Global Cybercrime Certification

Similar documents
Cybercrime Capacity Building a cooperative process

Way to new challenges

Designing Robustness and Resilience in Digital Investigation Laboratories

UCD Centre for Cybersecurity & Cybercrime Investigation

10025/16 MP/mj 1 DG D 2B

15412/16 RR/dk 1 DGD 1C

Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI)

Educating Judges, Prosecutors and Lawyers in the Use of Digital Forensic Experts

Package of initiatives on Cybersecurity

COMPUTER HACKING Forensic Investigator

Education and Training on Internet Investigations. Joe Carthy. Director UCD Centre for Cybercrime Investigation

Strategic and operational threat analysis at Europol's EC3

ISACA National Cyber Security Conference 8 December 2017, National Bank of Romania

NATIONAL COMMISSION ON FORENSIC SCIENCE

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

Incident Response and Investigations. Regulation and standards

PROJECT RESULTS Summary

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

OHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE

Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form BOSNIA AND HERZEGOVINA. Policy Target No. 1

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

ENISA EU Threat Landscape

Project CyberSouth Cooperation on cybercrime in the Southern Neighbourhood

KEY PROGRAMME INFORMATION. Originating institution(s) Bournemouth University. Faculty responsible for the programme Faculty of Science and Technology

Project CyberSouth Cooperation on cybercrime in the Southern Neighbourhood Region

Certified Digital Forensics Examiner

2CENTRE A collaborative model for capacity building against cybercrime. Cormac Callanan 2CENTRE Industry Liaison

Call for Interest for the INTERPOL Digital Crime Centre 2 nd round (area of advanced technology required for the Malware/BotNet analysis)

DIS10.3:CYBER FORENSICS AND INVESTIGATION

Intellectual Property Office of Serbia

Cyber Intel within European Cybercrime Center Ops

Certification, Registration and Education of Digital Forensic Experts

COMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9

Current skills gap for capable CTI analysts: Training for forensics & analysis

SYLLABUS POSTGRADUATE TRAINING FOR NORDIC COMPUTER FORENSIC INVESTIGATORS. Module 3E Windows Forensics 10 ECTS

C HFI SCIENCE SECURING FORENSIC. Every crime leaves a trail of evidence. Computer Hacking Forensic Investigator v9 NETWORKS WITH.

C T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Overview on the Project achievements

C HFI SCIENCE SECURING FORENSIC. Every crime leaves a trail of evidence. Computer Hacking Forensic Investigator v9 NETWORKS WITH.

ESSA Q INTEGRITY REPORT

Vademecum of Speakers

THE INTERNATIONAL INSTITUTE OF CERTIFIED FORENSIC ACCOUNTANTS, INC. USA. CERTIFIED IN FRAUD & FORENSIC ACCOUNTING (Cr.

Professional Evaluation and Certification Board Frequently Asked Questions

Octopus Programme From April 2011

G8 Lyon-Roma Group High Tech Crime Subgroup

Swedish Scheme Update Dag Ströman, Head of CSEC

National Certificate in Public Sector Compliance Operations (Level 4) with an optional strand in Investigations

A1. Actions which have been undertaken by Governments

CE4024 and CZ 4024 Cryptography and Network Security

EU policy on Network and Information Security & Critical Information Infrastructures Protection

EISAS Enhanced Roadmap 2012

CYBERCRIME RESPONDERS TRAININGS

CYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME

The commission communication "towards a general policy on the fight against cyber crime"

Issue I. Airport Communication Project

Fostering Competitiveness, Growth and Jobs. Wrocław, Poland, 15 October 2014

Council of the European Union Brussels, 23 November 2016 (OR. en)

A Comparative Study of Teaching Forensics at a University Degree Level

Skills Academy. Forensic Studies Courses

10007/16 MP/mj 1 DG D 2B

Commission Action Plan on Environmental Compliance and Governance

Cybersecurity Strategy of the Republic of Cyprus

13268/16 EB/dk 1 DGD 1C

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

Regional Seminar on Cyber Preparedness

THE SUSTAINABLE NUCLEAR ENERGY TECHNOLOGY PLATFORM. Presented on behalf of SNE-TP by Vere Smyth, University of Pavia

UCD Centre for Cybersecurity & Cybercrime Investigation. University College Dublin School of Computer Science

Legal Foundation and Enforcement: Promoting Cybersecurity

When Recognition Matters WHITEPAPER CLFE CERTIFIED LEAD FORENSIC EXAMINER.

