as the Octopus Cybercrime Community is a panel on global experts in the field of cybercrime I would like to take the chance to ask for your broad range of experiences and opinions in regards to cybercrime education in your countries. To provide some basis for our discussion I will set up a brief introduction about cybercrime education and the observations that I have made. In the end I will raise some questions to start our discussion.
I think we all agree that fighting cybercrime is not just a challenge of our own countries but usually has a transnational character. That is the reason why international treaties like the Council of Europe Cybercrime Convention have be set up and more and more countries seek to harmonise their national legislations in the field of cybercrime. While it can take a long process to change or adjust national laws it can even take longer to implement them in the national jurisdiction as well as the executive authorities.
Especially when it comes to fields like cybercrime and digital forensics the real challenge oftentimes is not just a legislative one but also one of establishing and maintaining technical expertise to keep up with cybercriminals. Even if the necessary laws are in place qualified personnel is needed not only trace but also to convict perpetrators in the cyberspace. Therefore a high degree of specialism is required not only for law enforcement officers but also on the judges and prosecutors side as well as on the governmental side. To establish a satisfactory level of technical expertise different professional training programmes are needed.
I have made the experience that the level of cybercrime and forensic education extremely differs not only from country to country but also from branch to branch. Some countries do not have any cybercrime training programmes at all, some countries send people abroad to visit training courses in other countries, while some countries might have comprehensive practical trainings for law enforcement practicioners but only very little courses for judges and prosecutors. As far as I know only a few countries have set up academic programmes in cybercrime and digital forensics education and even less countries have established research facilities in addition to their trainings. Some organisations like the Council of Europe (CoE), the European Anti-Frau Office (OLAF), the European Commission (EC) and the European Cybercrime Training & Education Group (ECTEG) have spent a lot of efforts to run training projects on a European and international level (e.g. CyberCrime@IPA, CyberCrime@EAP, Hercule, 2CENTRE)
From what I have encountered there are different approaches to cybercrime and digital forensics education:
- Training programmes at academies
Be it on police academies or on judicial academies these training programmes range from just a few courses up to a broad range of modules comparable to university/college degrees. The scope of these courses oftentimes is very much oriented upon the practical needs.
There are some certifications out there, especially in the field of digital forensics. Some of them are the Certified Forensic Computer Examiner (CFCE), the Certified Computer Examiner (CCE), the Certified Ethical Hacker (CEH), the Computer Hacking Forensic Investigator (CHFI), the Certified Information Systems Security Professional (CISSP) and the Global Information Assurance Certifications (GIAC).
- Vendor specific courses
Vendors of forensic tools oftentimes offer courses for their tools. Some of the vendors even offer a certification process to give prove of some tool specific knowledge, like the EnCase Certified Examiner (EnCE) or the Access Data Certified Examiner (ACE).
- Academic degrees
The academic degrees range from Bachelor of Science (BSc) to Master of Science (MSc) and even promotional degrees (PhD). Two example that I know about is the Master of Science in Forensic Computing and Cybercrime Investigation at University College Dublin in Ireland and the Master of Science in Digital Forensics at Univery Albstadt-Sigmaringen in Germany.
Conferences also include educational parts. That is why I included them in this list. I personally know of some conferences like the Digital Forensics Research Conference (DFRWS), the International Conference on IT Security Incident Management & IT Forensics (IMF), the EuroForensics and Octopus Conference or course.
- Research facilities
Do you know of any?
This is where I would really like you to share your experiences with us! Please let us know:
- What is the approach in your country?
- Did you encounter any other approaches?
- Do you know any of the organisations in your country that offer cybercrime and/or forensics trainings?
- Do you know of any standardization of cybercrime education in your country, continent or even global?
Thank you for letting us participate in your experiences!