6
Cybercrime Investigation Body of Knowledge Shane D. Shook, PhD
Cybercrime Investigation
Body of Knowledge
Shane D. Shook, PhD
1
What is CIBOK?
1st Edition of Body Of Knowledge to help Law Enforcement, Judiciary, and Corporate cyber
security practitioners and investigators understand:
What is Cybercrime?
Who performs Cybercrime - and how?
Why does Cybercrime happen - and to whom?
How should public and private organizations investigate?
How should public and private organizations staff and train?
2
Challenges addressed
Challenges for Investigators
Limited resources
Many responsibilities
Different stakeholders
Conflicting objectives
Lack of coherency
Challenges for Judiciary
Incomplete context
Focus on attribution
Imperfect evidence
Challenges for Corporate
Competing guidance
Risk management
3
Requirements taxonomy
CIBOK provides execution and management frameworks based upon a taxonomy of defined
requirements to address cybercrimes investigation and cybersecurity improvements
By subscribing to a common taxonomy, law enforcement / judiciary / corporate investigators
and management can communicate more efficiently, and address cybercrimes productively
4
Approach for investigations
Cybercrime investigations involve a combination of procedural and technical requirements
Successful Cybercrime investigations (and organizations) will involve experienced staff and
appropriate tools, and knowledgeable management with supporting policies
The focus of a Cybercrime investigation should be on the crime, not only the medium
