Professional recognition for cyber investigators was sadly lacking in the past. The Institute of Cyber Digital Investigations Professionals (ICDIP) is set to change all that.
Until recently, legal evidence from cyber investigations was often challenged in cyber-crime court cases. The independent launch of the Institute of Cyber Digital Investigations Professionals (ICDIP) gives weight to the evidence professionals gather in cyber investigations by offering them cyber accreditation.
Cyber accreditation offers IT professionals the critical skills required to testify after conducting certified forensic investigations. Their training includes the technical skills that ensure they are adept in digital forensic principles and the correct processes to follow.
Since 2015, the ICDIP has trained more than 700 people in a program funded by the Home Office. This was formed as part of their National Cyber Security Program to establish accreditation for cyber-crime cases in the UK.
It is one of the first organizations of its kind in the world, born out of the need for a standards framework and accreditation. Demand for forensic investigators is growing in proportion to cyber-criminal activities.
Sarra Fotheringham is a policing manager for digital and cyber issues at the College of Policing. She recently told ComputerWeekly.com: “The framework is used to validate competency. It assures that we have highly competent and capable individuals conducting specialist cyber and digital investigations.”
The accreditation is designed to measure the competency of security practitioners and allows them to prove their expertise. It also speeds up the professionalization of cyber investigations and gives confidence that the evidence presented is from an authoritative source.
This accreditation gives greater weight to the evidence presented in court cases, and the move is a positive step to improving trust in the evidence presented.
Not only is cyber and digital crime growing, but they are also increasingly linked to other crimes. Professionals are often called to give evidence, and their reliability as witnesses is vital to the outcome of these cases.
Digital Forensics Investigator Skills
Cyber professionals gain the certification after an assessment based on the skills and standards framework (SSF). There are five core job families for cyber-dependent or enabled crimes, and they have various skill categories. These include analyst, investigator, interviewer, intelligence, and forensic. Membership levels range from affiliate to full member by the end of the accreditation.
There are various types of digital evidence associated with cyber-crime. It includes data on files from a computer, emails, or a suspect’s mobile phone. These are all critical to tracking proof of the perpetrator of the crime and their victim.
The cybercrime investigation process also entails investigating, analyzing, and recovering critical forensic data from the internet and local networks to help identify those responsible for the actions.
Cybercrime investigators need a working knowledge of computer science. They must understand the software, file systems, operating systems, networks, and hardware. Their knowledge allows them to determine how the components have interacted, giving them a complete picture of the crime and the victim. They determine the crime, when it happened, and what the motive was.
Evidence of cyber-crimes requires a certain standard to ensure that it is accepted in courts. Arguments that say cyber attribution is impossible no longer stand. These have been voided by the validity of accredited cyber forensics experts trained to wade through and collect the electronic evidence required.
The complexity of these crimes often means investigators must collect evidence from other countries. This requires them to approach other governments or lawyers there, and the laws change from one country to the other.
Despite the difficulties in identifying and proving cases against offenders, prosecutions of these crimes are becoming more common. The essential basic legal concepts surrounding network attacks and intrusions differ from one country to the other. In many countries, including the U.S., cases can be brought against the attackers under criminal or civil law.
In civil cases, also known as tort, the lawsuit is brought against the criminal by a private citizen or corporation. The point of the case is to seek monetary compensation or court order against those who intruded in the network.
Criminal cases are actions brought by the authorities on behalf of the federal government, state, or local authority. Here the punishment for the cyber-criminal will depend on the crime and usually entails a fine or imprisonment.
For both types of cases, the rules of evidence apply, but the burden of proof is much higher in a criminal case.
Courts first establish the credentials of IT professionals before allowing them to offer their qualifications as an expert. Cyber accreditation is vital for expert witnesses testifying based on their expertise in cyber-crime cases.