In pursuit of the cyber-crime offender an investigator often falls short of track due to various exigencies. Tracking of the cyber offender requires extraneous skill of an investigator nonetheless he should be a criminal investigator clubbed with information technology expert having knowledge of law, forensics and many more.   As technology is developing, illegal activities are also undergoing drastic changes. However to trace the digital footprints of the deviant subject a specialized, cohesive and idiographic approach has to be undertaken by the investigator.  One of the basic approaches the cyber investigator has to avail is to profile the cybercrime and criminal. Cybercrime profiling insinuates a framework to analyze, identify, monitor and prosecute the offenders. This technique involves extensive data profiling of various individuals and institutional deviant behaviors. It helps in categorization of the criminal activities based on the modus operandi of the deviants as well as the classes and strata of victims.


Security of a nation today is not just confined to building of forts or guarding of borders but it also involves securing cyber space with firewalls and other cyber security measures and strategies. Most of the activities today gets linked to internet, be it finding a simple answer to a question or making purchases or conducting banking and business transactions. The ease provided by the technology is such that it provides comfort and completes the process with click of buttons. But the easy and economical access to the internet has also led the deviant to misuse the information technology since cyber space lacks geographical limits and extends the benefits of anonymity which in fact is the greatest shield for such wrong doers. The creation of pseudo identities in the cyber world provides for the greater anonymity for the cyber criminals.

Rise in cyber-crime cases has baffled the investigation agencies as the perpetrators of such crimes constantly develop or use developed and novel techniques of operations to commit cyber-crimes.  It is essential to understand that there is an extensive difference between the operandi in traditional crimes and technological crimes. In traditional crimes, the tracing of the criminal is relatively easier as a criminal may leave physical traces of evidence in the crime scene and aftermath too.  While in the technological form of cyber-crime, the presence of the offender is remote from the scene of crime. Many times victim will not even be aware of the identification of the offender. Cyber criminals in an unknown dingy premise having access to powerful internet technology can create havoc affecting corporations, countries or even common people. They can even take control of individual computer systems and use them for illegal activities including for malice including for ransom, cheating, etc. Internet provides an ‘iron curtain’ for such offender, behind which he can hide and commit the offence victimizing any or every from any part of the world.  Due to the differences between the municipal laws and international laws a cyber-offender might go untraced and the case uninvestigated and un-prosecuted.


Law enforcement agencies all over the world are struggling to understand the activities of the cyber offenders and trying to bring effective mechanism to control their attacks. Their tasks in relation to crime regulation can be classified broadly into two fold, namely, crime prevention and crime detection. Crime prevention requires suitable environment created for the law enforcement agencies so that they are prepared to counter attempts of the deviants and snub their activities before it causes any damage.   However since cyber technology is fastly changing at a very high speed, such preparedness may lack real impact.

Due to lack of appropriate training and in sufficient understanding of advanced technological developments, the crime prevention strategies might be fail at times. Further, the phase of the crime detection and bringing offenders to prosecution is often a staggering task also due the complications in relation to cyber space jurisdiction which becomes a major barrier for criminal procedure. Tracing the cyber-criminal especially the one who uses cloud computing, remotely accessing systems with internet facility that links them with multiple countries makes it highly difficult to trace the parties involved in the criminal transaction or activity and to gather evidence in this regard. Even if the offender is traced and is found to be in or from a foreign country with which our country lacks any mutual agreement or other coordination arrangements including extradition agreements, it becomes difficult to formally procure evidences from such country and procure appearance of such offender.

Judicial bodies may also at times be ill-equipped to understand the nuances and technicality of the cyber-crimes. So if cyber-crimes are treated procedurally like any conventional crimes, the case might suffer and can affect successful prosecution. Even today number of convictions in relation to cyber-crime cases are very less across the country.


The idea that an individual committing crime in cyberspace can fit a certain outline (a profile) may seem farfetched, but evidence suggests that certain distinguishing characteristics do regularly exist in cyber criminals.[1] Criminal profiling is usually used as an investigation support tool to provide a possible psychological and behavioral profile of an offender.  Cyber-crime profiling is the use of conventional criminal profiling method, in the cybercrime field. Cyber-crime profiling can be defined as “the investigation, analysis, assessment and reconstruction of data from a behavioral or psychological perspective extracted from computer systems, networks and the humans committing the crimes.”[2]

Profiling of criminals has been used for a number of years to identify criminal types from specific crimes.[3] Profiling a Cyber offender is both valuable as well as imminent for successful regulation of cyber-crimes. Identifying a range of characteristics such as motivation to commit such offence, identity, behavior, skills and knowledge of such offender, resources and access used by such offender for commission can be useful information for profiling a cyber-offender. Extending this approach for cyber-crime offender detection with integration of unique features, specific to this form of crime might help in better regulation of cyber-crimes. For example – knowing the motivation of unethical hackers may help the investigators to understand the behavior of such criminals and this can help not law the law enforcement agencies but can also be a means to ensure network protection of the country and institutions. It can also help in creating a secured cyber space ecosystem, having an assured framework.

