Exploring Cybercrime Capabilities: Variations Among Cybercrime Investigative Units

Abstract

The current analysis utilizes semi-structured qualitative interviews with sworn cybercrime detectives, civilian digital forensics analysts, and unit administrators to consider variations between cybercrime units which bear significant implications for cybercrime investigative policy and practice. The first variation observed in this study concerns differences in the structure of digital forensics assignments. Such duties may be assigned to sworn officers, civilians, sworn officers and civilian, outsourced to other departments, or a dedicated forensic lab. Second, variations between units were noted in resource availability (tools, training, and finances). These variations among cybercrime units may have implications for personnel recruitment and retention, the sophistication of cases considered by investigators, and case success.

Keywords

cybercrime investigations policing cybercrime inter-unit differences

In recent decades, police departments have steadily adopted specialized personnel and units to grapple with technology-mediated crimes including what are commonly known as “cybercrimes.” According to the United States Bureau of Justice Statistics, in 2016 approximately 2,500 of the 12,261 U.S. police departments had personnel dedicated to cybercrime investigations (20%) while 480 have specialized cybercrime units (4%) (Hyland & Davis, 2019).¹ Among the 313 departments serving over 100,000 residents, 78% had specialized personnel and 46% had specialized cybercrime units.² The Office of Juvenile Justice and Delinquency Prevention’s (OJJDP) Internet Crimes Against Children (ICAC) Task Force Program, one of the largest cybercrime task force programs in the United States, claims that their task forces involve over 5,400 U.S. law enforcement agencies at federal, state, and local levels.³ These figures indicate that a significant proportion of U.S. law enforcement agencies are developing cybercrime investigative capabilities of one kind or another.

Amid these hundreds of units and thousands of personnel, there is no one-size-fits-all approach to unit organization and operation. Despite recent strides in cybercrime policing scholarship, few studies have scrutinized variations between cybercrime units. Just as there can be significant variations between police departments regarding characteristics like culture, operational approaches, political circumstances, and financing (e.g., Hassell et al., 2003; Maguire & King, 2020; Paoline, 2003), there also exist important distinctions between specialized units—distinctions which may impact staffing, available expertise, resourcing, strategies employed, clearance rates, and other factors related to investigative operations and administration (e.g., Crank & Langworthy, 1992; Maguire, 1997). Since cybercrime investigations will only become more central for law enforcement agencies in the coming years, there is a need to highlight potentially significant points of difference between units and how these variations may impact unit development, management, recruitment, and retention. Identification of such variations is necessary to inform future research on cybercrime policing.

The current analysis utilizes semi-structured qualitative interviews with sworn cybercrime detectives, civilian digital forensics analysts, and unit administrators gathered as part of a National Science Foundation-funded study of cybercrime units (Award No. 1916284) to consider potentially significant variations among cybercrime units. The results of this analysis constitute a story told in two parts. First, this study considers the assignment of digital forensics responsibilities within units which appears to be a significant determinant of unit organization and operations. This study traces five general models for the organization of digital forensics responsibilities among cybercrime units and their potential correlations with agency size and investments in cybercrime capabilities. The implications of these models for recruitment and retention, caseloads, case success, and sunk costs are considered. Second, this analysis considers the role of resource inequities evinced among studied cybercrime units. These include perceived deficits in access to tools (hardware or software), cybercrime investigative or digital forensics trainings, and—at the root of these deficits—financial resources. Before describing the results of this analysis, however, a review of the cybercrime investigations literature is provided. A description of the data gathering and analytic methods used in this study is as follows.

Literature Review

There is a rich body of scholarship examining police investigative practices. The literature includes observational studies of patrol officers and detectives investigative practices (Bittner, 1967; Corsianos, 2003; Sanders, 1977) and multi-agency analyses that examines factors such as investigative effort, investigator characteristics, case-specific and situational characteristics, and organizational structures and practices on unit creation and case resolution across crime types (Braga et al., 2019; Greenwood et al., 1975; Lum et al., 2018; Prince et al., 2021; Wellford et al., 2019). In recent years, this scholarship has expended its scope to include cybercrime policing and investigations.

Early studies of policing cybercrime focused on the perceptions, attitudes, and challenges of patrol officers and investigators toward cybercrime and their investigations. Studies examining perceptions of cybercrimes found that most line-line level officers (patrol and investigators) felt inadequately equipped to respond to cybercrime, whether it is the lack of proper tools, skills, training, awareness, willingness, or experience with computer-mediated crime (e.g., Bond & Tyrrell, 2018; Bossler et al., 2020; Bossler & Holt, 2012; Burruss et al., 2019; De Paoli et al., 2021; Hadlington et al., 2021; Harkin et al., 2018; Harkin & Whelan, 2022; Holt & Bossler, 2012a; Holt et al., 2010, 2020; Holt, Burruss, & Bossler, 2019; Holt, Lee, et al., 2019; Jewkes & Andrews, 2005; Willits & Nowacki, 2016). Studies also indicate that many officers prioritize street crime over cybercrime investigations as officers may not believe that such offenses are police-worthy unless the offense involves crimes against children, such as sexual abuse and/or exploitation (e.g., Bossler & Holt, 2012; Broadhurst, 2006; Harkin et al., 2018; Hinduja, 2004; Holt & Bossler, 2012a, 2012b; Holt et al., 2010, 2015; Holt, Lee, et al., 2019; Jewkes & Andrews, 2005; Jewkes & Yar, 2008; Loveday & Jung, 2021; Nhan & Huey, 2013). At the same time, these studies found that some officers at least recognize the importance of specialized cybercrime units as well as the potential risks posed by computer-mediated crimes (Bossler & Holt, 2012; Holt & Bossler, 2012a, 2012b; Lee et al., 2021). Additional research indicates that some officers are open to additional training on cybercrime and the creation of specialized units (Bossler & Holt, 2012; Holt & Bossler, 2012b; Holt et al., 2015).

Beyond officer attitudes and experiences with cybercrimes and computer technologies, researchers have documented other challenges confronting cybercrime investigations including the under-reporting of such offenses, issues arising from the often cross-jurisdictional nature of many cybercrimes, and inconsistencies in legal regimes (e.g., Boes & Leukfeldt, 2016; Button & Cross, 2017; Cross, 2020; Wall, 2007). To overcome these challenges, policing agencies have increasingly developed specialized units or become involved in task forces (Nhan, 2010; Nowacki & Willits, 2020; Willits & Nowacki, 2016). Such a strategy is unsurprising given that U.S. police agencies have increasingly turned toward specialty units and the centralization of investigations in task forces in recent decades, a trend only compounded by changes in organizational structure and complexity among such agencies (Maguire, 2003, 2009; McCluskey et al., 2014; Prince et al., 2021).

