The CyberEast project, funded by the European Union and the Council of Europe and implemented by the Council of Europe through its Cybercrime Programme Office (C-PROC) based in Bucharest, Romania aims to support cyber resilience of the Eastern Partnership countries. The project builds on previous capacity building efforts in the Eastern Partnership region and on the good cooperation relationships developed along the years. What is less brought to the foreground, however, is the human factor and the work of individuals driving the progress forward in the country. In this interview you can meet Giorgi Pirveli working with the Police Academy of Georgia, teaching the new generation of cybercrime investigators. Under the CyberEast project, Giorgi is a master student in the Master programme MSc Forensic Computing and Cybercrime Investigation offered by the University College Dublin, in Ireland.
C-PROC: Can you please introduce yourself? Tell us a bit about you and your work?
Giorgi Pirveli: I am working for the Police Academy of Georgia since 2017 and at the same time I am delivering lectures for Georgian and International students in two Georgian Universities. In 2017, for the first time in Georgia, we have designed and implemented a special cybercrime investigation training curriculum for cybercrime investigators. The training curriculum and study materials were made in compliance with international and European standards. My primary job duties are related to cybercrime investigation, digital forensics, programming, blockchain technologies and malware analysis. From this year, I also have the honor and privilege to be a OSCE Consultant and to design and deliver trainings for field practitioners from around the world, regarding topics on cybercrime.
Before my teaching experience, I was working as a cybercrime investigator for five years. As an investigator, I have investigated more than 200 cases, which were related to different types of cybercrime, like card fraud, deface, DDos, phishing, ransomware and others. During this time, I have gained a lot of practical experience. This was quite a big challenge at that time, because there was no extended practice or investigation tips, as it was a newly formed team of investigators who tried to self educate on matters of cybercrime, to find the newest approaches and best practices of cybercrime investigation from developed countries. I also remember how we were making simple google searches for getting as much information and recommendations as possible to succeed in the investigation process. During that time, it was unthinkable that one day we would be able to get this much valuable information, experience and knowledge from the advanced field experts, and I am more than happy to share this knowledge and experience with our new investigators and other interested parties to advance their possibilities and build and improve their capacity.
C-PROC: You are one of the CyberEast students in the Master programme MSc Forensic Computing and Cybercrime Investigation offered by the University College Dublin, Ireland. From the modules offered so far in Malware Investigations, Live Data Forensics, Network Investigations, just to name a few, which module did you enjoy the most? And why?
G.P.: During last year, I took five modules and this semester I am taking three more. I enjoy each module because these modules are delivered by the world experts in the field and these courses gave me exceptional and valuable knowledge, which cannot be acquired using self-education. Before this master programme I have attended many interesting training courses in the field and got a lot of useful information, but after one year of studying here, I am more confident with the knowledge of cyber that I acquired, and I found that this master programme is extremely practical and useful. For example, the first two modules offered by the University – computer forensics and network investigation – are giving very basic and, at the same time, essential knowledge. They are the foundation for the whole master program. Programming for investigators was very hard for me because I had no programming experience prior to joining these classes, but the module was delivered in such a comprehensive way that I managed to thoroughly learn Python programming for forensic goals. This module somehow changed my style of life as well, as I have continued to learn programming and it became part of my daily activities. By using python programming I have already created several small software applications and tools for practitioners to simplify and automate some activities related to digital evidence forensics. Other modules like OSINT, Malware analysis, database and live forensics give exceptionally practical knowledge, which I use and share almost every day. To be honest, learning here is not easy. Each module requires a lot of effort, diligence and daily hard work. However, it is always very pleasant when at the end of the semester each module is successfully completed, and you realize the amount of knowledge you get in such a short period of time.
Source: Giorgi Pirveli
C-PROC: How is this module, in particular, helping you in your day-to-day work? Can you give us an example?
G.P.: Each module helps me to deliver more comprehensive, practical, and effective trainings. We have updated the study materials for students and Cadets using study resources from UCD. When needed, I help my colleges to solve sophisticated cybercrime cases and give them some advice. This knowledge and experience gained during this Master programme is also supporting me to be more productive while taking part in different national and international projects. It gave me more in-depth understanding, expertise and credibility in this particular field, and as a result this ensured more freedom and I gained a great sense of confidence in this field. Accordingly, I am extremely grateful for this possibility which broadened my horizon and mind.
C-PROC: How are you sharing the knowledge gained in the master programme with your peers?
G.P.: Delivering specialized trainings gives me opportunity to share my knowledge with my colleges and investigators dealing with cybercrime. It should be noted that last year my colleagues and I initiated a project to create the Cybercrime Coordination Working Group in Georgia, and with the support of the EU this project was successfully implemented. The aim of the group is to share knowledge and coordinate actions to fight cybercrime. We elaborated a Cybercrime National Strategy and Action Plan to fight cybercrime in Georgia. A major part of the action plan activities are training courses, which should be delivered to all involved practitioners by the end of 2022. I am going to use materials from UCD in these trainings.
C-PROC: In your position as the Cybercrime Chief Instructor with the Police Academy of the Ministry of Internal Affairs in Georgia, what would you say are the biggest challenges law enforcement is facing nowadays?
G.P.: The first and major challenge is the continuous growth of cybercrime cases. Crime follows technology. Cybercriminals use every new technology to commit cybercrimes. Sometimes these new types of crime seem impossible to investigate, but having appropriate knowledge and tools is the solution.
The second challenge is the lack of qualified investigators. Cybercrime is a field where law and technology do cross, so the ideal cybercrime investigator should have education and experience in both fields but unfortunately this is quite a rare encounter. As the number of crimes grows every year, more investigators are needed to be trained. Some investigators indicate that technical problems like the high cost of software and hardware is the challenge but studying at the UCD showed me that acquiring knowledge in programming and data forensics is a solution for this obstacle, because investigators could easily design and develop their own software tools.
Finally, international cooperation is still a challenge. Cybercriminals use every option to communicate with each other across the world. We all know that cybercrime is not a country specific problem, as there are no borders for cybercriminals. Countries willing to fight cybercrime must create more functional, fast, and working services to effectively share and exchange tools and methods to deal with cybercrime.
Source: Giorgi Pirveli
C-PROC: Is there anything that the joint European Union/Council of Europe project CyberEast can do to further support your work and make a difference in Georgia?
G.P.: By the end of the UCD master programme I would be honored to continue my research and further enhance and advance my skills and abilities in this field. It would be also a great asset to continue my work on capacity building, at both national and international level. Sharing my knowledge, methods, tools, and experience with law enforcement practitioners from other countries, and consequently having a close cooperation and connection with them could give us the ability to exchange, compare and analyze experience and practice from different countries, and so to make it more flexible and compatible. I know from my experience how hard it is to solve cybercrime cases without sufficient knowledge. Due to the specific nature of the fields of cybercrime and digital forensics, training is never sufficient and enough. The reason is that as more users operate in cyberspace and new technologies develop, the number of crimes will continue to grow. So, it should be always taken into account that cybercrime is not limited by country borders, and in order to achieve common goals it is necessary to consolidate our efforts, visions, and approaches. We are all together in this fight, so we must support each other and win together.