The concepts of cybercrime and cyberinvestigation are closely related to the concept of cyberspace, which is becoming the scene of an increasingly numerous, complex and difficult to trace attacks that pursue political and economic interests. To deal with these new threats, France has shaped its legal framework to regulate these new crimes, and the investigative services have had to change their way of working by creating units specialized in dealing with cyber problems, staffed with specialized computers. skills. However, the French capabilities in the field of cyber investigations and, more generally, the control of cyberspace need to be deepened and developed.
As the importance of cyberspace increases, the threat posed by cybercriminals is increasing and taking on various forms: state actors, organized crime, individuals, digital activists, etc. For reasons of cost-effectiveness and efficiency, they mainly target financial, technology, education, health and government sectors. By analyzing the groups that carry out the most sophisticated attacks, called advanced persistent threats (APTs), and mapping cyber attacks, cyber investigators have new tools that allow them to prevent a certain number of these attacks and attribute some of them. them into groups according to their working methods and goals.
Information about cyber origin and information about cyber interests
The digital investigation tools provided by cyber investigation services allow intervention at the level of each layer of cyberspace (information, software and physical). These investigations fall into two main methods, Cyber Origin Intelligence (ROC) and Cyber Interest Intelligence (RIC), each of which is of particular interest. The first, which focuses on the use of open source data, can come from due diligence, an organization’s digital footprint analysis, or even social media analysis (SOCMINT, for social media analysis). The second, focused on the analysis of information systems, relies on the knowledge of digital equipment, the study of malware and reverse engineering to identify the perpetrators of offenses. These practices are governed by a binding legal framework, in particular with regard to the protection of personal data under the General Data Protection Regulation (GDPR).
In general, open source information gathering techniques (OSINT) allow cyber investigators to collect, cross-check and analyze information available on the Internet in order to better understand and evaluate APT. The term OSINT itself covers a number of practices such as SOCMINT or geospatial analysis (GEOINT).
For both public and private actors, these practices redefine the notion of conflict, reaffirming the central role of information in both defense and offense. In this way, the case study of the conflict in Ukraine shows how cyberspace itself has become a battlefield, serving to espionage, paralyze, demoralize and mobilize targets through information control.
Problems of cyber investigation
While we can no longer speak of “new” technology when we talk about cyberspace, its constant evolution obliges cyberspace actors to constantly question their methods and their analytical grids in order to adapt them to operational reality. Thus, for cyber investigators, foresight is an important tool to anticipate new threats. Thus, the five ideal types of cyber threats – cyber activism, cyber crime, cyber espionage, cyber terrorism and cyber warfare – all find their main determinants in geopolitical tensions. Combined with the rise of cyberattacks and cyberthreats, the structuring of the Dark Web as an interface in the service of cybercriminals suggests an even more dangerous cyberspace. The application of technological innovations, such as artificial intelligence and machine learning, makes it possible to anticipate increasingly complex and evolving threats that can overturn all existing cybersecurity measures. Therefore, there must be enough cyber investigators, they must be trained and equipped to cope with the situation, otherwise the economic and political costs can be very significant.
Florian Brun, Johann Cohen, Celine Krasiunak, Florina Grepin,
Gabriel Musch, Clara Wisson
Read the PDF file: ApportcybertechniquesInvestigation.pdf (ege.fr)