Data LogisticsOptimizing E-crime Investigations Using a Common Data Format
Historically, crime has been a local event; that is, the criminal is in close proximity to the victim. Electronic crime (e-crime) and variants on well-known criminal tactics that have been updated to use the Internet have removed this persistence of locality. The perpetrator of the crime and the victim may be separated by entire countries - or even continents. This adds new challenges for crime investigators as the party performing initial investigation may be quite remote from the actual crime “location” with different parties performing different parts of the investigation. The ability to convey accurate and complete investigative data—in multiple languages and styles—is now paramount to successful management of e-crime events, law enforcement case formation and subsequent prosecution.
To help with this information exchange, the APWG has worked with its partners across its global membership base of some 1800 institutions to develop an XML-based data model for reporting the technical aspects of phishing, fraud, and other electronic crimes to remote parties in a clear, consistent method. The goal of the data model is to allow an investigator to share relevant details of a possible criminal act with others in a data format that requires completeness, like local time-zone, while also providing multi-language support.
Data shared in this format can be further processed quite easily by automation. For example, data about certain crimes can be automatically processed via computer on arrival and redirected to the appropriate investigator in near-real time. Additionally, specific data elements can be controlled or encrypted to comply with evolving data privacy regimes.
These factors make this data model an excellent vehicle to report, share, and interpret electronic crime events. Ultimately, the APWG believes that utilizing a common data format will allow many different useful forms of automated processing of forensic data, giving investigators and e-crime responders the kind of insights they require to transform large repositories of forensic data into actionable narratives that can animate potent e-crime management routines for private industry, as well as to assist in case formation, investigation and prosecution for law enforcement.
The APWG has forged an XML schema purpose-built for reporting electronic crime and exchanging reports in a consistent and standardized manner. Now that the schema has negotiated the last hurdles of the IETF standards committees, the APWG is organizing a table top test program for it. Please join us in this important new program.
Click to Download Program
Click to Download Program
Join the eCrime Reporting Tools Development Community
The APWG has established the e-Crime Reporting and Incident Sharing Project via XML (eCRISP-X) project. The eCRISP-X charter is to develop a repository of conversion tools and utilities to make it easier to convert proprietary data formats to IETF IODEF (RFC 5070) XML reports.The eCRISP-X initiatives are managed at Sourgeforge.net and can be linked to here: http://sourceforge.net/projects/ecrisp-x/
Click to Download eCrime Reporting Tool