A cyber-crime investigation framework
Section snippets
The expanding crime scene
Although that there are commonalities between a cyber and a physical crime scene, there are also significant differences [3], making the topic of cyber-crime an important area of research. This has been acknowledged by European governmental agencies, see for example the UK's Parliamentary Office of Science and Technology Report [10]. The main difference is that the boundaries of a digital crime scene are not clearly outlined and the crime scene area may extend beyond a room, a city, a country,
The SST framework
Human beings have no difficulty in keeping contradictory understandings in mind whilst considering resolutions in everyday life - whether complementary, alternative or incompatible. However, traditional logic upon which e.g. decision support system and smart software are built does not reflect this human capacity. Such logic has difficulty in dealing with the maintenance of underlying contradictions as valid parts of resolutions [8].
The SST framework [1], [8] represents a systematic attempt to
Representation of the SST methodology
Traditional probability theory is handicapped in the sense that it cannot capture and represent events in an uncertain domain. That is, probabilistic analysis requires that the probability distributions are known for all events. This limitation was initially addressed by Dempster [5] and further refined by Shafer [11]. According to the Dempster Shafer mathematical theory of evidence (DST), classical probability is extended in such a way that events can be described at a higher level of
Conclusions and areas for future research
An approach by which information sharing and evidence consolidation can be performed by expert investigators for investigating cyber-crime is introduced. The approach adopted elements of the Strategic Systems Thinking framework which were formally developed under DST.
The purpose of this paper is to introduce the aforementioned concepts in the cyber-crime investigations domain and the suitability of the underlying tools is studied. Therefore a generic cyber-crime investigation framework is
References (15)
Unification of digital evidence from disparate sources (Digital Evidence Bags)
Digital Investigation
(2005)On the Dempster–Shafer framework and new combination rules
Information Sciences
(1987)A contextual integration of individual and organizational learning perspectives as part of IS analysis
Informing Science
(2000)- et al.
Information, Systems and Information Systems
(1998) - et al.
An overview of electronic attacks
- et al.
ASKARI: a crime text mining approach, in digital crime and forensic scienc
Upper and lower probabilities induced by a multivalued mapping
Annals of Statistics
(1967)
Cited by (28)
A systematic review of cyber-resilience assessment frameworks
2020, Computers and SecurityCitation Excerpt :This was closely followed the same year by a research group from the University of Virginia which proposed a model to manage the cyber-security of intellectual property Andrijcic and Horowitz (2006). The earliest European publication found in the sample is an article from 2008 by a collaboration between the University of Lund in Sweden, and the University of Portsmouth in England, presenting a framework for the investigation of cyber-crime Katos and Bednar (2008). The earliest article found about the proposal of a CRF is from 2011, when a collaboration between Carnegie Mellon University and the University of Virginia published research about modeling of cyber-intrusions to cyber-infrastructure in order to increase cyber-resilience Chittister and Haimes (2011).
Standard operating procedures for cybercrime investigations: a systematic literature review
2019, Emerging Cyber Threats and Cognitive VulnerabilitiesLow self-control and cybercrime: Exploring the utility of the general theory of crime beyond digital piracy
2014, Computers in Human BehaviorCitation Excerpt :The second generation of cybercrime uses networks and is considered hybrid crime. In other words, it is criminality that is already in existence but has expanded and adapted through the use of the Internet (Katos & Bednar, 2008; Wall, 2010). Hacking and cracking are common forms of this generation, as they were a product of early “phone phreakers” who stole free long distance service from telephone companies.
The effect of cybercrime on open innovation policies in technology firms
2019, Information Technology and PeopleCybercrimes via Virtual Currencies in International Business
2019, Digital Currency: Breakthroughs in Research and Practice