330 likes | 338 Views
Explore the need for improved cybercrime investigation training, academic accreditation, and international cooperation in the European Union.
E N D
Second International Workshop on Digital Forensics and Incident Analysis Samos, Greece 27 – 28 August 2007 Cybercrime Investigation Training and Specialist Educationfor the European Union Abhaya Induruwa Department of Computing
Cybercrime • “a crime committed using a computer and the Internet to steal a person’s identity or sell contraband or stalk victims or disrupt operations with malevolent programs” • The involvement of the Internet brings the global dimension! 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
The Situation • “of around 140,000 police officers in the UK, barely 1,000 have been trained to handle digital evidence at the basic level and fewer than 250 of them are currently with Computer Crime Units or have higher level forensic skills” 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
Presentation • Falcone Project • AGIS Project • AGIS Pilot – typical European collaboration • Training at the degree level • Canterbury Christ Church University’s involvement • European Compliance – Bologna Agreement • UK’s position 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
Falcone Project • Titled: “Training: Cybercrime Investigation – Building a Platform for the Future” (2001) • Examined: cybercrime investigation training provision throughout EU • Found: • Approaches inconsistent and fragmentary • No mutual recognition of training standards • No academic recognition 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
Convention on Cybercrime in particular Article 35 of the Council of Europe “Each Party shall: • designate a point of contact available on a twenty-four hour, seven-day-a-week basis, • in order to ensure the provision of immediate assistance for the purpose of investigations • or proceedings concerning criminal offences related to computer systems and data, • or for the collection of evidence in electronic form of a criminal offence.” 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
Falcone: Recommendations • European approach to cybercrime forensics training • Academic accreditation • More co-operation between law enforcement agencies and academic institutions to bring: • Professional Recognition • Standardisation across member states • Internationally recognised qualifications would ease law enforcement agency co-operation • Monitoring and administration should be carried out by a central body, eg: Europol or CEPOL 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
Falcone: Recommendations Four levels of training in Computer Forensics, Internet and Network investigation: • Basic/Certificate Course; • To cover broad range of material • Intermediate/Diploma Course; • To reflect the requirements of participants • Advanced/Degree Course; • To cover subject material in more depth and • Continuing Professional Development • To help practitioners to keep their skills current 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
AGIS 2003 and 2004 • Titled:“Cybercrime Investigation – developing an international training programme for the future” • Picked up: where Falcone left off • Produced and piloted: materials for the Basic/Certificate Course in Forensic Computing, Internet and Network Investigations 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
AGIS 2003 and 2004: Recommendations • Determine criteria for membership of a Network of Cybercrime Investigation Training Centres • Set up a centralised repository for course materials for ease of course dissemination • Set up a mechanism to keep courses up-to-date, reviewed and developed • Encourage a central body such as CEPOL or Europol to establish a certificate in cybercrime investigation and a register for cybercrime investigators • Encourage Interpol to deliver the training produced by this project to promote standardisation of cybercrime around the world. 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
AGIS 2005 • Produced and piloted materials for the Intermediate/Diploma Course in Forensic Computing, Internet and Network Investigations: • Applied NTFS Forensics – Aug 2006 • Internet Investigations – Oct 2006 • Network Investigations – Nov 2006 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
AGIS 2006 • Again produced and piloted materials for the Intermediate/Diploma Course in Forensic Computing, Internet and Network Investigations • Linux as a Forensic Tool • Mobile Phone Forensics • Wireless and VoIP Forensics 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
AGIS: Summary • Produced materials to be used by law enforcement agencies around the world but particularly the EU • Pilot the course • to evaluate and improve the materials • Accredited by University College Dublin and Canterbury Christ Church University • Materials set to be administered and kept up-to-date by Europol • Approved list of trainers and training centres to be set up by Europol • Project to continue under funding from EU ISEC Programme 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
Linux as a Forensic ToolPilot – March 2007 • Reviewed the existing training material from Interpol, UK and Beligium; • Considered including pre-read material so that a true intermediate course could be offered; • Discussed having a test at the beginning to ensure that the students have grasped the pre-read material; • Discarded this idea as individual circumstances of students could prevent them from completing the pre-read material; • Decided that this will be covered very quickly at the outset. 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
Linux as a Forensic ToolPilot – March 2007 • Recommended having a training room with • A computer for each student • At least two computers for trainers one with Windows XP) • Two projectors • Network and Internet connectivity • 1GB USB drive each for trainers and students • Access to BIOS settings • Run Ubuntu and FCCU Linux 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
Linux as a Forensic ToolPilot – March 2007 • Why Ubuntu Linux? • Ubuntu is ideal to introduce basics and build confidence • Bases on Debian, but is much more user friendly than Debian or Slackware • Interpol’s course also uses Ubuntu • Slackware – Grundy discusses this distribution in slightly more detail • Debian – Knoppix live CD is based on this distribution • Day 3 – 4 is based on the Belgiun course that uses a live CD developed by the Federal Computer Crime Unit (FCCU) 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
