Capacity building & training
- To cope with the criminal use of encryption, law enforcement must ensure it has the training and resources it requires to obtain and handle digital evidence in situ using techniques such as live data forensics, while mindful of the need to avoid weakening cybersecurity in general8.
- Law enforcement must continue to develop and invest in the appropriate specialised training required to effectively investigate highly technical cyber attacks. A foundation level understanding of cyber-facilitated and cyber-enabled crime, including the basics of digital forensics (e.g. how to secure/seize digital evidence) should be required by all law enforcement officers, especially first responders.
- Given the rapidly changing nature of cybercrime and the pace at which technology evolves, there is a need for a more adaptive and agile approach to research and development, including funding opportunities, with a view to delivering relevant results in a more timely manner.
- As the criminal use of virtual currencies continues to gain momentum, it is increasingly important for law enforcement to ensure that cybercrime and financial investigators have adequate training in the tracing, seizure and investigation of virtual currencies.
- A coordinated effort should be made by law enforcement to engage with countries where compromised cards are cashed out and where goods purchased with compromised cards are reshipped.
- Darknets are an environment where cyber-facilitated crime is becoming firmly established. This is a cross-cutting issue that requires support from specialists in multiple crime types. It is not feasible or practical that all such crime is dealt with by cybercrime units when the predicate crime is related to drugs, firearms or some other illicit commodity. It is essential therefore that appropriate training and tool support is extended to those working in these areas to provide them with the required knowledge and expertise.