Section-III

Criminal Investigation
"A lawful search for people and things to reconstruct the circumstances of an illegal
act, apprehend or determine the guilty party, and aid in the states prosecution of
the offender. The collection of information and evidence for identifying,
apprehending, and convicting suspected offenders.”

The goal of a criminal investigation is to determine whether someone is guilty and

to uncover the truth using legal methods. This is done by the police or law
enforcement agencies, who collect and present evidence in court.

It's essential for the police to investigate thoroughly so that criminals or

lawbreakers can be brought to justice. Without a proper investigation, proving a
crime in court becomes impossible.

Once a First Information Report (FIR) is registered, the police must begin an
investigation by following these steps:

 Visit the crime scene.

 Understand the facts and background of the case.
 Identify and arrest the suspected person(s).
 Collect evidence related to the crime.

Only the officer in charge of the police station has the authority to investigate a
cognizable offence—these are serious crimes where police can arrest a person
without a warrant.

For an effective criminal investigation, the following support and facilities are
essential:

 Public cooperation is vital, especially the help of witnesses.

 Investigators must be well-trained and properly equipped to handle
cases professionally.
 Logistical support such as transport, financial resources, and other basic
needs should be readily available.
 Evidence collection kits and assistance from other government
departments are necessary to collect and preserve crime scene evidence
properly.
 Modern technology, like computers, audio and video players, should be
available to store and present evidence in court.
 Forensic science laboratories must be fully equipped to analyze
fingerprints, DNA, voice samples, weapons, and chemical traces.
 Strong coordination between law enforcement agencies is important,
along with proper legal backing, to ensure smooth and lawful investigations.
Principles of Criminal Investigation (Simplified):

The way investigators handle a crime scene depends on what they find when they
arrive.
For example, a murder case needs a different approach than a robbery case.
To make sure the investigation is complete and organized, investigators usually
follow seven basic steps.
However, these steps are flexible — they can be done in a different order, some can
be combined, or even skipped — depending on what the situation demands.

Define the Crime Scene and Identify Hazards

 First, figure out how big the crime scene is and check for any dangers.
 Find the main spot where the crime happened (called the focal point).
 Mark a big enough area to cover all possible evidence. This could range from
a small room to many kilometers (like in a bomb blast).
 Look for possible paths where the criminal may have entered or exited.
 Always think about safety. There could be weapons, harmful chemicals,
biohazards, or even traps at the scene.
 If doctors, firefighters, or coroners are on the scene, tell them what not to
touch to avoid disturbing evidence.

2. Secure the Crime Scene

 Locard’s Principle of Exchange says that everyone who enters or leaves a

crime scene brings in or takes away some evidence. That’s why securing the
scene is critical.
 Set up a cordon (barrier) around the scene.
 Keep a log of everyone who goes in and out.
 Create one standard path for entering and exiting the scene.
 If needed, make extra spaces for storing evidence or for team discussions.

3. Plan, Communicate, and Coordinate

 Before collecting evidence, figure out what kind of crime you’re dealing with.
 This helps you predict what evidence might be present.
 You may need to talk to witnesses or other involved people to understand
what happened.
 Use this information to create a plan for collecting evidence. Consider
weather, lighting, and time of day.
 If the case is complex, you can call in forensic experts or other specialists to
help.
4. Do a Primary Survey/Walkthrough

 Start with a quick but careful walk through the scene to decide which
evidence is most important.
 The lead investigator will make notes and take early photographs of
everything.
 Document everything: room temperature, smells, positions of objects,
condition of equipment, etc.
 To make movement easier without disturbing evidence, mark a clear
“evidence-free” path to move through the scene safely.

5. Document and Process the Scene

 Once the plan is ready, the crime scene team begins a careful and well-
organized investigation.
 All useful evidence (called probative evidence) is collected.
 The entire scene is recorded using digital cameras, video recorders, or 3D
scanners if available.
 In some cases, detailed drawings or sketches are also made to show the
layout and position of evidence.
 Proper methods are followed to collect, pack, and preserve evidence—
especially biological materials like blood, hair, or skin, which are easily
damaged by weather or mishandling.

6. Conduct a Secondary Survey (Review)

 After the main evidence collection, a second check of the crime scene is done
to ensure no important evidence was missed.
 This step works as a quality check:
o To confirm everything listed in the first walkthrough was collected.
o To search for any new evidence that may have been missed earlier.
o To officially confirm the crime scene has been fully processed and can
now be opened to others.

