A rigorous approach to formalising the technical investigation stages of cybercrime and criminality within a UK law enforcement environment

As the Internet evolves and continues to become a compelling part of our everyday lives, individuals, communities and nations alike are becoming increasingly exposed to the growing threat of the cybercriminal. The aim of this paper is to widen the discussion surrounding the many global issues and challenges of cybercrime investigation with specific reference to UK law enforcement. This paper first discusses the vast transnational landscape now associated with cybercrime and the rapid growth in cyber offences and other unacceptable Internet behaviours. The emerging characteristics of cybercrime are then presented as a Cybercrime Execution Stack. This logical model of cybercrime demonstrates an objective view and is aimed at identifying the common characteristics of cyber criminality that are likely to occur during the commission of an offence or other illicit behaviours. The concepts of a cybercrime investigation framework focussing on a UK law enforcement environment are introduced following the stages of Initiation, Modelling, Assessment, Impact and Risks, Planning, Tools, Action and Outcome. The benefits of such a framework are intended to provide a cybercrime investigator with a much richer understanding of the complex technical elements of networked technology and the Internet that must be considered when conducting a rigorous cybercrime investigation.