Linux as a Forensic ToolPilot Delivery – March 2007 • 5 days in total • Days 1-2 • Introduce Linux – Interpol’s course based – use Ubuntu • Days 3-4 • Based on Belgium’s course – uses FCCU Unix – avoids having to develop too much new material • Day 5 • Review of the course and competency test 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
Linux as a Forensic ToolPilot – Quality Assurance • NPIA • University College Dublin • Canterbury Christ Church University • Post evaluation meeting in September 2007 • Final report to be submitted in December 2007. 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
Training at the Degree Level • Falcone 3rd Recommendation where • Canterbury Christ Church University • University of Glamorgan • University College Dublin, etc come into the picture. 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
Canterbury Christ Church University • MSc in Cybercrime Forensics • Closed programme; • Started in October 2005; • Innovative partnership with NPIA High Tech Crime Training Unit – Wyboston; • Two intakes so far. • BSc in Forensic Computing • First intake in October 2007; • Open to any student. 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
Canterbury Christ Church University • MSc Cybercrime Forensics Structured to impart knowledge and test competencies in core areas • Data Recovery and Analysis Skills OR • Network Investigation Skills AND • Ethical, Legal and Professional Considerations • Case Studies in Cybercrime Forensics • Cryptography 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
Canterbury Christ Church University • MSc Cybercrime Forensics Optional areas: • Applied NTFS Forensics • Advanced Internet Forensics Traces • High Tech Crime Scene Searching • Core Skills in Mobile Forensics • Identifying and Tracing the Electronic Suspect • High Tech Crime Manager’s Workshop • Covert Internet Investigation. 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
Canterbury Christ Church University • Based on the QAA’s 180 credit model; • Uses NPIA High Tech Crime Training Unit’s training modules as pre-qualifiers • University’s well established APEL/APCL procedures to • Accredit prior experiential and certified training • Meets Falcone Recommendations: • Achieve Academic Accreditation • Achieve Professional Recognition • CPD to keep practitioners’ skills up-to-date. 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
Canterbury Christ Church University • BSc in Forensic Computing • Entry level programme; Aim is to: • Equip students with the theory and practical skills necessary to assist in the • Examination; • Reconstruction; • Detection; • Investigation; of crime scenes where the use of • IT equipment and Computers are involved. 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
Canterbury Christ Church University • BSc in Forensic Computing Expected employment: • In a range of career pathways including: • Police force; • Associated supporting roles; • General roles involving IT equipment and Computers; • Go into further study leading Masters or even PhD degrees. 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
European Compliance • Falcone, and then Agis, were European initiatives; • Tried to develop training material for cross border use; • At Basic and Intermediate Levels • In order to achieve consistent professional standards; • Accreditation of qualifications across Europe. 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
European ComplianceBologna Agreement (1999) • Signed by Education Ministers of 29 Member countries • To create a European Higher Education Area (EHEA) by 2010; • To achieve a comparable, compatible and coherent system for Europe; adhering to Europe wide academic and quality assurance standards. 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
European ComplianceBologna Agreement (1999) • Key features: • Establishment of a common system of credits; • Promotion of the mobility of students as well as academic staff; • Promotion of European co-orporation in quality assurance; • Participation in life long learning. 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
European ComplianceBologna Agreement (1999) Comprises three cycles of higher education qualifications matching roughly to the following UK qualifications: • BSc; • MSc; • PhD. • Proposes a shift from teacher based to student based course descriptors and corresponding learning outcomes (LOs); • Defines ECTS (European Credit Transfer and accumulation System) Credits – to allow cross border accreditation and standardisation; • Generally accepted that the UK BSc and MSc degrees are fully compatible with the First and Second Cycles. 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
European ComplianceBologna Agreement • Follow up conferences: • Prague (2001); • Berlin (2003); • Bergen (2005); • London (2007) – expected to adopt a strategy on: • How to reach other continents; • Create a Register of European Quality Assurance Agencies. 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
European ComplianceUK’s Position – Future Proofing • UK has a well established Quality Assurance System for Higher Education; • The MSc in Cybercrime Forensics of the CCCU has been developed strictly according to QAA structures; • In the UK, European programmes such as Erasmus, Tempus and Socrates are well established – to provide smooth accreditation of academic achievements; • Students with UK qualifications will be able to freely and transparently move across European borders. • The acceptance of ECTS will allow students from European Higher Education institutions to freely and transparently select modules offered by the UK higher educational institutions. 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
Closing Note … • Canterbury Christ Church University is hosting CFET 2007 – the 1st International Conference on Cybercrime Forensics Education and Training • Dates: 6 – 7 September 2007 All are welcome! The venue – Canterbury Christ Church University with the Canterbury Cathedral in the background. 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007
Thank You! 2nd International Workshop on DFIA - Samos, Greece; 27 August 2007