Electronic payments in the Netherlands

PERSON SPECIFICATION. Cyber PROTECT Officer. Job Title: Status: Established

ESTABLISHMENT OF AN OFFICE OF FORENSIC SCIENCES AND A FORENSIC SCIENCE BOARD WITHIN THE DEPARTMENT OF JUSTICE

Certified Cyber Security Analyst VS-1160

Council of the European Union Brussels, 14 July 2017 (OR. en)

The NIS Directive and Cybersecurity in

Organization of Scientific Area Committees for Forensic Science (OSAC)

1 History of CyberSecurity in the Philippines 2 3

European Union Agency for Network and Information Security

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Global Wildlife Cybercrime Action Plan1

ACCREDITATION: A BRIEFING FOR GOVERNMENTS AND REGULATORS

UNODC/CCPCJ/EG.4/2017/CRP.1

CYBER CRIME LEGISLATION COURSE MALAYSIAN COMMUNCIATIONS AND MULTIMEDIA COMMISSION MALAYSIA

Cyber Security in Europe

CERT.LV activities, role in Latvia and globally. Baiba Kaskina, CERT.LV , Sofia, Bulgaria

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

COMPUTER FORENSICS (CFRS)

FIRE REDUCTION STRATEGY. Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

D3.1 Validation workshops Workplan v.0

ENISA s Position on the NIS Directive

CYBER CAMPUS KPMG BUSINESS SCHOOL THE CYBER SCHOOL FOR THE REAL WORLD. The Business School for the Real World

Media Kit. California Cybersecurity Institute

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

Systemic Analyser in Network Threats

CFE Exam Review Course

Transcription:

Global Cybercrime Certification Yves Vandermeer ECTEG chair yves.vandermeer@

Way to a new IT crime ecosystem Standard Operation Procedures and Education docs ACPO - Good Practice Guide For Digital Evidence (2012) Council Of Europe - Electronic Evidence Guide (2013) ENISA Strategies for incident Response and Cyber Crisis cooperation (2016) S.D. Brown - Investigating and Prosecuting Cyber Crime (2015) Ivar A. Fashing The Making of an Expert Detective (2016) ISO 27037 (2015) Tools features taxonomy from EVIDENCE project (2016) http://wp4.evidenceproject.eu/dft.catalogue/dftc.home.php FREETOOL project ( I & II ) Career path within profiles matrix TCF by EC3, ECTEG and CEPOL (2015) Course packages coherent and structured Practitioners certification procedures TOT project - Universidad Autónoma de Madrid (2016)

Some IT forensics principles Only «accredited» experts are allowed to handle «traces» «Chain of Custody» Trace integrity => evidence in front of court WWW : Who? When? how? Chronological and accurate reporting Allows reproducibility Rights of the defence Original seized item still available All actions are motivated ( Why )

ENFSI NTFS «state of art» challenge : Evaluation criteria A1 : correct MD5 A2 : correct full path A3 : correct MD5+full path 100 % B : unwanted files recovered C : files from older version recovered 0 %

Lessons learned Only 7 «entities» to address the challenge Most participants uses only 1(commercial) forensic tool Only 2 cross-check results (validation?) Only 1 entity got the full mark All entities have something like a certification or accreditation

A bit more than forensic tools? Capacity building is linked with tasks / operations No need for experts for all tasks But need for experts for some tasks to coordinate forensics (transversal approach) solve what can not be solved by tools (R&D) check and validate tools results present and comment findings in front of the Court Avoid to be «tool-dependent» Improve efficiency and accuracy Allows decision makers to change strategy Improve costs management and sustainability Keep specialised and trained investigators motivated Recognition Raise expertise level

Expertise AND tools? First responders Identify and gather traces Specialisation Search and document traces Validate trace in the investigation Using several different tools Expertise Traces interpretation Hypothesis

Looking to commercial tools «EnCase Forensic preserves data in an evidence file format with an unsurpassed record of court acceptance.» (Encase - Guidance Software) «court cited solution» (FTK - Access Data) «The engine that runs the PALADIN Toolbox is a combination of applications that have been used by forensic examiners and investigators for years and have withstood scrutiny of many courts of law» (Paladin - Sumuri)

Do we need specialists? To explain «How» To investigation lead and magistrate To react to cyber attacks In front of court and jury To keep in house excellence Following IT evolution Be part and contribute in a network To explain Why Suspects profiling In front of court and jury

Intuition? intuitum, de intueor, look with attention Provide some hypothesis on modus operandi Create a forensic script in python Conduct searches based on a criminal case investigation Make a forensic copy Explain how cookies are created Identify devices with traces

Education to intuition? Process, regulations and standards Profiles with skills and competences Capacity building strategy courses = specialist + intuition Experience based Shared and validated by an expert networks Continuous education

But certification are already existing! Or tool based Or Linked with a course (payment) Often presented as profiles framework

Training Competency Framework Cyber crime experts First responders

Five components: Training based on needs Addressing soft skills Create a sustainable expert network Collaboration with the academic world Research and Development Detect new trends Validate competences by certification Implementation of a quality process 18

The digital evidence is an exception Difference between technical evidence and expert evidence? Live data forensics needs to take decisions Chip-of is sometimes destructive Cloud storage and IoT challenges Cyber attacks and networks Reproducibility is not possible anymore Traces without interpretation are often useless How many DF certified labs?