Cybercrime profiling may be used to get insights into an offender’s profiling by establishing link between forensic clinical practitioners and law enforcement agencies.  A clinical psychologist can also use his skill to predict an offender’s behavior by linking it to unresolved crimes. He can by collaborating with the investigating agencies advise them on investigation tactics, thereby contributing to the development of a better eco-system of and framework for crime detection. Profiling analysis of the offenders can also be used along with computer forensics. This can also be used to provide information to businesses so as to enhance their cyber security procedure.

Cyber-crime profiling can be used to make analysis of data relating to the cyber offenders. Examination of the cyber offender’s behavioral pattern can help the law enforcement agencies to have a far reaching capability in crime prevention as well as detection.  Further, courts can also make use of such analysis in understanding the modus operandi of cyber offenders thereby resulting in appropriate conclusion of such cases.

In India unfortunately cyber-crime profiling is done in a routine manner. So is also the case with conventional crimes.  With regard to its formal usage, Indian investigating agencies are far behind in using this approach, compared to their counterparts abroad. The development and structural usage of cybercrime profiling has received considerable focus though researches made worldwide. As cybercrime is increasing, professional help of psychologists, sociologists and criminologists have become necessary to construct reliable profiles of hackers and other cyber criminals as to boost the defensive strategies.[4] A new strategy- the idiographic approach, is off recently receiving importance. The idiographic approach assist in examining a particular subject’s digital foot prints for immediate use in an ongoing investigation. It provides a frame work for investigators to analyze digital behavioral evidence for the purpose of case planning, subject identification, lead generation and prosecuting offenders[5]. An integrated system of two fields, that is, information security and criminal investigation provides for an enhanced analysis procedure known as Criminal Investigation Analysis[6].  Large number of cyber-crimes shows a link between victims and the offenders. Relationship between a person’s online behavior and computer victimization requires detailed analysis which can be done through cyber-crime profiling process.

Cyber-crime profiling can involve data mining techniques [generally] used in customer relationship management as a tool for knowledge acquisition of cyber-crime events[7]. Cyber-crime offenders, organized gangs and their presence on social networking sites must be studied and analyzed by the investigation agencies. Keyword searches are essential tool to detect criminal organizations in the social networking sites. [8] This approach can be used to regulate crimes in relation to illegal contents that’s committed over cyber space, such as pornography, etc.

The behavioral evidence analysis methodology in cyber profiling helps the digital investigation process[9].  Special attention must however be given to the legal and ethical considerations that arise from the automatic collection of data online, since it raises issues of privacy and confidentiality. These data if are in form of personally identifiable data or sensitive personal data, they must be anonymised and used.  The automated collection of internet driven data is an exciting development wherein law enforcement agencies by collecting data create crawlers to detect cybercrimes[10].

Cyber-crime countering measure to be more effective requires a robust frame work of profiling the cyber criminals and their modus operandi. Currently the investigation technique adopted is traditional with lack of technical knowledge. It disregards the necessities of the today technological aid an offender might take or technical aspects such case’s evidence might require. The State must look into novel dimensions of technological developments and assess its impact on criminal activities. Technical advancement can also be used as tool for crime regulation. It is thus important to develop a strategy integrated with proper cyber-crime profiling mechanism. Law enforcement agencies must use such strategy to prevent crime as well as to investigate crimes.

Development of a data base of modus of the cyber criminals might add to the capacity building of law enforcement agencies. It is important to note that in cybercrime profiling, identity resolution of the cyber offender plays a pivotal role in assisting the State in tracking cyber criminals. Identification resolution is efficient when the perpetrator has used online services for committing offences such as phishing or spear phishing since he would have left online traces which can be collected and profiled.  So, if he uses the same modus for the subsequent offence, the investigator can trace him with the help of such profile. For other kinds of cyber offences with the use of phones as well as internet technology, like Vishing, if the money is syphoned off from the victim’s bank accounts, it might become difficult to trace the offenders especially if they have used fake phone numbers and money mules while transferring of the booty. Hence, if there is a constant monitoring, tracking and profiling of the activities of the perpetrators of crime and their usually targeted class of victims, then the investigator can try to envisage the future acts of such offenders and protect the potential victims as well as trace such offenders. Thus there be not just an efficient investigation but there can also effective detective and preventive strategies that such investigator can plan.

Institutionalization of cyber-crime and criminal profiling can lead to a robust mechanism for an effective criminal investigation and prosecution agencies. To illustrate, in the infamous Silk Road case wherein darknet was used by consumers to sell and buy drugs and similar contrabands, the FBI after conducting extensive research on profiling was able to arrest Ross Ulbricht, the chief operator of the site. FBI also seized $3.6 million of funds from escrow account.[11]  Effective tracing of potential cyber criminals requires appropriate usage of search engines, specific phrases and images of the suspicious contrabands and terms and also a well-designed profiling done based on such information gathered.


