A new cybercrime investigation tool would soon be able to track cyberattacks targeting humans — like insurance fraud, online matrimonial fraud and so on. The tool called TTPs (tactics, techniques and procedures)-based cybercrime investigation framework can help in tracking and classifying cybercrimes identifying chains of evidence required to solve the case and in mapping evidence onto the framework to convict criminals, says a press release.

Incidents of cybercrime cause a loss of ₹1 crore in a day. Mostly, women, aged and poor people are targeted resulting in loss of entire life savings. The number of cybercrime investigations is significantly lesser than the number of cybercrime reports in India. And, the investigation of such crimes depends on the FIR narratives given by the victims who usually have extremely low cyber-literacy. Hence they are their narratives frequently mislead or distract investigators. Victims frequently do not maintain contact after reporting the incident, which makes tracking the crime even more difficult. 

For the success of cybercrime investigation, a proper framework is required which could extract key points from the victim’s FIR, provide investigators with sufficient information on the reported cybercrime to categorise it systematically and exhaustively, indicate the steps to follow based on pre-existing crime paths, map evidences to the steps taken to decide the following step and finally conclude and convict criminals. No such comprehensive framework existed till now.

To fill this gap, I-hub NTIHAC foundation (c3ihub) at IIT Kanpur, under National Mission on Interdisciplinary Cyber Physical Systems (NM-ICPS), has developed a methodology and tool for apprehending cybercriminals’ modes of operations in a crime execution life cycle.

It was developed with the help of literature study, case studies, framework building, incorporating pre-existing crime in the framework, evolving interactive framework navigator and mapping real cases onto the framework. 

The technology can create an approximate crime execution path and suggest a crime path based on a user derived set of keywords. It can also compare modus operandi used in different crimes and manage user roles and track activity for crime paths.

The TTPs-based investigation framework could be highly effective as it restricts the numbers of forms and methods the investigation can be conducted and primarily rely on criminals’ TTPs. This can lead to precise and rapid conviction of cybercriminals.