7. Record and Preserve Evidence

 Every piece of evidence is listed in an evidence inventory log to make sure

nothing is lost.
 The details in the log (like size, type, and markings) must match the
photographs and the official crime scene report.
 For example, if a gun is found, its serial number in the log must match the
number in the photos taken on site.
  This process creates a chain of custody, which tracks every time the
evidence is handled or moved—important for ensuring it can be trusted in
court.

Manual of Preliminary Investigation

 A preliminary investigation is the first action taken by the police when

a crime is reported.
 The main goal is to collect early evidence that:
o Confirms a crime actually happened,
o Helps identify the offender,
o Leads to the arrest and conviction of the criminal.

Main Steps in a Preliminary Investigation

The investigation usually includes the following important tasks:

 Confirm that a crime took place.

 Identify the victim, the location, and the time of the crime.
 Find solvability factors — information that increases the chance of solving
the case.
 Record and report all the crime details.
 Check which investigation steps have been done and which are still left.

Clues That Help Solve a Crime (Solvability Factors)

These key details can help investigators solve the crime:

 People who witnessed the crime.

 Knowing the suspect’s name.
 Likely locations where the suspect may be found.
 A description of the suspect’s appearance.
 Any proof linking the suspect to the crime.
 Stolen or involved property with unique features.
 A clear pattern or method the suspect used (modus operandi).
 Vehicles or transport used by the suspect.
 Useful evidence found at the crime scene.
 Belief that publicizing the crime may help solve it.
 If further investigation may lead to results.
 If only one person could logically have committed the crime.

Intelligence Operations

Intelligence operations refer to systematic efforts carried out by state agencies,

military institutions, and specialized departments to collect, analyze, and interpret
information with the aim of identifying the capabilities, intentions, and
vulnerabilities of rival states, non-state actors, or potential threats. These
operations play a crucial role in shaping national security strategies, military
preparedness, and diplomatic decisions.

Objectives of Intelligence Operations

To achieve strategic foresight and preparedness, intelligence must perform the

following core functions:

1. Assessment of Current Conditions and Capabilities

Intelligence agencies evaluate the political, military, economic, and social
situation of the target entity to understand its strengths and weaknesses.
2. Prediction of Adversarial Actions
Based on available data and trends, potential moves and decisions of
adversaries are predicted, allowing proactive countermeasures.
3. Identification of Critical Vulnerabilities
Intelligence helps to detect weaknesses in enemy infrastructure or policy that
can be exploited in defense or diplomacy.
4. Formulation of Counterstrategies
Intelligence assists policymakers and military planners in developing effective
responses and contingency plans against anticipated threats.

Types of Intelligence

1. Strategic/National Intelligence
This refers to broad-spectrum information related to national security,
politics, economics, and societal trends of foreign nations. Strategic
intelligence shapes long-term policies and is generally handled by national
intelligence agencies (e.g., ISI, CIA, MI6).

1. Military Intelligence
Gathered by defense departments or military units, this type focuses on the
enemy’s military strength, deployment, logistics, weapons technology, and
combat readiness. It is crucial for operational planning and defense strategy.
Industrial Intelligence
Industrial intelligence refers to the information collected by business firms
about their competitors. This may include market trends, pricing strategies,
product innovations, or corporate tactics. In the globalized economy,
corporations often engage in industrial espionage to maintain or gain
competitive advantage.
2. Political Intelligence
Political intelligence involves acquiring insights into political strategies,
campaign planning, policy directions, or potential threats to state stability. In
democratic states, it is often used to assess political opponents, while in
authoritarian regimes, it may help rulers detect plots or opposition
movements.
3. Counterintelligence
Counterintelligence encompasses all activities aimed at neutralizing or
 preventing adversaries from gaining access to sensitive information. This
includes identifying double agents, securing communication lines, and
monitoring foreign intelligence operatives. It plays a defensive role in
protecting national secrets and critical infrastructure.

