The police have started to use malware—and other forms of government hacking—to solve crimes. Some fear coming abuses—the widespread use of malware when traditional investigative techniques would work just as well or to investigate political opponents or dissident speakers. This Article argues that these abuses will be checked, at least in part, by the very nature of malware and the way it must be controlled. This analysis utilizes a previously unformalized research methodology called “investigative dynamics” to come to these conclusions. Because every use of malware risks spoiling the tool—by revealing a software vulnerability that can be patched—the police will always encounter constraints and disincentives to widespread and unchecked use. These constraints will operate much like so-called legislative “superwarrant” requirements, which some have urged Congress to enact for malware. The investigative dynamics of malware suggest that Congress could follow this advice without disrupting police conduct in any significant measure.