Unfortunately, few studies have examined the variables associated with agency adoption of specialized cybercrime personnel or units specifically (Hyland & Davis, 2019; Nowacki & Willits, 2020; Reaves, 2015; Willits & Nowacki, 2016). This oversight is lamentable given that studies have found that, at least in the United States, departments with dedicated cybercrime units or participate in taskforces were more likely to conduct child sexual exploitation material investigations and make related arrests (Marcum et al., 2010), and that task forces with more trained personnel result in increased investigations (Marcum & Higgins, 2011). One study by Willits and Nowacki (2016) used the 2013 Law Enforcement Management and Statistics (LEMAS) survey to examine the organizational factors associated with the use of specialized cybercrime units, finding that organizational size and number of employees were strong predictors. According to Willits and Nowacki (2016), “state level agencies are more likely to have a cybercrime unit than municipal and county agencies, and agencies with increased advanced material technology use and specialization are more likely to have cybercrime units than other agencies.” In a subsequent study (Nowacki & Willits, 2020), the authors expanded their analyses to look at the influence of organizational characteristics (e.g., size and task scope), organizational complexity (e.g., vertical differentiation, and specialization), organizational control (e.g., collective bargaining agreements and policies), agency type, and other factors to predict the adoption of specialized units. They found that agency size, task routineness, and collective bargaining agreements were related to the utilization of specialty units and/or dedicated personnel. Simply stated, the larger organization, the greater the scope of tasks, which increases the differentiation of their functions—a finding consistent with research on other types of investigative units (Maguire, 2003; Prince et al., 2021; Wellford et al., 2019).

Bossler and Holt (2012), however, warn that organizational size does not perfectly predict the presence of cybercrime investigative capabilities as even large organizations may evince little to no commitment to such cases. For instance, Brants and colleagues (2020) found that the organizational structure of policing can impact cybercrime readiness. They compared the approaches to policing cybercrime in England and Wales versus the Netherlands and, even though both locales paid growing attention to the importance of cybercrime, they concluded that “greater centralization” among police forces and operations “seems to provide more coherent policies and priorities” (Brants et al., 2020, p. 473).

Studies have observed that cybercrime units are disproportionately “civilianized” relative to other areas of law enforcement (Whelan & Harkin, 2021; Wilson-Kovacs et al., 2022). Within these units, civilians often work as digital forensics analysts tasked with extracting, processing, and analyzing digital evidence, whereas sworn officers and detectives’ responsibilities vary across agencies, entailing both traditional investigative functions and digital forensic responsibilities (Harkin et al., 2018; Holt & Blevins, 2011; Holt et al., 2012, 2017; Vincze, 2016; Whelan & Harkin, 2021). The roles and responsibilities within these units also affect outcomes. For instance, civilians in these units report comparatively high job satisfaction rates compared to sworn personnel, although such satisfaction was reduced for those who saw themselves as unaccepted by sworn officers (Alderden & Skogan, 2014; Holt et al., 2012, 2017; Skogan & Alderden, 2011; Whelan & Harkin, 2021). Regardless of the occupational differentiation in these units, research indicates that sworn and civilian cybercrime investigators experience similar stress and burnout due to exposure to obscene or extreme material (e.g., child sexual exploitation imagery) (Holt & Blevins, 2011; Holt et al., 2012), as well as the volume of evidence and expertise required to work with a range of technologies (Dodge et al., 2019; Steinmetz et al., 2023; Vincze, 2016; Watson & Huey, 2020).

The Current Study

Despite recent strides examining the characteristics of cybercrime personnel and their departments, more research is needed to understand the variations among cybercrime units, an issue that bears potentially significant consequences for both practitioners and academics. To our knowledge, no one-size-fits-all blueprint exists for the development of cybercrime units and each agency must develop their cybercrime investigative capabilities with the resources and personnel at hand in the context of their unique inter-departmental cultures and community politics. Examining differences between units may provide insights into the possible correlates and consequences that coincide with the choices that departments make (or are unable to make) in the development of their cybercrime responses.

Method

Sample

This study examines qualitative semi-structured interviews drawn from a National Science Foundation-funded research project involving interviews with 47 cybercrime law enforcement investigators, including sworn officers, civilian analysts, and unit administrators. The sampling strategy utilized was purposive, focusing on units which specialize in cybercrime investigations. For example, drug units that use social media data in some of their investigations were not included. Units involved in this study include ICAC, cyberfraud, and general cybercrime units. Civilian analysts were included in this study because of their vital role in cybercrime investigations and that this area of policing is more acutely impacted by the “civilianization of policing” (Whelan & Harkin, 2021).

Participants were recruited through a purposive sampling strategy. A list of agencies housing cybercrime units was compiled from multiple sources including the International Association of Chiefs of Police Law Enforcement Cybercenter’s webpage, the ICAC Task Force Program webpage, Internet searches, and word-of-mouth.⁴ Once units were identified, researchers contacted agency administrators and supervisors to gain permission to conduct interviews with officers and analysts. Consenting administrators then supplied names and contact information for officers and analysts assigned to their cybercrime investigations. Potential participants were individually contacted to solicit participation. Assurances were given that researchers would not disclose their participation or lack thereof to their supervisors. Investigative officers, civilian analysts, and unit supervisors were included in this study.

The 47 interviews totaled 71 and a half hours ranging from 47 min to 2 hr and 28 min (x̅ = 1 hr and 28 min). Table 1 presents descriptive statistics for the participants. Participants ranged in age from 27 to 65 years old (x̅ = 42.68). Most were White (89%) and male (80%). These demographic characteristics generally reflect policing in general, which is disproportionately a White (71%) and male (88%) occupation, although our sample is whiter and more female than national averages (Hyland & Davis, 2019).

Table 1.

Descriptive Statistics.

Variable	n (%)
Age	Range: 27–65, x̅ = 42.68 years old
Race
White	42 (89.36%)
Hispanic	1 (2.13%)
Black	2 (4.26%)
Indian	1 (2.13%)
Multi-ethnicity	1 (2.13%)
Gender
Male	38 (80.85%)
Female	9 (19.15%)
Role/rank
Detective	19 (40.43%)
Trooper	3 (6.38%)
Detective sergeant	11 (23.40%)
Lieutenant	1 (2.13%)
Captain	1 (2.13%)
Federal agent	3 (6.38%)
Civilian	7 (14.89%)
Time in law enforcement	Range: 2.5–41, x̅ = 17.64 years
Time in investigations	Range: 0–27, x̅ = 9.72 years
Time in cybercrime investigations	Range: 0–24, x̅ = 5.64 years
Time as an administrator	Range: 0–14, x̅ = 4.67 years

Data Gathering

In-depth semi-structured “active” interviews were gathered employing open-ended questions to elicit data (Holstein & Gubrium, 1995). Interviews have been an integral data gathering method for policing research over the years, with numerous foundational studies drawing from such data (Ericson, 1981; Hawk & Dabney, 2014; Innes, 2002; Sanders, 1977). Such interviews involve probing questions to follow unexpected but relevant avenues of inquiry (Berg, 2009) and allows for revisions to interview schedules to account for new discoveries that appear during data collection (Warren, 2002).