Categories of Intelligence Collection

Intelligence collected through covert means typically falls into the following three
major categories:

1. Human Intelligence (HUMINT)

This involves gathering information directly from human sources, including
spies, informants, or defectors. HUMINT is especially valuable for
understanding the intentions, motives, and internal discussions of rival
entities, which technical methods cannot capture.
2. Signals Intelligence (SIGINT)
Signals intelligence is the interception of communications and electronic
signals. This includes the tapping of telephones, emails, and radio
transmissions. It provides critical information regarding operational plans,
coordination of attacks, or diplomatic communications.
3. Imagery or Photographic Intelligence (IMINT)
Collected through reconnaissance aircraft, satellites, or drones, this type of
intelligence captures visual data of enemy movements, installations, or
terrain features. Advanced tools like thermography and radar are also used to
detect objects not visible to the naked eye. It is vital for military planning and
surveillance operations.

Significance of Intelligence Operations

The integration of these intelligence types ensures a holistic view of potential

threats. For example, while signals intelligence may track troop movement, human
intelligence can uncover the motive behind the movement, and photographic
intelligence can confirm their current location. Intelligence operations thus facilitate
effective decision-making, from battlefield strategies to foreign policy formulation.

Tradecraft in Intelligence

The term tradecraft refers to the specialized techniques and methodologies

employed in clandestine operations and espionage. It includes covert surveillance,
code decryption, counter-intelligence, and use of technology for information
gathering.

Significance of Intelligence in Modern Governance

In the contemporary security paradigm, intelligence serves as the first line of

defense. It aids in preempting terrorist activities, managing internal insurgencies,
countering cyber warfare, and conducting diplomatic negotiations. Countries with
robust intelligence systems are better equipped to safeguard national interests and
respond effectively to both conventional and asymmetric threats.
Principles of Intelligence Operations

Intelligence operations are the cornerstone of effective decision-making in security,

military, and strategic affairs. Their success depends not only on data collection but
also on how efficiently information is processed, analyzed, and utilized. The
following are key principles that guide effective intelligence operations:

1. Centralized Management

Effective intelligence requires coordinated and centralized management. It is not a

product of isolated efforts but the outcome of integrating multiple specialized
domains such as human intelligence (HUMINT), signals intelligence (SIGINT), and
imagery intelligence (IMINT). A centralized command ensures that intelligence
collection, analysis, and dissemination are harmonized to produce actionable
insights.

2. Accurate Evaluation and Timely Dissemination

Intelligence must be interpreted correctly and delivered efficiently. The intelligence

officer plays a crucial role as both analyst and communicator, ensuring that all
implications of intelligence findings are clearly understood by decision-makers.
Their continuous involvement in the planning process ensures that intelligence
remains relevant and is properly aligned with strategic goals.

3. Tailored and Timely Intelligence

One of the fundamental principles of intelligence operations is relevance.

Intelligence must be specifically tailored to the needs of the user—whether a
military commander, policymaker, or security agency. It should be formatted clearly
and delivered promptly to influence decisions effectively. The focus must be on
transmitting accurate, relevant, and timely intelligence—not just raw data—to the
right person at the right moment.

4. Utilization: The Final Step

The true value of intelligence lies in its application. Intelligence holds no intrinsic
worth unless it is used to support operational planning or real-time decision-making.
The intelligence cycle—collection, processing, analysis, dissemination—is
incomplete unless the information is acted upon. Therefore, intelligence must
ultimately feed into policy formulation, threat neutralization, and tactical or
strategic execution.

Database Investigation

In the digital age, databases play a vital role in storing and managing large volumes
of sensitive information. A database is essentially a structured collection of data,
often organized in files or tables, that can be accessed and manipulated through
queries. Given the critical nature of the information stored—such as financial
records, personal identities, and classified intelligence—it is essential to conduct
forensic investigations on databases to prevent and trace cybercrimes.

Purpose and Importance

Database investigation primarily focuses on crimes related to computer technology,

which has become an integral part of modern life. With the increasing dependence
on digital systems, computer-related crimes such as:

 Financial fraud
 Unauthorized access or hacking
 Identity theft
 Intellectual property theft

are becoming more frequent. These crimes often target databases to retrieve or
manipulate sensitive data, making database investigation an indispensable
component of digital forensics.

Challenges in Database Investigations

For intelligence analysts and law enforcement agencies, one of the major
challenges is locating specific information across vast and often disconnected data
repositories. Investigations typically involve:

 Accessing hundreds of databases, each with its own security protocols and
passwords
 Manually extracting and compiling data from each source
 Analyzing and connecting the extracted data to find meaningful links

This process is time-consuming and complex, often compared to “finding a needle

in a haystack.”

