ABSTRACT
This chapter looks at how law enforcement receives and responds to the reports – from assessing the first-known facts and initiating an investigation, to using the range of investigative steps available to find out what happened and responsible. When law enforcement officials determine a reported cyber incident was likely a crime, the next questions are whether the event is something that law enforcement can and should investigate. A major factor in deciding whether a law enforcement agency can or should begin an investigation is whether there is a sufficient jurisdictional nexus. In many instances of cybercrime, multiple jurisdictions may have a legal basis for jurisdiction. Cyber incidents often have both criminal and civil components, with complicated questions of civil liability. Other important considerations for law enforcement are whether taking on a cyber investigation will act as a deterrent to future criminals, and whether the crime’s impact on the community calls for law enforcement action.