The research was approved by our institution’s review board.⁵ Informed consent was gathered, and each participant was assigned a pseudonym to protect their identity. Starting fall 2019, research personnel traveled to conduct interviews with participants in-person. With the onset of the COVID-19 pandemic, the project shifted to VoIP (voice over Internet Protocol) interviews. Forty-six of the 47 interviews were audio recorded with participant consent. One participant did not consent to recording and so notes were taken by a research assistant during the interview. Recordings were transcribed with personal identifying information removed to preserve participant confidentiality. All data were stored on encrypted removable media. Transcripts were uploaded to Atlas.ti (version 8) for analysis.⁶

Analysis

This analysis began as an examination of the relationship between cybercrime investigators and computer technologies. During this analysis, several variations were noted between both investigators (sworn and civilian) and their home units or departments. These assessments are derived based on observations and inferences made from interview data, while others were detailed by participants themselves in their responses. Although reflective and subjective data comprise the focus of this study, the differences noted in these results may correspond to actual variations in the kinds of officers and analysts that populate the ranks of cybercrime investigations as well as differences between established cybercrime units.

The process by which these variations were systematically developed was through a Straussian inductive analytic strategy involving three stages of coding—open, axial, and selective (Corbin & Strauss, 1990; Glaser & Strauss, 1967). Open coding involves comparisons between units of data and the assignment of conceptual labels. Axial coding means that concepts are compared to one another, and categories are developed. The process of comparing each level of analysis (data, concepts, and categories), refining these levels, and developing one or more “core” categories to organize to totality of the data is selective coding. In this last step, the “core category represents the central phenomenon of the study” (Corbin & Strauss, 1990, p. 14).

Results

Cybercrime Units and the Assignment of Digital Forensics Responsibilities

One of the most pronounced variations noted between cybercrime units is in the assignment of digital forensics duties among unit personnel. The organization of digital forensics responsibilities appeared largely based on the presence of in-house digital forensics capabilities, the kinds of personnel assigned to the unit, the training provided to sworn officers, and the need for outsourcing by other investigators or external agencies. During our research, we found out that some larger police departments have digital forensics laboratories that operate independent of cybercrime investigative units. Under this approach, cybercrime units can focus on their own cases, perhaps doing minor digital forensic work, while outsourcing the more time- and skill-intensive tasks to the laboratory. None of the departments in our sample, however, utilized this approach. In fact, as far as we can ascertain, it appears that most departments in the United States assign digital forensics duties to their specialized cybercrime units and personnel. These cumulative observations add nuance to the extant literature that has recognized the tendency for larger police departments to have cybercrime investigative units due to greater funds, personnel, and resources (Hyland & Davis, 2019; Reaves, 2015; Willits & Nowacki, 2016). The composition and roles of those personnel vary, however. Many of the police departments with dedicated digital forensics labs attach those labs to their cybercrime units or situate them within the same division.

Among departments that assign digital forensics duties to their cybercrime specialists, these responsibilities are shouldered exclusively by sworn detectives. In these departments, detectives were responsible for every facet of an investigation—conducting interviews, writing and serving warrants, making arrests, and all the other duties typically expected of police detectives while also gathering, processing, and analyzing digital evidence. As one officer noted, while they may pull in other officers or examiners to help them as needed, “normally, it’s just me.”

Reliance exclusively on sworn personnel for digital forensics examinations appears to be going by the wayside as demand for digital forensics analyses increases. Instead, units increasingly rely on civilian employees (Harkin & Whelan, 2019). Digital forensics work can be extraordinarily time intensive. When combined with the other responsibilities delegated to detectives, law enforcement personnel can become easily overwhelmed with cases and evidence to process, further validating the research that recognizes the overload and burnout of cybercrime personnel (Dodge et al., 2019; Holt & Blevins, 2011; Holt et al., 2012; Steinmetz et al., 2023; Vincze, 2016; Watson & Huey, 2020). As one participant explained, “all these agencies with major cybercrimes units, they’re startin’ to look for civilian analysts” because sworn personnel, “just don’t have the time to sit down and do a full analysis of, you know, 10, 15 computers for a case” (Interview #43).

Some departments employing civilians create a strict separation of duties between sworn detectives and civilian analysts. This approach allows detectives to focus their energies on the components of their cases that require law enforcement authority (e.g., writing warrants, conducting searches, making arrests) while delegating forensic tasks to civilian employees. In fact, some officers in our study claimed to explicitly avoid involvement in digital forensics duties. One officer remarked that while they did complete some “basic forensic classes,” that they were “not a geek” and thus were assigned sworn investigative duties exclusively (Interview #9).

Further complexity emerged in the roles civilians played in cybercrime investigations, as digital forensics is a large field and analysts were trained in various tools and techniques. The interviews revealed two types of digital forensic specialists supporting cybercrime investigations. The first is the forensic examiner, analysts tasked with gathering and examining digital evidence from devices in such a way that their analyses could be used in court. Some departments, however, made use of digital media recovery specialists (DMRSs), individuals tasked extracting and providing an initial analysis of evidence on site at a crime scene or otherwise handling relatively minor forensics tasks. According to one participant, forensic examiners are “major league baseball” while DMRS personnel are “the step below triple A” (Interview #12). These specialists can “pull off pictures and videos from other digital devices. But they don’t have anywhere near the capability or the training that . . . the forensic examiners do.” Interestingly, both sworn officers and civilians can be used for these roles and the delegation of these duties varies between departments.

Of course, all officers working cybercrime cases must work with digital evidence in some capacity. Officers uninvolved in digital forensics tend to prioritize “open source” forms of evidence—material readily accessible by searching the web:

Most of our stuff, bein’ honest with you is just open source, open source while I’m tryin’ to determine who you are; searchin’ Facebook, searchin’ Instagram, searching Twitter, tryin’ to determine if I’ve got a name. So it’s open source. Or we can go to an open source webpage where I can put in an IP address and it tells me who owns it. (Interview #4)

Others may gather digital evidence by submitting warrants to the companies owning various online platforms that may house incriminating data. In these departments, however, when data need to be extracted from an electronic device or a digital forensics technique needs to be deployed to analyze data, “that all goes to forensics” (Interview #4).

Some units utilize a hybrid approach in which digital forensics responsibilities are delegated to both sworn and civilian personnel. Certain departments may provide officers with significant digital forensics training which allows them to do most, if not all, of the tasks often delegated to civilian analysts. Many departments, however, train officers for more basic digital forensics tasks and leave the more time- and skill-intensive tasks to civilians. One civilian analyst explained,

I happen to be the only analyst in my office, so I pretty much do all the analyzing for the majority of the cases. The enlisted detectives can do their own analysis and, but it’s often, it only goes up to a certain level, which, sometimes, is more than enough to, to prosecute the case. But most often, I have to take it from their level and bring it to the next level, the more technical level to present to the prosecutor together as a team to obtain charges or arrest warrants. (Interview #22)

Thus, in these cases, sworn and civilian analysts are trained in digital forensics examinations but officers may be more limited in their particular skillsets or may otherwise not have the time for the more intensive tasks.