Technological Advancements

To overcome these challenges, agencies like the Federal Bureau of

Investigation (FBI) have introduced advanced tools. One such example is the
Data Integration and Visualization System (DIVS), a cutting-edge platform
that:

 Integrates the FBI’s most-used databases

 Enables a single-source search capability
 Pulls information from hundreds of datasets in real time
 Provides access to millions of documents from one location

By simplifying data access and improving analysis efficiency, DIVS significantly

enhances the ability of investigators to trace criminal activity and gather critical
evidenc

Principles of Database Investigation

Database investigations form a critical part of digital forensics and cybercrime
detection. As sensitive and potentially admissible evidence is often stored digitally,
it is essential to follow strict forensic protocols to ensure the integrity, admissibility,
and credibility of digital evidence. The following principles govern effective and
legally compliant database investigations:

1. Preservation of Original Data

The most fundamental principle is that data stored on a computer or storage

media must not be altered or tampered with during an investigation. This is
crucial because:

 Such data may later be presented as evidence in court.

 Any modification can compromise its credibility and legal admissibility.
 Investigators must use forensically sound methods to create exact copies or
“bit-by-bit” images of data for analysis.

2. Competency of Investigators

Any person handling the data must be technically competent and trained in
digital forensics. The investigator must be capable of:

 Accessing and handling the data without altering it.

 Explaining the relevance of the evidence and justifying each
procedural step.
 Demonstrating expert-level understanding of database structures, query
language (SQL), and relevant software tools.

3. Maintenance of Audit Trails

A complete and verifiable audit trail must be maintained for all actions taken
during the investigation. This includes:

 Documentation of the processes, tools, and methods used.

 Records of data accessed, copied, or analyzed.
 Logs that can be reviewed by an independent third party to verify the
consistency and accuracy of the investigation.

The ability of an external expert to replicate the process and obtain the same
results is essential for ensuring objectivity and fairness.
4. Legal and Ethical Accountability

The investigator in charge must take full responsibility for ensuring that:

 All actions comply with relevant laws, regulations, and ethical

standards.
 The chain of custody is rigorously maintained.
 Investigative integrity is upheld, especially when handling confidential or
classified information.

This principle ensures accountability and builds the credibility of digital

evidence in judicial proceedings.

Electronic Investigation: Principles and Practices

Electronic investigation refers to the systematic process of identifying, collecting,

preserving, analyzing, and presenting electronic evidence in criminal cases. With
the advancement of technology, a significant proportion of criminal activities—
ranging from financial fraud to cybercrimes—now involve digital footprints,
making electronic investigation a critical component of modern law enforcement.

Nature and Characteristics of Electronic Evidence

 Electronic evidence includes any information or data of investigative

value that is stored on or transmitted through an electronic device.
 It may include emails, logs, databases, text messages, multimedia files,
metadata, and more.
 It is often latent, much like fingerprints or DNA—existing but not
immediately visible or accessible.
 It can transcend national boundaries with ease, requiring international
cooperation in investigation.
 It is fragile, easily alterable, destructible, or corruptible, and thus requires
careful handling and urgency.

General Principles of Electronic Evidence Handling

To maintain the integrity and admissibility of electronic evidence, the following

forensic and procedural principles must be strictly adhered to:

1. Integrity Preservation
o Any action taken during collection or analysis must not alter the
original evidence.
o Forensic tools and methods that create exact replicas (bit-stream
images) are used for examination purposes.
2. Expert Handling
 oOnly trained and qualified personnel should be allowed to
examine, access, or interpret electronic evidence.
3. Documentation and Chain of Custody
o Every activity related to the seizure, examination, transfer, or
storage of digital evidence must be thoroughly documented and
preserved for audit and legal scrutiny.

Steps in Handling Electronic Evidence at a Crime Scene

The electronic evidence collection process involves several key steps:

1. Recognition and Identification

o Identifying potential sources of electronic data such as laptops, mobile
phones, USBs, hard drives, routers, etc.
2. Documentation
o Photographing and recording the state and position of each device
before any interaction.
3. Collection and Preservation
o Devices should be collected in a manner that avoids tampering, static
discharge, or unauthorized access.
o Use of Faraday bags may be required to block remote access during
transport.
4. Packaging and Transportation
o Proper anti-static packaging and secure transport to a forensic lab are
necessary to ensure data integrity.

