Cybercrime, defined as any illegal activity committed using computers, has emerged as a serious threat to individuals, businesses, and even national and international security. The relevant police units have to continuously update their knowledge and skills to counter such threats. A standard cybercrime investigation features a number of proven investigative techniques, each designed to track and capture cybercriminals.
To help the police cope with the ever evolving forms of cybercrime, and in line with the objectives defined, the EU funded project for “Further Institution and Capacity Building of the Police Service”, has organized four additional specialized trainings titled: “Investigating and Analyzing Malware Codes”, “Securing of Evidence during Cybercrime Investigations”, “Cybercrime Investigation Techniques”, and “Live Data Forensics”.
The trainings were organized at the MoI’s Training Center in Idrizovo, with the support of the Department for Common affairs and Human Resources Management.
Each of the trainings conducted in the course of September and beginning of October, lasted for 5 days, and was aimed at advancing the skills of first responders from the Sectors for Internal Affairs, as well as the forensic examiners from the Sector for Cybercrime and Digital Forensics at the Public Security Bureau.
The training for Investigating and Analyzing Malware codes that was delivered by the Belgian expert Mr. Miguël Blauwbloeme, was successfully completed on 16 September 2016 covering 11 cyber-crime investigators working at central and regional level. Malware, short for malicious software (and also commonly referred to as computer viruses), is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising. The course aimed to provide the participants with the most recent malware investigation techniques – how to identify and classify malicious files, how to set up a secure environment to analyze such files, what programs can be used for analysis and how to discover who is behind this criminal activity.
Mr. Terry Baker and Mr. Michael Jameison from the UK delivered a five-day training of trainers focused on efficient securing of evidence during cyber-crime investigations. The proper collection and preservation of digital evidence is often complex and difficult process, which requires cautious approach and specific expertise. This course had also provided investigators with directions on how to better assemble evidence for court that is clear and supportive of evidential needs.
A training focusing on Cyber-Crime Investigation Techniques followed; it was delivered by the German expert Mr. Klaus Demmer and intended for cyber-crime investigators working at both central and regional level. Cybercrime investigators are tasked to seize targeted computers and other storage media and technical devices (such as smartphones, SIM cards, memory sticks, digital cameras, MP3 players, iPods, servers, surveillance systems, etc.) for advanced forensic analysis and extraction of digital evidence. Forensic technicians will follow the electronic trail wherever it leads, looking for digital fingerprints in text messages, emails, files, pictures and videos, and web-browsing histories.
The last topic in the series of cyber-crime trainings, that took place from 3 to 6 October 2016, has been associated with Live Data Forensic Analysis. The training was delivered by Mr. Dominique Houbrechts and targeted the digital forensics examiners and cyber-crime investigators working at regional level. Live Data Forensics encompasses tools, techniques, and procedures for preservation and analysis of volatile evidence contained in the main memory (RAM) of a computer system.
All provided courses were both theoretical and practical, aiming to comprise latest good practice, technologies and techniques available to law enforcement specialists.