In addition to the division of labor within cybercrime units and among specialized personnel, another important organizational factor is the outsourcing of these digital forensics capabilities. Because many units integrate these capabilities exclusively into their cybercrime units, several participants in our study indicated that their units’ forensics capabilities were outsourced to other investigators in their departments or external agencies. One ICAC investigator summarized the situation as such:

So we assist other agencies, departments, and posts with several of their computer related crimes, where we will do analysis of phones, computers, assist with social media, search warrants, all that type of thing. And then, also, on the investigative side, we also do our own proactive investigations where, where we receive cyber tips, peer-to-peer cases, social media cases, mostly involving the exploitation of children.

In this manner, these investigators are not only tasked with their own investigative duties but are also expected to perform digital forensics examinations for non-cybercrime investigators. The outsourcing of their skills will likely only increase as digital evidence becomes increasingly important for all criminal cases (e.g., Watson & Huey, 2020). One investigator, for example, noted the importance of smartphones for many criminal investigations: “Phones are everybody. Homicides, property crimes, narcotics, I mean, every, phones are pretty much every aspect of every case just ‘cause they’re so popular and everybody uses everything” (Interview #46). For this reason, cybercrime units are increasingly tapped to provide forensics services for other kinds of cases.

The digital forensics examination skills of cybercrime specialists are also often outsourced to other law enforcement agencies. Not every police department has access to digital forensics and thus may request that another agency performs these tasks on their behalf. Such inter-departmental outsourcing was particularly evident in our study within cybercrime task forces. Many of the cybercrime units in this study were affiliated with task forces, such as the U.S. OJJDP’s ICAC Task Force Program or the United States Secret Services’ Cyberfraud Task Force Program. Some task force partner agencies may only have a few investigators assigned to such cases (sometimes only a single officer). Although these investigators may have some digital forensics capabilities, they are limited compared to larger departments. Other departments may not have in-house digital forensics capabilities at all. As such, the larger home agencies (the leader of a task force) may serve as digital forensics hubs for their task forces. Unfortunately, acting as a service hub for other agencies can be a significant burden for such specialists as they have to handle their own cases while also processing digital evidence for partner organizations: “Right now, I’m piled up with cell phones, basically, from other agencies for homicides, criminal sexual conduct, larcenies, just all kinds of different, we process the evidence, digital evidence for other local agencies here” (Interview #30).

Although it is beyond the scope of this study to identify determinants of the delegation of digital forensics duties, it became apparent during our interviews that organizational size appeared to be a significant factor. Larger agencies were more likely to have digital forensics capabilities in-house, to employ civilian analysts, and to invest in digital forensics training for sworn personnel. Smaller agencies, conversely, appeared to have fewer personnel dedicated to cybercrime investigations and, as a result, were less likely to employ civilian analysts, either delegating digital forensics responsibilities to sworn personnel or outsourcing analyses to other agencies. The importance of organizational size is supported by previous research showing that agency size, occupational and functional complexity influence the adoption of specialized cybercrime units and personnel (Hyland & Davis, 2019; Maguire, 1997; Reaves, 2015; Willits & Nowacki, 2016).

Based on these findings, our study traces five separate models regarding the assignment of digital forensics duties within U.S. police departments, the division of labor among specialized personnel, and the outsourcing of these tasks to other investigators inside and outside the agency. These models are presented in Table 2 and are summarized as follows:

Digital forensics duties are conducted in-house by sworn officers assigned to a specialized cybercrime unit. These officers may be required to conduct evidence extractions or examinations for investigators outside their unit.

Digital forensics duties are conducted in-house by civilian analysts assigned to a specialized cybercrime unit. These civilians may be required to conduct evidence extractions or examinations for investigators outside their unit.

Digital forensics duties are conducted in-house by both sworn officers and civilian analysis assigned to a specialized cybercrime unit. Such personnel may be required to conduct evidence extractions or examinations for investigators outside their unit.

Department has no digital forensics capabilities in-house and, instead, relies on the digital forensics resources provided by other agencies.

Department has a designated digital forensics lab separate from their cybercrime unit. While the cybercrime unit may have digital forensics capabilities, they are not the sole resource for such capabilities within the department and, as such, the cybercrime unit is unlikely to be required to provide these services for outside agencies.

Table 2.

Models for the Assignment of Digital Forensics Responsibilities in Cybercrime Units Studied.

Model	Source of digital forensics			Personnel responsible for digital forensics				Provide forensic services for other investigators and units
Model	In-unit	Outsourced	Lab	Sworn	Civilian	Both^a	None	Provide forensic services for other investigators and units
1	X			X				X
2	X				X			X
3	X					X		X
4		X					X
5			X				X

It should be noted that some units who assign digital forensics responsibilities to both sworn and civilian personnel may utilize these personnel differentially. Some may assign these tasks relatively equally, while others may still rely mostly on civilians, even if sworn personnel are capable of these analyses themselves.

Cybercrime Units and Resource Constraints

Specialized cybercrime units in our study also appeared to vary significantly in their access to funding to support cybercrime investigations. Of course, such findings are hardly novel on their own as prior research has already established that funding is a significant obstacle to developing, implementing, and operating cybercrime investigative capabilities among law enforcement agencies (e.g., Bond & Tyrrell, 2018; Bossler et al., 2020; Bossler & Holt, 2012; Burruss et al., 2019; De Paoli et al., 2021; Hadlington et al., 2021; Hinduja, 2004; Holt & Bossler, 2012a, 2012b; Jewkes & Andrews, 2005; Wall, 2007; Willits & Nowacki, 2016). Yet, this study highlights that such resource deficits may not be experienced equally by all cybercrime units. Such inequities are worth exploring considering the degree to which such constraints appear to occupy the attention of cybercrime unit administrators and personnel. Furthermore, any resource inequities may create differential capacities to investigate and resolve cybercrime cases.

It is unsurprising that law enforcement personnel in our study often lamented the lack of funding or other resources available to support cybercrime investigations. Perceived resource deficits are a common complaint among law enforcement agencies in general. Yet, cybercrime investigations are relatively unique in that they require specialized tools and training beyond those needed for many other kinds of cases. For instance, cybercrime units may need access to cellphone extraction programs, image processing programs, write-blockers, cellphone security crackers, and related tools. Furthermore, to make use of these tools and to grapple with other idiosyncrasies specific to cybercrime cases, officers may need specialized training. Even officers not assigned digital forensics duties may need to take basic courses to understand digital evidence and the steps involved in conducting these cases.

