The tool called TTPs-based cybercrime investigation framework can help in tracking and classifying cybercrimes, identifying chains of evidence required to solve the case and in mapping evidence onto the framework to convict
A new cybercrime investigation tool has been developed to track cyberattacks targeting individuals, such as insurance fraud and online matrimonial fraud. Known as the Tactics, Techniques, and Procedures (TTPs) -based cybercrime investigation framework, this tool aids in identifying and categorising cybercrimes, establishing the chain of evidence required for case resolution, and aligning evidence with the framework for convicting offenders.
In numerous states, cybercrime incidents result in daily losses amounting to one crore. These crimes predominantly affect women, elderly individuals, and those with limited financial resources, often leading to the depletion of life savings. Surprisingly, the number of cybercrime investigations lags significantly behind the number of reported cybercrimes in India. Investigations heavily rely on the victim’s First Information Report (FIR), which is often provided by individuals with minimal cyber literacy. Consequently, these narratives can mislead or divert investigators, and victims often lose contact after reporting the incident, further complicating crime tracking.
For the success of cybercrime investigations, a comprehensive framework was urgently needed to extract key information from victims’ FIRs, provide investigators with a systematic and exhaustive understanding of the reported cybercrime, recommend investigative steps based on established crime patterns, link evidence to these steps to determine subsequent actions, and ultimately facilitate the conviction of criminals. Until now, no such comprehensive framework existed for cybercrime incident response.
To bridge this gap, the I-hub NTIHAC foundation (c3ihub) at IIT Kanpur, with support from the Department of Science and Technology (DST) under the National Mission on Interdisciplinary Cyber Physical Systems (NM-ICPS), developed a methodology and tool to discern the modus operandi of cybercriminals throughout the execution lifecycle of a crime. This involved extensive literature review, case studies, framework construction, integration of existing crimes into the framework, development of an interactive framework navigator, and mapping real cases onto the framework.
The technology can approximate the path of a crime execution and suggest potential crime paths based on user-provided keywords. Additionally, it can compare the modus operandi used in different crimes, manage user roles, and track activity along crime paths.
The TTPs-based investigation framework proves highly effective by limiting the range of investigative approaches to those based on criminals’ tactics, techniques, and procedures (TTPs). This results in a more precise and expeditious conviction of cybercriminals.
With the readiness of the developed cybercrime investigation framework and tool for deployment in police operations, cybercriminals can be more easily tracked and convicted. This is expected to lead to a reduction in cybercrime activities across the country.
