CyberConcerns (2010) lists some possible crimes that may occur on IRC such as: “

IRC is the Internet Relay Chat. It is a very useful synchronous electronic media for socializing, technical support and some forms of pedagogy, among other things. It can also be quite useful for criminal activity. IRC is a difficult technology to audit and eavesdrop. If organized crime is using it for command and control functions it isn't easy to detect this, nonetheless do anything about it given its distributed nature and potential for direct connections. While hackers can be an annoyance and black-hats may eventually cause a infrastructure disaster eavesdropping as much as possible is probably the most useful technique to combat them with IRC as of yet. In the case of pedophiles and cyber stalking however, it is urgent that as much data as possible be collected and authenticated as quickly as possible to develop actionable items and avert further victim suffering. So, while Casey warns us that investigation can be a challenge because “IRC is made up of separate networks such as Undernet, DALnet, Efnet, and IRCnet and no single organization controls all of them” and “each subnet is simply a server, or combination of servers, run by a different group of people”, he also points out that “if a particular IRC channel is of interest, it can be fruitful to use an automated program that continuously monitors activity in that channel“ and gives a case study of a successful investigation that leveraged said monitoring (2004, 18.7). These aspects are particularly interesting considering that “the Supreme Court has repeatedly held that the Fourth Amendment is not violated when information revealed to a third party is disclosed by the third party to the government, regardless of any subjective expectation that the third parties will keep the information confidential” (Jarrett et al, 2009, p8).

Like all synchronous electronic chat media IRC presents challenges to a forensic investigator. But it is quite possible, via logging, sniffing, undercover identities and other procedures, to meet these challenges and acquire and even sometimes authenticate, data from these sources. If criminals continue to use them in and in reference to their crimes then they will remain valuable to investigators.

Casey, E. (2004) Digital Evidence and Computer Crime – Forensic Science, Computers and the Internet, 2nd edition. London: Academic Press

CyberConcerns (2010) Internet Relay Chat Crime [Online]. Available from: (Accessed: 16 July, 2010)

Jarrett, H.J., Bailie, M.W., Hagen, E. & Judish, N. (2009) Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations [Online]. Available from: (Accessed: 15 June, 2010)