Yet, departments in our study appeared to vary in the kinds of tools and trainings made available to personnel and much of this variation was rooted in monetary constraints. Some claimed that they were able to access most of the trainings they wanted, even if they might have to negotiate for the resources with administration. Others found the idea of acquiring sufficient resources to be borderline fantasy. One ICAC investigator explained that, “a lot of that is money, too, you know? If the money’s not there, they don’t, can get you the equipment or can send ya [to training]” (Interview #13). These resources are expensive, sometimes prohibitively so for certain departments and units.

Larger agencies in our study seemed more likely to have access to greater resources, although the financial situation for law enforcement may vary between jurisdictions. Furthermore, participants indicated that resources varied depending on an agency’s governmental affiliation (federal, state, or local). For instance, a state-level detective commented that:

I understand that money rules the day. Now it’s a little different at the federal level, don’t get me wrong, like there’s a lot of money at the federal level, but at the state level, it’s very much like, “You guys, do you really need to go to that training? Do you really need to be able to do this?” (Interview #45)

There thus appear to be significant inequities between units regarding the availability of resources and, as a result, the kinds of investigative capabilities that can be developed internally.

One method of overcoming resource deficits is grants, particularly those offered by the federal government. Yet such funding can be unreliable, as one administrator explained,

So a large part of my time has been spent going out and, and finding alter, alternate sources of funding because the federal dollars have been pretty static for a long period of time. They got reduced fairly significantly, especially as things got expanded out and then more groups came on that needed funding. We’ve had a slight uptick in the past couple years but nothing greatly significant. So that, that has become huge because, again, the hardware needs, especially the affiliates but even, you know, for us, we just, two years ago, went to a petabyte server, for example, just to manage the huge load of material that we are dealing with. And, also, to help with, you know, a lot of the requests and needs for support. So I spend a lot of time agonizing over the, the money as well. (Interview #41)

From this view, funding access can change based on political climate, availability of grant dollars, and other factors out of the control of individual departments or units.

Another popular strategy for overcoming resource limitations involves task force programs. For instance, one state online crimes against children investigator explained the benefits afforded to him through his unit’s participation in the United States Secret Service’s (USSS) program:

I’ve got a high-powered laptop. Secret service put me through, it’s called mobile device examiner school down at, went there last year, and they provided me with about 60,000 dollars-worth of equipment. And there’s like 40 of us in that class. That’s not including hotel room for four weeks, and food, and everything. So, it’s a lot of money that they put out. Provided me with a Cellebrite forensic tool, it’s called 4PC. Software magnet Axiom that also does cell phone forensics. A microscope, soldering station, external power supply to be able to power up cell phones. (Interview #14)

While it is difficult to determine if the support offered by these arrangements were uniform, many departments seemed to benefit from the additional resources offered through participation.

Generally, these task forces were dedicated to a geographic area (region or state, typically) and were housed out of a metropolitan, state, or federal agency. In at least some of these task forces, as previously noted, smaller units could outsource digital forensics analyses to the central agency if they did not have to capabilities themselves. Sometimes task forces would provide access to funding, training, and tools for these smaller agencies that they might not otherwise be able to access or afford. Thus, task forces are a potential avenue for departments to overcome cybercrime resource deficits, although further research is necessary to understand the effectiveness and uniformity of the task force model for cybercrime investigations.

Discussion: Policy Considerations

The results of this study revealed five prevailing models pertaining to the structuring of digital forensics assignments within departments and examined the differential distribution of resource deficits across cybercrime units. These findings provide general insights into the organization of cybercrime investigations and the challenges therein. This analysis now turns to consider the policy implications of these findings, incorporating additional insights from our participants as well as available literature. Implications considered include (a) the recruitment and retention of talent within cybercrime units and (b) the role of task forces in overcoming resource deficits.

Divisions of Labor, Recruitment, and Retention

As the results indicate, digital forensics divisions of labor employed among cybercrime units may impact the kinds of personnel necessary to operate the units as well as the kinds of officers likely to be recruited into the ranks. Specifically, departments interested in developing digital forensics capabilities in-house will need to recruit officers capable of or willing to learn digital forensics skills—which may constitute a relatively limited pool of candidates interested in such specialty work—or hire civilian employees (Harkin & Whelan, 2022; Nhan, 2010; Whelan & Harkin, 2021). They will thus need to make strategic investments to attract candidates willing to do such work.

In addition, the choices made regarding the structure of forensics duties—and the allocation of resources to digital forensics capabilities—not only impact the kinds of officers or civilians that departments must recruit into their ranks but may also affect the retention of such personnel. For instance, officers trained in forensic examinations and other elements of cybercrime investigations (e.g., malware and computer intrusions) may use these skills to transition to other employment opportunities (Nhan, 2010, p. 81). While most of the investigators in our study indicated that they did not have any plans at the time to move from their local- or state-level positions into federal or private-sector jobs, some did. For those that expressed such interest, private-sector jobs were said to be particularly alluring because such positions often pay significantly more and are less stressful: “I hate to say it, but anybody with a modicum of computer smarts will soon realize that they can make a lot of money and do a lot less work, you know, in the private sector” (Interview #30). Even officers who stated that they did not plan to leave acknowledged the lucrative potential of the private sector. For instance, one individual, who also works cybersecurity as a U.S. military reservist, explained that “it’s not the money” but, rather, he is motivated by “patriotism” and that “there is not that many people out there that will do it. Someone’s gotta do it.” Yet, he acknowledged he could make “two to three times as much anywhere else.”

Such turnover not only threatens the available expertise within the organization but also presents a potentially significant loss of investment. Trainings can be inordinately expensive, and these skills are portable. In fact, some participants in our study admitted that they would like to move from their local- or state-level positions into federal or private-sector jobs (we know for a fact that at least one participant in our study took a job in the private sector a year or so after their interview).

To offset potential investment losses, organizations may be tempted to rely exclusively on civilians to provide their digital forensics and related expertise. Civilians are more likely to come into their employment with computer skills in hand, as it is generally a requirement for employment. Furthermore, they only need continuing education in digital forensics and related computer-oriented training courses, whereas sworn personnel must also complete the recurring trainings often required for officers and detectives. In this manner, while civilians may leave for other opportunities, like those available in the private sector, they present a potentially diminished loss of investment for their departments upon exiting the organization. For these reasons, it thus may make sense for a department to delegate most technical tasks—including digital forensics—to civilians and limit the tasks of sworn officers to traditional investigative functions that require law enforcement authority (e.g., writing and serving warrants, conducting interviews, and making arrests).

This strict division of duties between civilian and sworn personnel could reduce the overall success of its cybercrime investigations, however. Departments with sworn personnel trained in digital forensics may find themselves with investigators more readily equipped to tackle more advanced cases (Nhan, 2010, p. 82). Previous research has noted a tendency for cybercrime investigators to prioritize “low-hanging fruit”—cases which are less technologically sophisticated and easier to work (Jewkes & Andrews, 2005). Having personnel trained to understand the ins-and-outs of digital evidence, devices, networks, and other technologies may result in the ability to tackle cases which may have otherwise gone unresolved, although this is ultimately an empirical question that requires additional research.

