are inherent to the human being. Risk appetite, attack inhibitors? They are too. Since technology is therefore just a means to commit a crime, we should revisit some useful approaches to dealing with traditional crimes and analyse whether they could be of help while dealing with cybercrimes as well. When all types of crimes or offensives share some features like human motivations, human traits expressed through behaviour evidence in a crime scene, signature aspects (just to name a few) we should mention for sure the scientific discipline of Criminal Profiling. The study of the criminal behaviour and its manifestation in a crime scene has been explored for more than a century by the discipline, which infers a set of traits of the perpetrator or group of perpetrators of a crime by the examination of the criminal evidence available. resources available, knowledge, motivations, whereabouts and so on, depending on the evidence available and depending on which conclusions we could reach about them. Then, this profile becomes a valuable additional tool to assist investigations with at least a 77% rate of success according to a research done in the 90's (Theodore H. Blau). With these encouraging numbers, and knowing that cybercrimes share some roots with traditional crimes, the idea is to apply the same concepts to digital investigations. According to the literature, the main objectives that can be achieved by applying profiling on investigations are: · Linking cases that seem to be distinct. · Helping define strategies of interrogation. · Optimising investigative resources (e.g., "let's focus on where we have have a profile of a cyber offender in hand, we are able to develop better countermeasures against their attacks. This is especially important when we are dealing with advanced offenders, like APT. offenders to hide themselves behind computer attacks, is that profiling can be a broad tool as well. Recalling the Locard Exchange Principle, the offender always leaves traces in the crime scene. And some of them can be of behavioural nature. Depending on the level of interaction an attacker has in a digital offence (e.g. a manual attack vs. an automated attack or a single web defacement VS an attack that involves a huge team of skilled offenders and many interactions network traffic, social networks, chat networks, file systems of compromised machines, e-mail messages, defaced websites, instant messaging. that we can explore and work on. for during the investigation to help populate our mindmap: · Identifying motivation [revenge, curiosity, challenge, profit, to be part of dispute between individuals or hacking groups, profit, cyber terror, hacktivism, cyber warfare, etc.] · Performing authorship analysis on spear phishing e-mail content, social errors, preferred programming functions, sophistication, etc.) (Tom Parker has conducted very good research on this topic.) in which activities are more intense, evidence of planning actions, etc. message here is: we know that there are a multitude of means and technologies that are being (and will be) used by offenders on the perpetuation of their actions. But we need to know that there is a multitude of means to catch them as well. currently works at a Brazilian bank. In the last ten years he has been involved with penetration testing, vulnerability assessments, incident response and digital investigations for some of the biggest Brazilian companies. Nowadays, he is pursuing his PhD degree at the Cyber Security Centre of De Montfort University, exploring the ins and outs of criminal profiling applied to digital investigations. |