Modeling Cyber Crimes and Investigations for Digital Forensics Education

Abstract

Current network forensics education lacks a systematic view of how real-world cybercrimes are committed and how real-world cases are investigated. In this paper, we fill these gaps. We explicitly define three basic crime strategies as computer assisted strategy, computer focused strategy and non-cyber strategy (traditional crime strategy) and model a real world cyber crime case as a sequence of crimes using these three basic crime strategies. We explicitly define two basic investigation strategies as computerized techniques and traditional operations. These models allow satisfactory explanation of a case that may involve a number of basic types of crimes and investigations. We have also built a real-world case database system for digital forensics education. Our preliminary survey confirms the usefulness of these models and case database system helping students understand cyber crimes and investigations.