Currently Indian criminal laws including cyber laws do not expressly provide for legal recognition of profiling of crimes or criminals. Section 53 and 54 of the Criminal Procedure Code only provides for collection of physical evidences including those collected through medical examination or evidences from DNA profiling. Similar medical examination can also be conducted on a rape accused under section 53A of Criminal Procedure Code. These provisions however does not help in profiling a cyber-criminal where digital foot prints, digital evidence and other digital traces are involved. It is important to also note that section 53, 53A and 54 only empowers the authorities to collect such evidences specifically for a case under investigation and does not provide for maintaining such evidences or its record to be used for future cases.

With regard to cyber-crime profiling, currently there is no law nor any attempts done to research on this domain. Though the Information Technology Act of 2000 regulates cyber-crimes by way of providing criminal liability and at times civil liability and also contains provisions which provides for investigation of cyber-crimes, it has no provision to provide for profiling of offenders. However recently the Ministry of Home Affairs launched the National Database on Sexual Offenders (NDSO) which is the central database of sexual offenders in India. It is maintained by the NCRB and is allowed to be used only by law enforcement agency who can access it through the Inter-operable Criminal Justice System (ICJS). [12] However criminal profiling is not just data base about the offenders. It must involve comprehensive assessment of criminals and their crime, including most importantly their criminal activities and crime related behavior data.


In India, a well-designed cyber-crime profiling mechanism is the need of the day. It must be framed keeping in mind the current Indian legal framework so as ensure its legal validity. Criminal procedure code along with Indian Information Technology Act provides for procedural provisions in relation to cyber-crime investigation, inquiry and trail but it lacks provisions to provide for and make use of cyber-crime profiling. On the other hand, such profiling mechanism must involve in it technical safeguards since it’s all about regulation of a crime which is technical in nature or has technical evidence involved in form of electronic evidences or evidences from clouds, systems and other electronic devices. It is important to develop a national level cyber profiling system with process, structures and mechanism inbuilt therein so as to create a suitable data base. This cyber-crime profiling database can enable effective countering approaches so as to trace potential cyber security threats as well as procure timely information which can be shared with law enforcement agencies.

This Article has been written by Dr. Nagarathna. A. working as an Associate Professor of Law & Chief Coordinator, Advanced Centre on Research, Development and Training in Cyber Law and Forensics, National Law School of India University Bengaluru and Mr. Sachidananda. K., Lawyer and Cyber Law Consultant, Bengaluru.


[1] Hemamali Tennakoon, The need for a comprehensive methodology for profiling cyber-criminals, Quoting Nykodym et al. (2005), available at, last accessed on 13th July 2020.

[2]  R. Shaw, A.S. Atkins (2007), Conceptual Analysis of Cybercrime Events in Profiling Business Attacks, IADIS International Conference e-Society 2007, at:

[3] Turvey, B.E. (1999), “Criminal Profiling: an introduction to Behavioural Evidence analysis.” London: Academic Press.

[4] Saroha, Rashmi, “Profiling a Cyber Criminal,” International Journal of Information and Computation Technology. Vol 4, No 3 (2014), pp. 253-258, http://www. /ijict.htm.

[5] Steel, M. Chad, “Idiographic Digital Profiling: Behavioral Analysis Based on Digital Forensics”, Journal of Digital Forensics, Security and Law, Vol. 9(1) DOI: https//doi/org/10.15394/jd/s/2014.1160.

[6] Bongardt, Steven’ A Forensic Examiner”, Springfield Vol.19 Iss 3 (Fall 2010):20-25

[7] R. Shaw, A.S. Atkins (2007), Conceptual Analysis of Cybercrime Events in Profiling Business Attacks, IADIS International Conference e-Society 2007, at:

[8] Décary-Hétu David & Morselli, Carlo, (2011), Gang Presence in Social Network Sites, International Journal of Cyber Criminology, July- December 2011, Vol. 5 (2), 876-890.

[9] Silde, Alice & Dr Angelopoulou, Olga, (2014), A Digital Forensics Profiling Methodology for the Cyber stalker, International Conference on Intelligent Networking and Collaborative Systems, 2014 IEEE, ttps://

[10] Décary-Hétu David & Aldridge Judith, (2015), Sifting through the Net: Monitoring of Online Offenders by Researchers, The European Review of Organised Crime, 2(2) 2015, 122-141.

[11] See: Wesley Lacson & Beata Jones, The 21st Century DarkNet Market: Lessons from the Fall of Silk Road, International Journal of Cyber Criminology Vol 10 Issue 1 January – June 2016, available at, last visited on 14th July 2020.

[12], last accessed on 14 July 2020.


Leave a Reply

Your email address will not be published. Required fields are marked *