Certification challenges How to certify IT forensic labs or methods? Technology is always a challenge JTAG or Chip-Of and destructive methods Live data forensics becoming a standard especially for cyber-crime investigations Only good practices can be defined and frequently updated.

Way to practitioners certification good practices can be defined and have to be frequently updated. We have to work on how good practices are applied : dissemination and training assessing practitioners competences skills

Way to practitioners certification Existing national level recognition : o o only a few countries quickly outdated Existing international certifications : (the rich driver license paradox) Based on tool knowledge Based on course attendance Competition model Certification, registration and assessment of digital forensic experts Peter Sommer (2011)

Practitioners certification model Using Training Competency Framework as backbone (profile based certification) Unlinked from the training Checking competences and skills Theory & practice by academic partners Internship for some profiles Limited validity 5 3 years Transition from exiting ones Compatible with academic degrees (bachelor, master) Model created by TOT project (2014-2016) Prosecutors, investigator judges, law enforcement, academics Support from Europol, Eurojust and ECTEG

Global Cybercrime Certification Project Using Training Competency Framework as backbone (profile based certification) Unlinked from the training Checking competences and skills Theory & practice by academic partners Internship for most profiles Limited validity 5 3 years Transition from exiting ones (i.e. IACIS ) Compatible with academic degrees (bachelor, master)

Advantages Mutual recognition of expertise levels Valorisation of practitioners Harmonisation through EU Profiles harmonisation Defining procedures and standards Practitioners network Career path Training attendees prerequisites Support to national structures Addressing capacity building issues

Step forward model implementation Already advised when : Creating new profiles Creating new training packages Governance board Europol, CEPOL, Eurojust, ECTEG, EUCTF, Certifying body Accreditation bodies organising certifications Certification organised by accredited bodies : Implementation checked by governance board members

First implementation 2017-2018 : Global Cybercrime Certification project including pilots

BACKGROUND: THE TOT PROJECT EU funded (2014-2016) Support from Europol, Eurojust and ECTEG UAM coordinator of the project, with other 5 institutions One of the results: Framework for Certification. Cybercrime investigators and judicial authorities Prosecutors, investigating judges, law enforcement, academics. Basis for the development of a pool of professionals capable of correctly dealing with the transnational problems of cybercrime. Taking into account different European countries (civil and common law).

THE PARTNERS * With the support of the Spanish Cybercrime Prosecutor s Office

ADDED VALUE Mutual recognition (all practitioners) EU (global?) harmonisation Well adapted to technology evolution Tool (vendor) and training neutral Partnership with academic world International database of experts

PRINCIPLES The certification will not be linked to any specific trainings, nor will the project deliver any training. The cost of certification is to be as cost-effective as possible. Given that the certificates will be competency-linked then assessment should be at pass/fail only.

STRUCTURE OF THE PROJECT Governance Board Bodies accreditation Law Enforcement Certifications Judicial Certifications Head of Cybercrime Unit Basic Cybercrime Online Investigator Digital Forensics Expert

PILOTS Certification Duration Travels Funded Format Editions Head of Cybercrime Unit One day Yes In-person 3 x12 participants Online Investigator Three days No In-person 3 x 5 participants Digital Forensics Expert One day No In-person 5 x 10 participants Judicial Basic One day No Online 3 x 20 participants All exams will be free of charge The exams will take place in different European countries

TIMELINE 2017 2018 2019 1S 2O 3N 4D 5J 6F 7M 8A 9M 10J 11J 12A 13S 14O 15N 16D 17E 18F Certifications Profile definitions CERTIFICATION EXAMS

PROCESS FOR APLICATION The profile descriptions/requirements will be published Period for registering will be opened Acceptance of attendees Period for sending required documents will be opened Attendance to certification exams The results will be communicated and certifications granted

contact data European Cybercrime Training and Education Group Yves Vandermeer yves.vandermeer@ twitter : @ecteg

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback