Foundations of cybercriminalistics: From general process models to case-specific concretizations in cybercrime investigations

Gruber J, Voigt L, Benenson Z, Freiling F (2022)

Publication Language: English

Publication Type: Journal article, Original article

Publication year: 2022

Journal

Forensic Science International: Digital Investigation Elsevier

Book Volume: 43

Article Number: 301438

URI: https://www.sciencedirect.com/science/article/pii/S2666281722001196

DOI: 10.1016/j.fsidi.2022.301438

Open Access Link: https://www.sciencedirect.com/science/article/pii/S2666281722001196

Abstract

Despite spectacular stories of successful cyber operations by law enforcement agencies, we continue to be extremely inefficient in fighting cybercrime. The research community has contributed many abstract models to guide digital forensic analyses, but these are usually too abstract to be helpful in concrete cybercrime investigations since they do not give an immediate and straightforward translation of a confronted (digital) crime scene into viable yet promising criminalistic actions. We propose a method to systematically bridge the gap between high-level process models and the demands of actual investigations. The idea is to encode phenomenon-specific knowledge of cybercrime into node-link representations, thereby literally mapping the digital crime scene in well-founded visual representations – so-called cognitive maps. These can be used to derive a prioritized plan of action for targeted acquisition and analysis of case-relevant artifacts. To illustrate our approach, we present a cognitive map for the category of botnet crime and evaluate it with the help of domain experts and by applying it to two real-world cases.

Authors with CRIS profile

Jan Gruber Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Lena Voigt Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Zinaida Benenson Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Felix Freiling Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)

Additional Organisation(s)

Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)

Related research project(s)

Cyberkriminalität und forensische Informatik (Cybercrime) Oct. 1, 2019 - March 31, 2024

How to cite

APA:

Gruber, J., Voigt, L., Benenson, Z., & Freiling, F. (2022). Foundations of cybercriminalistics: From general process models to case-specific concretizations in cybercrime investigations. Forensic Science International: Digital Investigation, 43. https://dx.doi.org/10.1016/j.fsidi.2022.301438

MLA:

Gruber, Jan, et al. "Foundations of cybercriminalistics: From general process models to case-specific concretizations in cybercrime investigations." Forensic Science International: Digital Investigation 43 (2022).

BibTeX: Download