In this manner, variations in the delegation of digital forensics duties may involve a significant choice for departments that can impact both the kinds of strategic investments the department must make to develop cybercrime investigative capabilities and prevent wastes of such investments. On one hand, training sworn personnel in digital forensics and related subjects beyond the essentials could yield better investigative outcomes at the risk of a loss of investment should an investigator take their skills elsewhere. On the other, providing minimal training and delegating responsibilities to other units or civilians may save money at the cost of while reducing unit effectiveness.

Task Forces and Resourcing

As indicated in this study, resourcing is a central problem confronting cybercrime units and investigators. One key strategy highlighted herein that many departments seem to rely upon is participation in task force programs. Such programs provide access to financial assets, hardware and software tools, and training opportunities. For smaller departments, such task force programs facilitate access to expertise and tools that might be housed at larger partner agencies. Such task forces are those are therefore a potentially vital policy initiative for promoting cybercrime investigations—especially as previous research has suggested that participation in task force programs, like the ICAC task force program, may increase involvement in child sexual exploitation and abuse cases, arrests for such offenses, and completion of digital forensics examinations (Marcum et al., 2010; Marcum & Higgins, 2011). Even when task forces are made available, however, some agencies may be reluctant to join because they may worry about inter-organizational politics or realizing a return on their investment (Nhan, 2010). In these situations, task force administrators or other relevant parties may need to convince these agencies of the benefits of such participation.

Despite the promise of such programs, the benefits of task force participation may not be evenly distributed among member agencies and the resources offered are finite. In other words, not everyone gets the resources they want or need. The ability to conduct cybercrime investigations requires access to proper training and tools—which is, of course, the case for all kinds of investigations (Braga et al., 2019; Brookman et al., 2019; Carter & Carter, 2016; Keel et al., 2009; Wellford et al., 2019). Such assets, however, seem particularly essential for successful cybercrime investigations. Furthermore, it was apparent in our research that not all task force programs allocated the same kinds of resources in similar volumes to participating agencies. For instance, while many participants expressed gratitude to the ICAC task force program in our study, some who also participated in the USSS Cyber Fraud program specifically noted how accommodating and generous this federal agency was in providing tools and training relative to ICAC. Others expressed concern regarding the resources made available by the Federal Bureau of Investigation (FBI)—that while they claimed the FBI might provide some assistance, they were thought likely to “steal” their more noteworthy cases. It is therefore necessary for researchers and policymakers to look further into ways to fund task force programs and to ensure their benefits are equitably and reasonably distributed.⁷

Conclusion

This analysis examined two significant ways in which cybercrime units in our study varied. The first is the differential distribution of digital forensics responsibilities. Five models were identified where digital forensics duties were assigned to the following personnel classifications: (a) sworn-only, (b) civilian-online, (c) both sworn and civilian, (d) outsource examinations to other departments, and (e) examinations are handled by a separate digital forensics lab. Second, this study considered the kinds of resource deficits confronting cybercrime investigators as described by participants, especially thoses pertaining to training, tools, and finances.

This study also identified two policy challenges for cybercrime investigations moving forward. The first is a need to carefully consider the delegation of digital forensics duties between sworn and civilian employees. For departments, it may be easier to use civilian employees rather than train sworn law enforcement to conduct forensic analyses. Hiring civilians also frees up sworn officers to focus on the legal aspects of their investigations. Relying on civilians may result in a lower loss of investment should civilians turnover to the private sector or another government agency. On the other hand, however, training sworn officers in digital forensics may make them more well-rounded investigators capable of grappling with the technical nuances of their cases, allowing them to more easily transcend the “low-hanging fruit” pursued by most cybercrime investigators (Jewkes & Andrews, 2005). The second policy consideration is more straightforward. There is a need to predictably provide sufficient resources for cybercrime investigations. The task force model has been an indispensable measure for allocating resources, but there remain challenges that need to be overcome.

As with any exploratory study, future research is needed before our findings are put into practice. For this reason, we conclude this analysis with a list of propositions derived from our results to be examined by scholars moving forward and to be considered as open questions before policymakers come to any firm conclusions based on our study. These propositions are presented in Table 3. As our study can only gesture toward possible outcomes derived from our analysis, many of these propositions specifically ask that subsequent research examines the potential consequences of inter-unit organizational variations. Relatedly, given that our results were based on the words of our participants and observations made over the course of our exploratory study, there is a pressing need for research which systematically quantifies and maps the organization of cybercrime policing and digital forensics in the United States and internationally. Such a comprehensive undertaking would be invaluable not only for our understanding of cybercrime investigations but also for understanding the distribution of challenges and deficits nationally—knowledge invaluable for policymakers when deciding where to allocate resources or develop interventions.

Table 3.

Propositions Regarding Variations Between Cybercrime Units and Their Outcomes.

Propositions
P₁: Tool and training deficits are primarily a problem of financial constraints.
P₂: Larger agencies are likely to have access to greater resources (finances, tools, and training).
P₃: Participation in cybercrime task force programs will increase access to resources (financial, tools, and training).
P₄: Larger agencies are more likely to have digital forensics analyses conducted in-house.
P₅: Larger agencies are more likely to employ civilian digital forensic analysts.
P₆: Larger agencies are more likely to invest in digital forensic training for sworn personnel.
P₇: Departments that invest greater proportions of their budgets to cybercrime investigations are more likely to conduct digital forensics analyses in house.
P₈: Departments that invest greater proportions of their budgets to cybercrime investigations are more likely to hire civilian digital forensics analysts.
P₉: Departments that invest greater proportions of their budgets are more likely to invest in digital forensic training for sworn personnel.
P₁₀: Departments that invest more in training sworn investigators in cybercrime and digital forensics are more likely to experience officer turnover.
P₁₁: Using civilian analysts will result in a lower aggregate loss of investment from turnover compared aggregated losses stemming from turnover of trained sworn personnel.
P₁₂: Greater investments in sworn personnel cybercrime and digital forensics training increases successful resolution of cybercrime cases.
P₁₃: Greater investments in sword personnel cybercrime and digital forensics training increase the willingness and capacity of such personnel to handle more technically complex and difficult cases.
P₁₄: Units that are tasked with providing digital forensics services for other investigators or units will have fewer successful cybercrime cases compared to those without such responsibilities.

Footnotes

Acknowledgements

The author thank our participants for their time and insights. Appreciation is also given to Lynn Demyan who did outstanding work transcribing recorded interviews.

Declaration of Conflicting Interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This work was supported by the National Science Foundation (Award No. 1916284).

ORCID iD

Kevin F. Steinmetz

Notes

Author Biographies

Kevin F. Steinmetz is a professor in the Department of Sociology, Anthropology, and Social Work at Kansas State University.

Brian P. Schaefer is an associate professor in the Department of Health Promotion and Behavioral Sciences at the University of Louisville.

