IE 11 is not supported. For an optimal experience visit our site on another browser.

Police heading to classes in computer forensics

Police in Europe and beyond are heading back to the classroom to get trained in computer forensics as more  cyber criminals prey on unsuspecting victims.
/ Source: Reuters

Police are heading back to the classroom as a new breed of criminals turns to the Internet to prey on unsuspecting victims.

Across Europe and beyond, cyber investigators are being trained in computer forensics -- a crimefighting technique that is part science, part sleuthing.

Investigators comb through seized computer hard drives, looking amid countless disguised files for evidence the machine was used in a crime.

The clues could be elaborate computer programs designed to hijack a victim's PC, or e-mail and Web browsing logs revealing the identity of conspirators.

"It's akin to auto mechanics," said Dan Haagman, head of training for 7Safe Ltd, a Cambridge-based firm that instructs police and civilians in computer forensics.

"You rule out things early on. You search for signs that give you a picture of a particular security breach," he added.

The same techniques can be used to trace or at least build a profile of a criminal suspect from a hacked PC or computer network, he added.

As valuable as DNA
As criminals turn to high-tech gadgets and the Internet to commit crimes ranging from extortion to drug dealing, computer forensics is rapidly becoming as crucial to an investigation as DNA evidence, police say.

"I expect new staff to have an absolute minimum of computer and software forensics before they even walk in the door," said Marc Kirby, detective inspector for the computer forensics section at Britain's National Hi-Tech Crime Unit.

In addition to training local police in cyber-sleuthing techniques, Kirby's 55 investigators also hunt criminals.

Earlier this month, the NHTCU arrested 12 people in a case in which a Russian crime gang is accused of using an e-mail scam known as "phishing" to defraud UK bank customers out of hundreds of thousands of pounds.

In another success, a string of globe-spanning paedophilia stings has determined the identities of thousands of suspects who use the Internet to trade and collect pornographic images.

But police forces around the world remain a step behind.

In the UK, home to some of Europe's most advanced cybercrime fighting forces, just 1,000 of the country's 140,000 police officers are trained to handle digital evidence. Fewer than 250 have high-level computer forensics skills, says European information security lobby group EURIM.

Efforts have been ramped up across Europe to close the gap.

Back to class
Earlier this month, British police toiled in the reflection of their computer screens. They were hunting the deep recesses of a computer for traces of an increasingly popular cybercrime weapon known as "malware" in a 7Safe training session.

Malware is malicious computer code programmed by an underworld of hackers, virus writers and sometimes spammers to commit all manners of crime.

In the training exercise, investigators discovered in a deep corner of the hard drive a nasty piece of malware known as a "trojan" installed on the machine without the user's knowledge.

Criminals use "trojans" and "backdoors" to infect PCs. An army of vulnerable machines can then be programmed to execute a digital denial-of-service attack on a Web retailer or flood the Internet with dubious e-mail messages aiming to defraud users out of their bank details in a typical phishing expedition.

The prospect of stopping zombie PC attacks from every corner of the globe is a new criminal threat.

As always, the only way for an investigator to catch a cyber criminal is to learn their tricks. "To truly understand malware they have to use it. To understand hacking they have to do it," Haagman said.