TTPs-Based Cybercrime Investigation Framework:
IIT Kanpur recently developed a TTPs-based cybercrime investigation framework.
- TTPs stands for Tactics, Techniques, and Procedures.
- It is the term used by cybersecurity professionals to describe the behaviours, processes, actions, and strategies used by a threat actor to develop threats and engage in cyberattacks.
TTPs-based Cybercrime Investigation Framework:
- It is a tool for apprehending cybercriminals’ modes of operations in a crime execution lifecycle.
- It was developed by the I-hub NTIHAC foundation (c3ihub) at IIT Kanpur with support from the Department of Science and Technology (DST) under the National Mission on Interdisciplinary Cyber-Physical Systems (NM-ICPS).
- The framework can help in tracking and classifying cybercrimes, identifying the chain of evidence required to solve the case and mapping evidence onto the framework to convict criminals.
- The technology can create an approximate crime execution path and suggest a crime path based on user-derived set of keywords.
- It can also compare modus operandi (Mode of Operation) used in different crimes, and manage user roles and track activity for crime paths.
- It could be highly effective as it restricts the number of forms and methods the investigation can be conducted and primarily relies on criminals’ TTPs. This leads to precise and rapid conviction of cybercriminals.