Edited by: ANDREW COX


Since the middle ages era, the definition of crime has been limited to types of crimes committed in the physical world. In the same way, theories aimed at explaining crime including the Conflict Theory, the Theory of Social Control, and others, have defined crime within the confines of the physical world. Strategies aimed at dealing with criminal activities have been limited in their scope when defining crime within the context of the physical world. However, the growth of information systems, ICT, mass media, and increased inter-connectivity, facilitated by the internet, has revealed a new and unique form of crime: the digital world crime. These types of crimes present several challenges including legal, geographic, and web barriers, as well as the anonymity of the internet. The environment in which these crimes occur also pose a challenge to crime specialists. These challenges have created the need to identify and modify techniques used to combat crime committed in the physical world, such as criminal profiling with a view to making them applicable to e-crimes. This paper discusses the possibility of penetrating these barriers by applying the modified version of criminal profiling techniques to e-crimes.

The concept of crime has expanded beyond the physical world to the global digital world.


Profiling Cyber Criminals in the physical world

Since the 1970s, experts within the Behavioral Science Unit (BSU) of the FBI have been helping federal, state and local law enforcement agencies investigate violent crimes. This practice was initiated through offender profiling, with a view to understanding personality and behavioral traits of perpetrators. It started as an analytical technique for identifying the characteristics of the offender, based on examination of crime scenes and crime dynamics, and continued developing over the years as a tool to help investigators narrow a suspect pool (Alison et al, 2010). Offender profiling was offered within the BSU as an analytical tool and a product of training programs.

Forensic psychologists often employ deductive or inductive profiling in dealing with crimes committed in the physical world, applying these techniques to ascertain characteristics of criminals. Deductive profiling techniques involve the use of data, including crime scene evidence, forensic evidence, offender characteristics and victimology. In deductive profiling, the available information is processed by applying personal experiences, with the profiler assuming one or more facts of a case as self-evident about an offender or crime. Then, by following hunches and experience, arrive at conclusions. The ‘truth’ of facts or conclusions arrived at using deductive profiling depends upon the truth (ie, contingent truth). Also, in the deductive profiling method, the conclusions are true if the hypothesis and the premises are true and valid. On the other hand, inductive criminal profiles are created by studying statistical data, including study of the demographic characteristics and behavioral patterns shared by criminals. Inductive profiling is also theory-driven and based on the available cases of crime. Inductive profiling relies on information collected through interviews with offenders, and this forms the foundation for investigators’ profiles. Again, the inductive profile technique involves hypothesis (formalized operational definitions) for testing, and coding of data to allow for statistical analysis.

Applicability of these techniques has been possible in crimes committed in the physical world. However, applicability of these techniques to deal with crimes committed in the digital world is still debatable. It has been argued that criminal profiling is an immature, but promising, science. Perhaps this may explain that little attention has been given to such technique by both academics and practitioners. In the digital world, forensic psychologists have knowledge about the law, criminology and psychology. This can be used to better understand technological aspects relating to crime, in order to develop cyber-criminal profiles. As such, they are required to take an interdisciplinary approach when dealing with cyber crimes. Unfortunately, highlighted issues of tractability, geography, law and anonymity makes it difficult for forensic psychologists to collect information about criminals and cyber-crimes (Tompsett, Marshall, and Semmens, 2005). Again, most cyber-crimes go either unnoticed or unreported, and hence go unpunished. Importantly, it is possible to draw some parallels between non-cyber-crimes and cyber crimes. It is also possible to develop a profile from the existing techniques that can be used for law enforcement.

Most cyber-crimes go either unnoticed or unreported, and hence go unpunished.
Profiling Techniques

From the perspective of deductive profiling methods, cyber-criminal profile should be developed in a four-step process. The first step is victimology. Today, criminals victimize both organizations and individuals. This step involves understanding the aspects of organizations and individuals that attract cyber-criminals. Victimology helps security specialists understand an offender’s motive behind the crime. Victimology includes the following:

  • Politically motivated crimes (ie, cyber-terrorists).
  • Crimes driven by emotional reasons (ie, cyber-stalking).
  • Crimes committed and driven by sexual impulses (ie, paedophiles).
  • Crimes known to be less dangerous, such as sharing software by individuals, or sharing copyrighted movies (Shinder, 2010).

The second step is motive identification – what is the reason for the crime?

