International cybercrime-fighting project launches guide

When someone commits an electronic crime, how do you collect evidence - and more importantly, evidence that will stand up in court? In order to give the police a helping hand in such matters, the European Commission has set up the CTSOE (Cyber Tools On-Line Search for Evidence) project.

The project features specialists from three research institutes: the IT and rights research centre in Namur, France; St Andrews university and the Fraunhofer Institute from Stuttgart university. Engineers from French equipment manufacturer Alcatel and UK security firm Qinetiq were also involved in the project, as well as staff from the EC's research centre.

The experts have unveiled a methodology and new standardised procedures to "identify, safeguard, integrate and present electronic evidence concerning cybercrime", said the Commission in a statement.

"Using a computer isn't just a means of committing crime – it can also be a way of gathering elements of essential evidence", it said, adding that electronic material such as network information, email, word processing documents and graphic files were increasingly becoming important evidence in criminal proceedings.

In the case of an electronic incident, the methodology outlined by the CTOSE project sets out steps to follow for those involved, as well as systems administrators, staff in charge of IT security, those who look into such incidents and the police. The procedures cover all sorts of incidents, from a commercial dispute to an online purchase, or more serious crimes, such as fraud or a hack.

The CTOSE project's recommendations are designed to put more crime fighting tools into the hands of those who need them, including a tool called C*CAT, designed to advise those working on cybercrime at every stage of the search for evidence, including which procedures to follow and decisions to take. It is accompanied by a "legal advisor" – a database that holds all the legal conditions that have to be met in order to end up with evidence that is both convincing and acceptable in court.

The CTOSE experts have also outlined the XML specifications necessary for one person to be able to transmit pertinent date to another without risking the evidence becoming corrupted. Finally, demo software is available that shows 'realistic' enquiries resulting from simulated attacks in a commercial environment.

Estelle Dumout writes for ZDNet France