A cyber-crime investigation framework

https://doi.org/10.1016/j.csi.2007.10.003Get rights and content

Abstract

Epistemic uncertainty is an unavoidable attribute which is present in criminal investigations and could affect negatively the effectiveness of the process. A cyber-crime investigation involves a potentially large number of individuals and groups who need to communicate, share and make decisions across many levels and boundaries. This paper presents an approach adopting elements of the Strategic Systems Thinking Framework (SST) by which conflicting information due to the unavoidable uncertainty can be captured and processed, in support of the investigation process. A formal description of this approach is proposed as a basis for developing a cyber-crime investigation support system.

Section snippets

The expanding crime scene

Although that there are commonalities between a cyber and a physical crime scene, there are also significant differences [3], making the topic of cyber-crime an important area of research. This has been acknowledged by European governmental agencies, see for example the UK's Parliamentary Office of Science and Technology Report [10]. The main difference is that the boundaries of a digital crime scene are not clearly outlined and the crime scene area may extend beyond a room, a city, a country,

The SST framework

Human beings have no difficulty in keeping contradictory understandings in mind whilst considering resolutions in everyday life - whether complementary, alternative or incompatible. However, traditional logic upon which e.g. decision support system and smart software are built does not reflect this human capacity. Such logic has difficulty in dealing with the maintenance of underlying contradictions as valid parts of resolutions [8].

The SST framework [1], [8] represents a systematic attempt to

Representation of the SST methodology

Traditional probability theory is handicapped in the sense that it cannot capture and represent events in an uncertain domain. That is, probabilistic analysis requires that the probability distributions are known for all events. This limitation was initially addressed by Dempster [5] and further refined by Shafer [11]. According to the Dempster Shafer mathematical theory of evidence (DST), classical probability is extended in such a way that events can be described at a higher level of

Conclusions and areas for future research

An approach by which information sharing and evidence consolidation can be performed by expert investigators for investigating cyber-crime is introduced. The approach adopted elements of the Strategic Systems Thinking framework which were formally developed under DST.

The purpose of this paper is to introduce the aforementioned concepts in the cyber-crime investigations domain and the suitability of the underlying tools is studied. Therefore a generic cyber-crime investigation framework is

References (15)

There are more references available in the full text version of this article.

Cited by (28)

  • A systematic review of cyber-resilience assessment frameworks

    2020, Computers and Security
    Citation Excerpt :

    This was closely followed the same year by a research group from the University of Virginia which proposed a model to manage the cyber-security of intellectual property Andrijcic and Horowitz (2006). The earliest European publication found in the sample is an article from 2008 by a collaboration between the University of Lund in Sweden, and the University of Portsmouth in England, presenting a framework for the investigation of cyber-crime Katos and Bednar (2008). The earliest article found about the proposal of a CRF is from 2011, when a collaboration between Carnegie Mellon University and the University of Virginia published research about modeling of cyber-intrusions to cyber-infrastructure in order to increase cyber-resilience Chittister and Haimes (2011).

  • Low self-control and cybercrime: Exploring the utility of the general theory of crime beyond digital piracy

    2014, Computers in Human Behavior
    Citation Excerpt :

    The second generation of cybercrime uses networks and is considered hybrid crime. In other words, it is criminality that is already in existence but has expanded and adapted through the use of the Internet (Katos & Bednar, 2008; Wall, 2010). Hacking and cracking are common forms of this generation, as they were a product of early “phone phreakers” who stole free long distance service from telephone companies.

  • Cybercrimes via Virtual Currencies in International Business

    2019, Digital Currency: Breakthroughs in Research and Practice
View all citing articles on Scopus
View full text