them misunderstanding the requirements for making a complaint. Employees may think that issues outside of work hours between their co-workers are for them to handle. Fortunately, that’s not the case. 

In situations where a co-worker harasses another employee online, a cybercrime investigation can follow after a complaint if the crime is serious. The company will need to evaluate and make a decision based on the evidence provided by the employee(s). 


While stalking is a criminal offence, a lot of laws are behind when it comes to acknowledging cyberstalking or defining it as a crime. Cyberstalking involves the use of technology to intimidate individuals online by acquiring as much information about them as possible. The victim may be tracked through social media, sometimes with the intention of harm. While cyberstalking is illegal in the US, a lot of countries do not fully understand what it entails and what is the extent of its severity. 

Cyberstalking may require a cybercrime investigation if it’s getting serious or leads to issues such as identity theft, fraud or personal harm. Stalking someone online can lead to similar consequences as cyberbullying including declining mental health, stress and worsening overall wellbeing. 

cybercrime investigation

Phishing or other types of scams

Phishing has evolved so much over the years that now it may require extensive cybercrime investigations to uncover groups of people working on different victims. Businesses can suffer from phishing as employees may think they are speaking or responding to an email from the CEO or manager, when in reality, it is a scammer on the other side. 

How realistic can scams be? A cybercrime investigation may uncover messages from scammers pretending to be recruiters, Microsoft or insurance employees. They might send an email pretending to be an employee’s boss or someone of higher rank asking them to send money to them temporarily. Scammers tend to use urgency to catch people off guard and give them little time to think. They may send them invoices presenting purchases they didn’t make and giving them a false number to call and fix it. 

Cybercrime investigations can lead to solutions that will assist with fund or account recovery (if possible). 

Ransomware/Malware and data breaches

A malware attack refers to individuals intentionally installing malicious software in the device of the victim. The goal of a malware attack is to tamper with a system’s functions and steal sensitive information or funds. A ransomware attack follows a similar process but it locks up files so they cannot be accessed unless a ransom is paid. 

These two methods are usually what lead to a data breach. After a virus is installed, the virus may be able to steal information without the victim realising it until it’s too late. A cybercrime investigation follows after a data breach in order to understand what happened, analyse the situation, take any steps to minimise ongoing damage and prevent this from happening again in the future. Cybercrime investigators will be able to identify weaknesses within the company’s cybersecurity and help in reporting the attack and strengthening the current systems in place. 

Identity theft

To expand on the identity theft mentioned earlier, identity theft occurs when someone uses an individual’s personal information such as name, date of birth and/or financial details, without their permission for personal gain or personal interest. In some cases, documents such as passports and birth certificates may also be used if the criminal intends to take out loans in the victim’s name. Except for financial consequences, the victim may also suffer from a poor credit score making them unable to purchase assets such as property in the future. 

Between 2021 and 2022, almost 160,000 people experienced identity theft and 509,500 were victims of online impersonation. These crimes can often lead to criminal charges for victims, for crimes they didn’t commit. Unfortunately, the rates for identity theft, and other cybercrimes, have been increasing over the past few years, and more people are affected each day. While today there is software that can notify victims of potential identity theft, it is usually not identified until it’s too late. Companies can help employees by educating them on the importance of being cyber-aware, especially if they work from home. 

Do you want a faster cybercrime investigation?

Polonious offers investigators a secure and efficient system where they can set up one-tap reporting, automated case updates and reminders and better overall workflows. Digital evidence can be securely stored in our system and can be accessed by the right people online or offline. Our system can also be integrated with different software and can help investigators achieve better workload management by managing everything in one place. Do you want to know more? Book a demo!