Education for Cyber Crime Investigators

David Greer

Joe Mulenex

John Hale

Gavin W. Manes
Center for Information Security

University of Tulsa

Tulsa, OK USA

gavin-manes@utulsa.edu

john-hale@utulsa.edu

david-greer@utulsa.edu

joe@meketrex.com

Abstract

Digital forensics and cyber crime investigations are continually growing, rapidly changing fields requiring law enforcement agencies to meet very rigorous training requirements. New opportunities for committing criminal activity against persons, organization or property are presented every day with the proliferation of personal digital devices, computers, the internet, computer networks, and automated data systems. Whether the crime involves attacks against computer systems, electronic information, or more traditional crimes such as murder, money laundering or fraud, electronic evidence is becoming more prevalent. It is no surprise that law enforcement and criminal justice officials are being overwhelmed by the volume of investigations and prosecutions that involve electronic evidence. Fortunately, processes and procedures, as well as a variety of software and hardware tools have been developed to speed up and standardize the recovery of evidence from suspect media. Each of these tools provides specific capabilities within certain specialized areas. Training in the proper use of these tools is crucial for recovering forensically sound evidence in a manner which will withstand legal scrutiny. It is crucial for the success of future criminal investigations that the law enforcement community has access to timely, inexpensive, and readily available digital forensics and cyber crime investigations training material. This paper describes the development of a modular educational curriculum for training entry-level criminal investigators in the skills necessary to conduct a cyber crime scene investigation and evidentiary collection through the use of digital forensic tools. The curriculum incorporates multiple training methodologies, including instructor-led and multimedia based coursework. The curriculum’s instructor-led portion uses a classroom style presentation that provides 8-hours of interactive coursework. The participants are engaged in the actual process of evidence collection and a limited presentation on the uses of the forensic tools that are available to them. Additionally, the coursework is scaled to the user’s experience level, broken down to three levels: introductory, intermediate and advanced. The multimedia based coursework is designed to be scalable to a law enforcement agency’s needs. The agency has the ability to select from a list of modular curriculum that targets specific needs of an investigator. In addition to the modular framework of the multimedia course, levels of experience are also incorporated. The multimedia coursework will allow the user to actually engage interactively with the materials, simulating a hands-on investigation. This curriculum offers multiple delivery options that law enforcement agencies can take advantage of, regardless of size or geographical disposition. The material in both the instructor-led and multimedia courses are updated to remain timely and keep the user’s well versed in the latest use of tools and procedures, insuring the investigative and evidentiary process remain intact.

Keywords: digital forensics, law enforcement, education