We live in a world where everything seems to be getting hacked — Airplanes, ATM machines, Baby monitors, Biometric devices, Bitcoin wallets, Cars, CCTV cameras, Drones, Gaming consoles, Health trackers, Medical devices, Power plants, Self-aiming rifles, Ships, Smart-watches, Smartphones & more.
The increasing global cost of cybercrime ($100 billion+ a year) has led to a massive surge in the demand for cybercrime investigators. This article explores the 22 skills every cybercrime investigator must have.
Skill 1: Web Technologies
Considering the magnitude and impact of web attacks, it is necessary for a cyber crime investigator to understand some of the technologies that run the Internet and the World Wide Web.
This includes practical activities including hosting a domain, creating SFTP users, setting up custom MX records, setting up, configuring & administering private email accounts, databases, and Virtual Private Servers, configuring SSL for secure websites and deploying cloud infrastructure. The investigator must also understand installing, configuring & deploying content management systems and e-commerce platforms.
Skill 2: Web Hacking
Since a majority of cyber crime cases involve web-hacking or web-attacks, it is essential for cyber crime investigators to have a strong knowledge of the techniques of web hacking such as Footprinting, Bypassing Authorization Schema, SQL injection, Cross Site Scripting (XSS), Broken Authentication, Session Hijacking, Unvalidated Redirects & Forwards, and Cross-Site Request Forgery (CSRF).
Skill 3: Suspect interviewing
Effective suspect interviewing is an essential skill for cybercrime investigators. The investigator must understand the difference between an interrogation and an interview and how to prepare for and conduct a suspect interview. The investigator must be able to detect deception, document an interview and get an admission from a suspect. An investigator must also know how to conduct an inquiry in an organization.
Skill 4: Documentation
Even the best investigation is worthless if it is not supported by accurate and relevant documentation and that’s why a thorough understanding of documentation is essential for a cybercrime investigator.
Skill 5: Law
Every step of an investigation must be in compliance with the law and that’s why a thorough understanding of the applicable law is essential for a cyber crime investigator.
Skill 6: Phishing tools, techniques, and counter-measures
Phishing is one of the most popular techniques among hackers and financial cyber criminals. This makes it important for a cyber crime investigator to understand phishing tools, techniques, and counter-measures.
Skill 7: Virtual Payment Systems
Virtual Payment Systems have taken the global money markets by storm. A cyber crime investigator must have a strong understanding of how these systems work.
Skill 8: Financial instruments and concepts
Financial crimes are some of the most interesting cases that cyber crime investigators are called upon to solve. These include including advance-fee scam, bank frauds & carding, charge back fraud, check washing, check fraud, credit card fraud, identity theft, insider trading, insurance fraud, mortgage fraud, ponzi schemes, securities fraud, skimming, wireless identity theft and more.
Skill 9: Forensic accounting
Forensic Accountants are called upon in cases involving economic damages calculations, bankruptcy, securities fraud, tax fraud, money laundering, business valuation, and e-discovery. It is important for a cyber crime investigator to have a basic understanding of forensic accounting.
Skill 10: Fraud Investigation
Many times a cyber crime investigator is called upon to handle fraud investigations. An investigator must understand Fraud (its extent, patterns and causes), Fraud Risk Assessment & Management, Fraud Prevention, Detection & Reporting.
Skill 11: Bitcoin & other crypto-currencies
Bitcoin is, without doubt, the most famous crypto-currency. It gained a lot of notoriety during the crackdown on Silk Road, an underground online marketplace trading in drugs, stolen financial information, weapons & more.
Considering the use of bitcoin (and other cryptocurrencies) by criminals, a strong understanding of bitcoin forensics is essential for cyber crime investigators.
Skill 12: Malware incident prevention & incident response
Considering the impact of malware, it is essential for a cyber crime investigator to have a strong understanding of malware incident prevention and malware incident response.
Skill 13: Dark Web
The World Wide Web that the vast majority of netizens use is also referred to as the clearnet — since it primarily is unencrypted in nature. Then there is the deep web — the part of the clearnet, which is not indexed by search engines. Deep web includes data stored in password-protected pages and databases. The darkweb is a small part of the deepweb. The deepweb consists of darknets including peer-to-peer networks, Freenet, I2P, and Tor. The Tor darkweb is also called onionland, since its top level domain suffix is .onion and it uses the traffic anonymization technique of onion routing.
Considering the popularity of the darkweb amongst the organized criminals groups, a cyber crime investigator must have a thorough working knowledge of the dark web.
Skill 14: Email investigation
Despite the popularity of instant messengers (such as Whatsapp) and social media, email remains one of the most popular methods of online communication in the world. This makes it essential for a cyber crime investigator to have a strong knowledge of email tracking & tracing.
Skill 15: Log analysis
In a large number of cyber crime cases, the investigation begins with an analysis of server logs. It is essential for a cyber crime investigator to have a sound working knowledge of server log analysis.
Skill 16: Browser forensics
In many cases of cyber crime, valuable evidence can be obtained from web browsers. This makes it important for a cyber crime investigator to have a strong practical knowledge of browser forensics.
These evidence points include history, bookmarks, credit card information & contact information stored in autofill, saved passwords, files in the download location. Browser forensics also involves analysis of cloud printers and other connected devices, extensions, cookies and site data, location settings and exceptions, media settings (like camera and microphone permissions) & exceptions, unsandboxed plug-in access & exceptions, automatic downloads and exceptions and more.
Skill 17: Social Media Forensics
It’s probably not incorrect to say that almost every Internet user is part of at least one social media platform. This makes social media forensics an essential skill for a cyber crime investigator.
Skill 18: Google Ecosystem & its Forensics
Google isn’t just a search engine anymore. The Google ecosystem is all around us — Gmail, YouTube, Google groups, Google sites, Google plus, Google keep and so much more. This makes Google forensics a must-have skill for cyber crime investigators.
Skill 19: Forensic technologies
It is essential for a cyber crime investigator to have a strong working knowledge of forensic technologies, cyber forensic concepts and ISO/IEC 27037 — the most important global standard for identification, collection, acquisition and preservation of potential digital evidence.
Skill 20: Cyber security
A basic working knowledge of cyber security is essential for everyone and more so for cyber crime investigators. Aspects of information security include Application Security, Cloud Computing Security, Computer Security, Cyber Security Standards, Data Security, Database Security, Information Security, Internet Security, Mobile Security, and Network Security.
Skill 21: Cryptography & Steganography
Many people use cryptography and steganography. And these include criminals and terrorists. Hence a working knowledge of these is useful for cyber crime investigators.
Skill 22: Password recovery & forensics
In many cases it is found that potential evidence is locked up in password protected files. This makes it essential for cyber crime investigators to have a strong practical knowledge of password recovery & forensics.