Adrienne L. McCarthy is a doctoral candidate in the Department of Sociology, Anthropology, and Social Work at Kansas State University.

Christopher G. Brewer is an assistant professor in the Department of Criminal Justice Sciences at Illinois State University.

Don L. Kurtz is a professor and the department head of the Department of Sociology, Anthropology, and Social Work at Kansas State University.

References

Alderden

Skogan

W. G.

(2014). The place of civilians in policing. Policing: An International Journal of Police Strategies & Management, 37(2), 259–284.

Berg

B. L.

(2009). Qualitative research methods for the social sciences (7th ed.). Allyn & Bacon.

Bittner

(1967). The police on skid-row: A study of peace keeping. Ardent Media.

Boes

Leukfeldt

E. R.

(2016). Fighting cybercrime: A joint effort. In Clark

R. M.

Hakim

(Eds.), Cyber-physical security (pp. 185–203). Springer.

Bond

Tyrrell

(2018). Understanding revenge pornography: A national survey of police officers and staff in England and Wales. Journal of Interpersonal Violence, 36(5–6), 2166–2181.

Bossler

A. M.

Holt

T. J.

(2012). Patrol officers’ perceived role in responding to cybercrime. Policing: An International Journal of Police Strategies & Management, 35(1), 165–181.

Bossler

A. M.

Holt

T. J.

Cross

Burruss

G. W.

(2020). Policing fraud in England and Wales: Examining constables’ and sergeants’ online fraud preparedness. Security Journal, 33(2), 311–328.

Braga

A. A.

Turchan

Barao

(2019). The influence of investigative resources on homicide clearances. Journal of Quantitative Criminology, 35, 337–364.

Brants

Jackson

Wilson

T. J.

(2020). A comparative analysis of Anglo-Dutch approaches to “cyber policing”: Checks and balances fit for purpose? Journal of Criminal Law, 84(5), 451–473.

10.

Broadhurst

(2006). Developments in the global law enforcement of cyber-crime. Policing: An International Journal of Police Strategies & Management, 29(3), 408–433.

11.

Brookman

Maguire

E. R.

Maguire

(2019). What factors influence whether homicide cases are solved? Insights from qualitative research with detectives in Great Britain and the United States. Homicide Studies, 23(2), 145–174.

12.

Burruss

Howell

C. J.

Bossler

Holt

T. J.

(2019). Self-perceptions of English and Welsh constables and sergeants preparedness for online crime: A latent class analysis. Policing: An International Journal of Police Strategies & Management, 43(1), 105–119.

13.

Button

Cross

(2017). Cyber frauds, scams and their victims. Routledge.

14.

Carter

D. L.

Carter

J. G.

(2016). Effective police homicide investigations: Evidence from seven cities with high clearance rates. Homicide Studies, 20, 150–176.

15.

Corbin

Strauss

(1990). Grounded theory research: Procedures, canons, and evaluative criteria. Qualitative Sociology, 13(1), 3–21.

16.

Corsianos

(2003). Discretion in detectives’ decision making and “high profile” cases. Police Practice and Research, 4(3), 301–314.

17.

Crank

J. P.

Langworthy

(1992). An institutional perspective on policing. Journal of Criminal Law & Criminology, 83(2), 338–363.

18.

Cross

(2020). “Oh we can’t actually do anything about that”: The problematic nature of jurisdiction for online fraud victims. Criminology & Criminal Justice, 20(3), 358–375.

19.

De Paoli

Johnstone

Coull

Ferguson

Sinclair

Tomkins

Brown

Martin

. (2021). A qualitative exploratory study of the knowledge, forensic, and legal challenges from the perspective of police cybercrime specialists. Policing: An International Journal of Police Strategies & Management, 15(2), 1429–1445.

20.

Dodge

Spencer

Ricciardelli

Ballucci

(2019). “This isn’t your father’s police force”: Digital evidence in sexual assault investigations. Australian and New Zealand Journal of Criminology, 52(4), 499–515.

21.

Ericson

R. B.

(1981). Making crime: A study of detective work. Butterworths.

22.

Glaser

B. G.

Strauss

A. L.

(1967). The discovery of grounded theory: Strategies for qualitative research. Aldine Publishing.

23.

Greenwood

P. W.

Chaiken

J. M.

Petersilia

Prusoff

Castro

R. P.

Kellen

Wildhorn

(1975). The criminal investigation process, volume III: Observations and analysis. RAND Corporation.

24.

Hadlington

Lumsden

Black

Ferra

(2021). A qualitative exploration of police officers’ experiences, challenges, and perceptions of cybercrime. Policing: A Journal of Policy and Practice, 15(1), 34–43.

25.

Harkin

Whelan

(2022). Perceptions of police training needs in cyber-crime. International Journal of Police Science, 24(1), 66–76.

26.

Harkin

Whelan

Chang

(2018). The challenges facing specialist police cyber-crime units: An empirical analysis. Police Practice and Research, 19(6), 519–536.

27.

Hassell

K. D.

Zhao

Maguire

E. R.

(2003). Structural arrangements in large municipal police organizations: Revisiting Wilson’s theory of local political culture. Policing: An International Journal of Police Strategies & Management, 26(2), 231–250.

28.

Hawk

S. R.

Dabney

(2014). Are all cases treated equal? Using Goffman’s frame analysis to understand how detectives orient to their work. The British Journal of Criminology, 54(6), 1129–1147.

29.

Holstein

J. A.

Gubrium

J. F.

(1995). The active interview. Sage.

30.

Hinduja

(2004). Perceptions of local and state law enforcement concerning the role of computer crime investigative teams. Policing: An International Journal of Police Strategies & Management, 27, 341–357.

31.

Holt

T. J.

Blevins

K. R.

(2011). Examining job stress and satisfaction among digital forensic examiners. Journal of Contemporary Criminal Justice, 27(2), 230–250.

32.

Holt

T. J.

Blevins

K. R.

Burruss

G. W.

(2012). Examining the stress, satisfaction, and experiences of computer crime examiners. Journal of Crime and Justice, 35(1), 35–52.

33.

Holt

T. J.

Blevins

K. R.

Smith

R. W.

(2017). Examining the impact of organizational and individual characteristics on forensic scientists’ job stress and satisfaction. Journal of Crime and Justice, 40(1), 34–49.

34.

Holt

T. J.

Bossler

A. M.

(2012a). Police perceptions of computer crimes in two southeastern cities: An examination from the viewpoint of patrol officers. American Journal of Criminal Justice, 37, 396–412.

35.

Holt

T. J.

Bossler

A. M.

(2012b). Predictors of patrol officer interest in cybercrime training and investigation in selected United States police departments. Cyberpsychology, Behavior, and Social Networking, 15(9), 464–472.

36.

Holt

T. J.

Bossler

A. M.

Fitzgerald

(2010). Examining state and local law enforcement perceptions of computer crime. In Holt

T. J.

(Ed.), Crime on-line: Correlates, causes, and context (pp. 221–246). Carolina Academic Press.