Common Sources of Electronic Evidence

 Internally attached hard drives (e.g., in PCs, laptops)

 External storage devices (USBs, SD cards, portable HDDs)
 Mobile phones and tablets
 Cloud storage services and email accounts
 Smart devices and Internet-of-Things (IoT)

Each of these can yield crucial information such as user behavior, communication
records, location history, or traces of criminal activity.

Forensic Investigation: Meaning, Scope and Importance

The term "forensics" originates from the Latin word forensis, meaning “of the
forum” — referring to the Roman forum where legal cases were presented and
debated. In modern usage, forensic broadly refers to anything related to courts
or legal proceedings, particularly in the context of scientific investigation to
aid justice.
Definition and Purpose

A forensic investigation is the lawful and methodical process of collecting,

analyzing, and presenting evidence and facts in a court of law. It plays a pivotal
role in criminal justice systems worldwide, helping to determine the truth behind a
crime or dispute through scientific methods.

This type of investigation can apply to a wide range of criminal activities, including
but not limited to:

 Murder
 Kidnapping
 Sexual assault
 Arson
 Financial fraud
 Cybercrimes

Scope of Forensic Investigation

Forensic investigation encompasses several scientific disciplines, each providing

specific insights into different aspects of the crime. These include:

 DNA Analysis: Used to identify individuals through biological samples such

as blood, hair, or skin.
 Fingerprint Examination: Matches latent prints found at the crime scene
with suspects.
 Ballistics: Analyzes firearms, bullets, and the trajectory to determine
weapon use.
 Chemical Examination: Identifies substances such as drugs, poisons, or
accelerants in arson.
 Trace Evidence Analysis: Involves microscopic materials like hair, fibers,
paint, or glass.
 Soil and Blood Comparison: Compares samples from crime scenes to link
suspects.
 Electronic Evidence: Includes digital footprints from devices like computers
and mobile phones.

Forensic Investigation and Crime Scene Analysis

While forensic science is broadly used in many contexts, most public understanding
is centered on crime scene investigations, where physical evidence is
recovered, documented, and analyzed. Different types of crimes require
specialized forensic techniques:
  Arson: Use of chemical analysis to detect accelerants and identify ignition
points.
 Homicide: Comprehensive examination involving ballistics, DNA, bloodstain
patterns.
 Kidnapping: Use of digital forensics, trace evidence, and surveillance
reconstruction

Forensic Science and Its Role in Criminal Investigation

Forensic science refers to the application of scientific principles and techniques to

matters of law. It encompasses a wide range of disciplines utilized for the
collection, preservation, and analysis of physical and biological evidence
during criminal or civil investigations.

Role of Forensic Scientists

Forensic scientists play a critical role in modern investigations and the criminal
justice system. Their responsibilities typically include:

 Evidence Collection: Some forensic experts are deployed to crime scenes

to identify and collect physical evidence.
 Laboratory Analysis: Others remain in laboratories, where they analyze
evidence brought in by crime scene investigators, detectives, or legal
authorities.
 Expert Testimony: Forensic scientists are often called upon to testify in
court as expert witnesses, providing objective interpretations of evidence
that can be crucial for both the prosecution and defense in legal
proceedings.

Fields within Forensic Science

While technically any scientific field can be applied for forensic purposes, the
following disciplines are most commonly associated with forensic investigations:

 Forensic Biology & DNA Analysis

 Forensic Chemistry (toxicology, substance identification)
 Digital Forensics
 Forensic Pathology
 Ballistics and Firearms Examination
 Fingerprint Analysis
 Forensic Anthropology and Odontology

Ethical Responsibilities
Due to the critical legal implications of their work, forensic scientists are bound by
strict ethical standards. They must:

 Maintain objectivity in their analysis.

 Avoid personal or political biases.
 Adhere to professional integrity to ensure evidence is neither tampered
with nor misrepresented.
 Accurately report findings, even if they contradict the expectations of the
investigative or legal teams.

Challenges in Forensic Investigations

Contrary to the simplified portrayals in popular media and television shows, real-
world forensic investigations are complex, time-consuming, and often limited
by practical constraints such as:

 Lack of resources or technology

 Overburdened forensic laboratories
 Need for specialized training and continuous education
 Legal challenges in evidence admissibility

Despite these challenges, forensic science has become an indispensable tool

in the pursuit of justice, helping to both identify perpetrators and exonerate
the innocent.