Victimology and motive leads to the third step – identifying offender characteristics. Several topologies and ways to classify cyber-criminals based on offender motives have been introduced (Rogers, 2006). However, changes in criminal behavior with the evolving technological environment necessitate modification of existing schemes. Other studies have suggested that crime can be addictive, and in the cyber world, criminals become addicted to the internet and computers (Nykodym et al, 2008). It is also argued this addiction, aided by various opportunities including the access and availability of the internet and computers, and fueled by criminal motives, could facilitate the making of a cyber-criminal. This understanding may be used in analyzing the modus operandi of cyber-criminal.

Modus operandi reflects criminal character (Lickiewicz, 2011). For instance, a cyber-criminal may destroy information by using a virus that is attached to an e-mail, while another may hack into a computer system by attacking the server with a view to stealing information. This suggests that one’s technical expertise helps him or her to understand the behavior of a cyber-criminal. A cyber-criminal may be required to have a level of technical efficacy successfully penetrate a sophisticated and secure network (Kirwan and Power, 2013). On the other hand, ‘script kiddie’ may use an already developed program to attack a computer system. It is worth noting that human elements, such as social engineering skills, possessed by some professional cyber-criminals should not be disregarded. This is because cyber-criminals with average technical skills can participate in a crime by employing simple techniques of subtle psychological manipulations and friendly persuasion. Kirwan and Power (2013) affirm that technical skills and other skills, including social skills and motives, determine the modus operandi of a cyber-offender.

Step four of the deductive cyber-profiling technique involves forensically analyzing digital evidence. Digital forensics are important, because it is the means through which a cyber-criminal profiler can trace the offender in the event there is no physical evidence (Kwan, Ray and Stephens, 2008). In the view of Lickiewicz (2011), not all criminals are traceable, as one of three cyber-criminals manages to remove or modify the audit trail by wiping their traceable digital footprints. The four-step approach suggested is an iterative process. New information regarding the offender, motive, victim and forensic evidence could be revealed while in an investigation proceeds.

As for inductive profiling methods, they can be applied alongside the deductive techniques described above, to help deal with cyber-crimes. For example, statistical analysis data studying demographic characteristics and behavioral patterns shared by criminals, and breaches in cyber-security, could be employed to identify criminal attack trends such as motive for attack, type of victims who are likely to be targeted, and most common modes of attack used by cyber-criminals. This may help to identify serial offenders, and other cases with similar modus operandi

The four-step approach is:

  • Victimology
  • Motive identification.
  • Identifying offender characteristics.

Forensically analyzing digital evidence


The techniques and tools discussed in this paper are worth testing in practical scenarios. It is believed that if cyber-criminal profiling is used effectively, the issue of cyber-crime may be reduced as more offenders could be brought to justice. Considering the current trend of increasing rates of cyber-crimes, it would be important for academics and practitioners to collaborate. These practices may be useful for law enforcement officers, as it may help them gather legally valid and binding evidence in order to take appropriate actions against these cyber-criminals.

Cyber-criminal profiling is a tool which could bring more offenders to justice.



Alison, L., Goodwill, A., Almond, Louise, Heuvel, C. and Winter, J. (2010) Pragmatic solutions to offender profiling and behavior investigative advice. Legal and criminological psychology, 15, 115-132.

Kirwan, G., and Power, A. (2013). Cybercrime: Psychology of cybercrime. Dublin: Dun Laoghaire Institute of Art, Design and Technology.

Kwan, L., Ray, P. and Stephens, G. (2008). Towards a Methodology for Profiling Cyber Criminals. IEEE Computer Society. Proceedings of the 41st Hawaii International Conference on System Sciences.

Lickiewicz, J. (2011). Cyber Crime psychology-proposal of an offender psychological profile. Problems of forensic sciences, 2(3): 239-252.

Nykodym, N., Ariss, S. and Kurtz, K. (2008) ‘Computer addiction and cyber crime’. Journal of Leadership, Accountability and Ethics, 35:  55-59.

Rogers, M. K. (2006) ‘A two-dimensional circumplex approach to the development of a hacker taxonomy’. Digital Investigation, 3 (2): 97-102.

Shinder, D. (2010) Profiling and categorizing cybercriminals. Retrieved on 6th July 2016 from

Tompsett, E.C., Marshall, A.M., and Semmens, C.N. (2005). Cyberprofiling: Offender Profiling and Geographic Profiling of Crime on the Internet. Computer Network Forensics Research Workshop.