Criminal profiling has been used by crime investigators for centuries. It gained world wide attention after being used in England in Jack the Ripper case. Diamon A. Muller (2000) describes criminal profiling as a process “designed to generate information on a perpetrator of a crime, usually a serial offender, through an analysis of the crime scene left by the perpetrator” allowing law enforcement agencies to better utilize limited resources. Criminal profiling has two distinct approaches: inductive and deductive analysis (Rogers M. 2003). The inductive approach relies on the statistical analysis of behaviour patterns from previously convicted offenders while deductive focuses on the case specific evidence. One of the examples of criminal profiling methodologies is “diagnostic evaluation (DE), crime scene analysis (CSA), and investigative psychology (IP)” (Diamon A. Muller, 2000).
There are two contradicting points of view on criminal profiling; some claim it is an art while others claim it is a science similar to criminology and psychology. Moreover, as oppose to criminology or physiology, human lives may be depended on accuracy of criminal profiling: “if a profile of an offender is wrong or even slightly inadequate police maybe misled allowing the offender to escape detection for a little while longer—and innocent people may be dead as a result.” (Diamon A. Muller, 2000). As a result, many law enforcement agencies are still evaluating the adoption of criminal profiling.
Since digital forensic investigation is in essence crime investigation, that has similar investigation phases (acquisition of evidence, authentication, analysis and reporting/presentation), criminal profiling can be used as well to predict offenders behaviour. Just like in the traditional crime investigation, “digital” offenders have motives, different skill levels and tools. Regardless on the profiling methodology (inductive or deductive), the results of criminal profiling can greatly aid digital forensic investigation.
“The network evidence acquisition process often results in a large amount of data” (Laureate Online Education B.V. 2009) and the results of criminal profiling can help the investigator conduct a more specific keyword search, focus of specific area (i.e. allocated and unallocated space) and geographical location (IP addresses). Moreover, the profiling information can pinpoint supporting or corroborating evidence such as IRC chat channels, FTP sites, underground forums and newsgroups (Rogers, M 2003).
Just like traditional criminals, “digital” offenders have weaknesses that could be used when interviewing/interrelating suspects or witnesses. Although the interview process itself could be completely different from what we traditionally understand as “interview” (i.e. IRC chat rooms, forums, mailing lists, etc.), Rogers M. notes that “individuals who engage in deviant computer behaviour share some common personality traits, and given the proper encouragement, show a willingness to discuss and brag about their exploits” (Rogers, M 2003).
- DAMON A. MULLER 2000, “Criminal Profiling: Real Science
or Just Wishful Thinking?” [online], HOMICIDE STUDIES, Vol. 4
No. 3, August 2000 234-264. Sage Publications, Inc. Available from:
(accessed: July 7, 2011).
- Laureate Online Education B.V. 2009, “Computer Forensics
Seminar for Week 6: Network Forensics I”, Laureate Online
- Rogers, M 2003, 'The role of criminal profiling in the
computer forensics process', Computers & Security, May,
Business Source Premier, EBSCOhost, viewed 7 July 2011.