37.

Holt

T. J.

Burruss

G. W.

Bossler

A. M.

(2015). Policing cybercrime and cyberterror. Carolina Academic Press.

38.

Holt

T. J.

Burruss

G. W.

Bossler

A. M.

(2019). An examination of English and Welsh constables’ perceptions of the seriousness and frequency of online incidents. Policing and Society: An International Journal of Research and Policy, 29(8), 906–921.

39.

Holt

T. J.

Cale

Leclerc

Drew

(2020). Assessing the challenges affecting the investigative methods to combat online child exploitation material offenses. Aggression and Violent Behavior, 55, 101464.

40.

Holt

T. J.

Lee

J. R.

Liggett

Holt

K. M.

Bossler

A. M.

(2019). Examining perceptions of online harassment among constables in England and Wales. International Journal of Cybersecurity Intelligence and Cybercrime, 2(1), 24–39.

41.

Hyland

S. S.

Davis

(2019). Local police departments 2016: Personnel (Report No. NCJ 252835). Bureau of Justice Statistics. https://bjs.ojp.gov/content/pub/pdf/lpd16p.pdf

42.

Innes

(2002). The “process of structures” of police homicide investigations. The British Journal of Criminology, 42(4), 669–688.

43.

Jewkes

Andrews

(2005). Policing the filth: The problems of investigating online child pornography in England and Wales. Policing and Society, 15(1), 42–62.

44.

Jewkes

Yar

(2008). Policing cybercrime. In Newburn

(Ed.), Handbook of policing (pp. 580–605). Willan.

45.

Keel

T. G.

Jarvis

J. P.

Muirhead

Y. E.

(2009). An exploratory analysis of factors affecting homicide investigations. Homicide Studies, 13, 50–68.

46.

Lee

J. R.

Holt

T. J.

Burruss

G. W.

Bossler

A. M.

(2021). Examining English and Welsh detectives’ views of online crime. International Criminal Justice Review, 31(1), 20–39.

47.

Loveday

Jung

(2021). A current and future challenge to contemporary policing: The changing profile of crime and the police response. Examples of policing fraud in two jurisdictions: England and Wales and South Korea. Policing: A Journal of Police and Practice, 15(3), 1633–1650.

48.

Lum

Wellford

Scott

Vovak

Scherer

(2018). Identifying effective investigative practices: A national study using trajectory analysis, case studies, and investigative data [Final report]. The Laura and John Arnold Foundation.

49.

Maguire

E. R.

(1997). Structural change in large municipal police organizations during the community policing era. Justice Quarterly, 14(3), 546–576.

50.

Maguire

E. R.

(2003). Organizational structure in American police agencies: Context, complexity, and control. SUNY Press.

51.

Maguire

E. R.

(2009). Police organizational structure and child sexual abuse case attrition. Policing: An International Journal of Police Strategies & Management, 32(1), 157–179.

52.

Maguire

E. R.

King

W. R.

(2020). The changing landscape of American police organizations. In Schafer

J. A.

(Ed.), Policing 2020: Exploring the future of crime, communities, and policing (pp. 337–371). https://mediaweb.saintleo.edu/courses/CRJ570/Policing2020_Schafer.pdf

53.

Marcum

C. D.

Higgins

G. E.

(2011). Combating child exploitation online: Predictors of successful ICAC task forces. Policing: A Journal of Policy and Practice, 5(4), 310–316.

54.

Marcum

C. D.

Higgins

C. E.

Freiburger

T. L.

Ricketts

M. L.

(2010). Policing possession of child pornography online: Investigating the training and resources dedicated to the investigation of cybercrime. International Journal of Police Science & Management, 12(4), 516–525.

55.

McCluskey

J. D.

Cancino

J. M.

Tillyer

M. S.

Tillyer

(2014). Does organizational structure matter? Investigation centralization, case clearances, and robberies. Police Quarterly, 17(3), 250–275.

56.

Nhan

(2010). Policing cyberspace: A structural and cultural analysis. LFB Scholarly Publishing.

57.

Nhan

Huey

(2013). “We don’t have these laser beams and stuff like that”: Police investigations as low-tech work in a high-tech world. In Leman-Langlois

(Ed.), Technocrime, policing, and surveillance (pp. 79–90). Routledge.

58.

Nowacki

Willits

(2020). An organizational approach to understanding police response to cybercrime. Policing: An International Journal, 43(1), 63–76.

59.

Paoline

E. A.

III . (2003). Taking stock: Toward a richer understanding of police culture. Journal of Criminal Justice, 31(3), 199–214.

60.

Prince

Lum

Koper

C. S.

(2021). Effective police investigative practices: An evidence-assessment of the research. Policing: An International Journal, 44(4), 683–707.

61.

Reaves

B. A.

(2015). Local police departments, 2013: Personnel, policies, and practices (Report no. NCJ 248677). Bureau of Justice Statistics. https://bjs.ojp.gov/content/pub/pdf/lpd13ppp.pdf

62.

Sanders

W. B.

(1977). Detective work: A study of criminal investigations. Free Press.

63.

Skogan

W. G.

Alderden

M. A.

(2011). Job satisfaction among civilians in policing. National Police Research Platform. https://www.ojp.gov/pdffiles1/nij/grants/235604.pdf

64.

Steinmetz

K. F.

Schaefer

B. P.

Brewer

Kurtz

D. L.

(2023). The role of computer technologies in structuring evidence gathering in cybercrime investigations: A qualitative analysis. Criminal Justice Review. Advance online publication. https://doi.org/10.1177/07340168231161091

65.

Vincze

E. A.

(2016). Challenges in digital forensics. Police Practice and Research, 17(2), 183–194.

66.

Wall

D. S.

(2007). Policing cybercrimes: Situating the public police in networks of security within cyberspace. Police Practice and Research, 2, 183–205.

67.

Warren

C. A. B.

(2002). Qualitative interviewing. In Gubrium

J. F.

Holstein

J. A.

(Eds.), Handbook of interview research: Context & method (pp. 83–101). Sage.

68.

Watson

Huey

(2020). Technology as a source of complexity and challenge for Special Victims Unit (SVU) investigators. International Journal of Police Science & Management, 22(4), 419–427.

69.

Wellford

C. F.

Lum

Scott

Vovak

Scherer

J. A.

(2019). Clearing homicides: Role of organizational case, and investigative dimensions. Criminology & Public Policy, 18, 553–600.

70.

Whelan

Harkin

(2021). Civilianising specialist units: Reflections on the policing of cybercrime. Criminology & Criminal Justice, 21(4), 529–546.

71.

Willits

Nowacki

(2016). The use of specialized cybercrime policing units: An organizational analysis. Criminal Justice Studies, 29(2), 105–124.

72.

Wilson-Kovacs

Rappert

Redfern

(2022). Dirty work? Policing online indecency in digital forensics. The British Journal of Criminology, 62, 106–123.