Fighting Cyber Abuse: How To Collect Evidence

When you think of a crime scene, there’s probably a clear image that comes to mind. Yellow caution tape wrapped around the key areas of the scene with officers ensuring that nobody crosses over and interrupts the collection of evidence.

You may imagine some field agents searching for fibers from clothing or dusting for fingerprints. When they find something that could be considered evidence, they pick it up with gloved hands then bag and tag it to preserve that information. A piece of forensic data they’ll use to solve the case.

These precautions are taken because all of these tiny pieces of proof can be used to help piece together the puzzle of who committed the crime. It is crucial for law enforcement to be able to analyze the items from the scene exactly how they were when the crime was committed.

While a cybercrime may not occur in an environment such as this, the preservation of evidence is no less important. Though this data exists largely within code and can’t physically be picked up and examined, its conservation is essential for digital forensics analysts to do their jobs.

Why It’s Important to Collect Evidence.

All crimes leave clues scattered that can be used to uncover the culprit. Any evidence you have of the cybercrime that was committed against you is essential to your case. By gathering this information, you can help reveal the identity of the cybercriminal and take legal action to fight back against them.

What Evidence Should You Collect?

Depending on the nature of your case, the amount of information can vary. However, you should include any data pertaining to the identity of the criminal, what type of crime unfolded, the time and location of the crime, and how it was carried out. Useful evidence can include the ways in which the perpetrator contacted you, conversation and transaction history, and any other proof of harmful measures taken against you.

Collecting Screenshots and Photos.

One of the best ways to collect digital evidence of a cybercrime is by gathering screenshots and photos. This enables digital investigators to compile proof which can be used to find the culprits digital footprint. But, each devices has a slightly different method for obtaining these screenshots, so keep reading to learn how to complete on the main device types.

How To Collect Screenshot Evidence Using a Mac

There are multiple different ways to screenshot evidence using a Mac depending on what kind of content you’d like to be captured.

Entire Screen – Press Shift, Command, and 3 simultaneously. You can click the thumbnail or find the screenshot on your desktop to edit it.
Portion of the Screen – Press Shift, Command, and 4 simultaneously. The pointer will turn into a crosshair which you can drag to take a screenshot of a selection by releasing the mouse.
- To move the selection without changing its size, hold Space while dragging.
Window or Menu – With the window or menu open, press Shift, Command, and 4 simultaneously. Then, press Space. The pointer will turn into a camera icon. Click the window or menu to take a screenshot.
- To exclude the window’s shadow from the screenshot, hold Option while you click ⁽¹⁾.

How to Collect Screenshot Evidence Using a PC

Windows 10 and 11 each have a slightly different method for taking a screenshot or “snip” of potential evidence, so we will cover both.

Windows 10 – To open the snipping tool, do one of the following:

Search for “snipping tool” in Windows menu.
Press Windows Logo Key, Shift, and S simultaneously.
Press Print Screen (PrtSc).

From the snipping tool, you can choose to make a free-snip, rectangular snip, window snip, or full-screen snip.

Windows 11 – Taking a snip in Windows 11 is the same as in Windows 10 with the addition of taking video snips. To do this, do one of the following:

Open the snipping tool and select video snip.
Press Windows Logo Key, Shift, and R simultaneously ⁽²⁾.

If you are struggling with threats of blackmail contact our helpline

How to Collect Screenshot Evidence on an iPhone

Taking a screenshot on iPhones varies depending on whether your model has a home button. So, we will cover how to screenshot evidence on both.

Home Button – Quickly press the Power button and the Home button simultaneously.
No Home Button – Quickly press the Power button and the Volume Up button simultaneously.

You will find “Full Page” in the editing options, which allows you to take a screenshot of content that extends past what’s visible on screen ⁽³⁾.

iPhones also have a screen recording feature which allows you to take a video of evidence on your screen. To take a screen recording, do the following:

Swipe down from the top-right corner of the screen.
If the Screen Recording control is not already in the Control Center, tap and hold the screen and add the control from the gallery.
Tap the Screen Recording control and wait three seconds for recording to start.
Stop the recording by pressing the red circle at the top of the screen ⁽⁴⁾.

How to Collect Screenshot Evidence on an Android

Due to the numerous models of Android phones, there is some variance taking screenshots of evidence.

You will either press the Power button and Volume Down button simultaneously or press and hold the Power button for a few seconds and select “Screenshot”.
If your phone runs Android 12 or up, take a scrolling screenshot by doing the following.
- Press the Power button and Volume Down button simultaneously.
- Select “Capture more” at the bottom of the screen.
- Use the crop guides to select which content you’d like to take a screenshot of.

Like iPhones, Android phones also give the option to take a screen recording. To access this feature, do the following:

Swipe down twice from the top of the screen.
Tap Screen record. If it is not already in your Quick Settings, tap Edit and add it.
Tap start and wait for the countdown to begin the recording.
Stop the recording, swipe down from the top of the screen and select the Screen recorder notification ⁽⁵⁾.

Collecting URLs

Collecting the list of sites and platforms in which the scammer has contacted you can be helpful in the investigation. Any links you have been sent from the perpetrator should also be collected. These can contain hidden malware that grant access to your private data. Any sites that the scammer used can provide analysts with crucial information on how they created the links and where those links originated.

Collecting Payment Information

While you should never pay your scammer, any transaction history can be used as evidence if payments have already occurred. This data can provide analysts with crucial knowledge of the perpetrator’s location, banking information, and other accounts that your money has been moved to which can uncover a larger network in which many scammers operate.

Please note that while this information does help discover the perpetrators’ identity, recovering funds from a scammer is much more difficult. For more information on the likelihood of recovering funds when scammed online, click here.

What Not to Collect or Submit.

You do not need to submit any sensitive data that is being used to blackmail you. This includes any explicit photos that a blackmailer is using to extort you. It is important to remember that no legitimate cybersecurity agency will ask you for any of this data. Any that do are likely recovery scams.

The only exception would be hash-based tracking engines used to fight NCII abuse like StopNCII.org or their siter organization TakeitDown. These organizations fight against intimate content abuse in cases such as revenge porn. They use the image files of explicit content to prevent reuploading without consent if your nudes have been leaked through a process known as hash-based matching

Who Should You Send the Evidence To?

Law Enforcement – The first thing you should do with your evidence is file a police report. The local police can help with blackmail if the perpetrator is doing so locally. If not, the report can be referenced when contacting a national agency who can help you investigate crime throughout the country.
Cybersecurity Experts – If the crime is not within the borders of your country, a cybersecurity agency may be able to help. Unlike law enforcement, these professionals work not to prosecute criminals but to identify them and potentially get your content out of the criminals hands to prevent leaks.
Attorney – Once you have the necessary data to unmask your harasser, you should look to the aid of an attorney. At this point in the process, they will be able to help you take the necessary steps to take legal action. They can also provide resources that can assist you with emotional support. For more information on working with an attorney in cases of online blackmail or sextortion, click here.

Working With Digital Forensics.

Digital Forensics can assist you in collecting the necessary evidence to bring your harasser to justice. Our techniques can uncover information such as IP addresses that help you discover the name, location, and accounts of the person committing cybercrimes against you. Using this data, we can connect you with law enforcement around the world that can help you seek justice.

If you have fallen victim to a case of online blackmail, do not waste any more time. Contact our Blackmail Helpline today for a confidential consultation with one of our experts.

Sources:

DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.

What are You Looking for?