The 25 skills every cyber crime investigator must have

25 essential skills for a cyber crime investigator

We live in a world where EVERYONE (from Airports, Banks & eCommerce to Tax departments, Telecom giants & Universities) and EVERYTHING (from Airplanes, Apps & ATM machines to Self aiming rifles, Smart-watches & Wifi networks) seems to be getting hacked.

The last few years have seen some of the world's largest institutions fall prey to cyber crime - JP Morgan Chase, Sony, AT&T, eBay, Google, Apple, Dairy Queen International, Domino's Pizza and half of the South Korean population!

The global cost of cyber crime is estimated to be more than $100 billion a year.

This phenomenal increase in cyber crime has led to a massive surge in the demand for cyber crime investigators. The 25 skills every cyber crime investigator must have are:

  1. Basic Web Programming skills.
  2. Working knowledge of Web Technologies.
  3. Strong working knowledge of Web Hacking.
  4. Effective suspect interviewing skills.
  5. Thorough understanding of documentation.
  6. Sound knowledge of the relevant law.
  7. Practical knowledge of phishing tools, techniques and counter-measures.
  8. Strong knowledge of the working of Virtual Payment Systems.
  9. Understanding of financial instruments and concepts.
  10. Basic understanding of forensic accounting.
  11. Practical knowledge of Fraud Investigation.
  12. Practical knowledge of investigating Bitcoin & other crypto-currencies.
  13. Strong understanding of malware incident prevention & incident response
  14. Thorough practical knowledge of the Dark Web.
  15. Strong practical knowledge of email investigation.
  16. Thorough practical knowledge of Server Log analysis.
  17. Strong practical knowledge of browser forensics
  18. Thorough understanding of Social Media Forensics.
  19. Thorough understanding of the Google Ecosystem & its Forensics.
  20. Strong working knowledge of forensic technologies.
  21. Understanding of the ISO/IEC 27037 standard.
  22. Basic working knowledge of cyber security.
  23. Working knowledge Cryptography & Steganography.
  24. Strong practical knowledge of password recovery & forensics.
  25. Updated knowledge of the latest cyber attacks around the world.

Looking to develop these skills?

Check out the ASCL Certified Cyber Crime Investigator program.


Skill 1:
Basic Web Programming skills

From the 1990s upto 2010, a cyber crime investigator’s job revolved heavily around disk and network forensics. The last several years have seen a huge surge in ecommerce and smart phone usage. And where the money goes, crime follows.

The massive increase in web hacking has made it necessary for a cyber crime investigator to understand the basics of web programming – HTML, PHP and MySQL.


Skill 2:
Working knowledge of Web Technologies

Considering the magnitude and impact of web attacks, it is necessary for a cyber crime investigator to understand some of the technologies that run the Internet and the World Wide Web.

This includes practical activities including hosting a domain, creating SFTP users, setting up custom MX records, setting up, configuring & administering private email accounts, MySQL databases and Virtual Private Servers, configuring SSL for secure websites and deploying cloud infrastructure.

The investigator must also understand installing, configuring & deploying content management systems and ecommerce platforms.


Skill 3:
Strong working knowledge of Web Hacking

Since a majority of cyber crime cases involve web-hacking or web-attacks, it is essential for cyber crime investigators to have a strong knowledge of the techniques of web hacking such as Footprinting, Bypassing Authorization Schema, SQL injection, Cross Site Scripting (XSS), Broken Authentication, Session Hijacking, Unvalidated Redirects & Forwards, and Cross Site Request Forgery (CSRF).


Skill 4:
Effective suspect interviewing skills

Effective suspect interviewing is an essential skill for cyber crime investigators. The investigator must understand the difference between an interrogation and an interview and how to prepare for and conduct a suspect interview.

The investigator must be able to detect deception, document an interview and get an admission from a suspect. An investigator must also know how to conduct an inquiry in an organisation.


Skill 5:
Thorough understanding of documentation

Even the best investigation is worthless if it is not supported by accurate and relevant documentation and that's why a thorough understanding of documentation is essential for a cyber crime investigator.


Skill 6:
Sound knowledge of the relevant law

Every step of an investigation must be in compliance with the law and that's why a thorough understanding of the applicable law is essential for a cyber crime investigator.


Skill 7:
Practical knowledge of phishing tools, techniques and counter-measures

Phishing is one of the most popular techniques amongst hackers and financial cyber criminals. This makes it important for a cyber crime investigator to understand phishing tools, techniques and counter-measures.


Skill 8:
Strong knowledge of the working of Virtual Payment Systems

Virtual Payment Systems have taken the global money markets by storm. A cyber crime investigator must have a strong understanding of how these systems work.


Skill 9:
Understanding of financial instruments and concepts

Financial crimes are some of the most interesting cases that cyber crime investigators are called upon to solve. These include including advance-fee scam, bank frauds & carding, charge back fraud, check washing, check fraud, credit card fraud, identity theft, insider trading, insurance fraud, mortgage fraud, ponzi schemes, securities fraud, skimming, wireless identity theft and more.


Skill 10:
Basic understanding of forensic accounting

Forensic Accountants are called upon in cases involving economic damages calculations, bankruptcy, securities fraud, tax fraud, money laundering, business valuation and e-discovery. It is important for a cyber crime investigator to have a basic understanding of forensic accounting.


Skill 11:
Practical knowledge of Fraud Investigation

Many times a cyber crime investigator is called upon to handle fraud investigations. An investigator must understand Fraud (its extent, patterns and causes), Fraud Risk Assessment & Management, Fraud Prevention, Detection & Reporting.


Skill 12:
Practical knowledge of investigating Bitcoin & other crypto-currencies

Bitcoin is, without doubt, the most famous crypto-currency. It gained a lot of notoriety during the crackdown on Silk Road, an underground online market place trading in drugs, stolen financial information, weapons & more.

Considering the use of bitcoin (and other crypto currencies) by criminals, a strong understanding of bitcoin forensics is essential for cyber crime investigators.


Skill 13:
Strong understanding of malware incident prevention & incident response

Considering the impact of malware, it is essential for a cyber crime investigator to have a strong understanding of malware incident prevention and malware incident response.


Skill 14:
Thorough practical knowledge of the Dark Web

The World Wide Web that the vast majority of netizens use is also referred to as the clearnet – since it primarily is unencrypted in nature. Then there is the deepweb – the part of the clearnet, which is not indexed by search engines. Deep web includes data stored in password-protected pages and databases.

The darkweb is a small part of the deepweb. The deepweb consists of darknets including peer-to-peer networks, Freenet, I2P, and Tor. The Tor darkweb is also called onionland, since its top level domain suffix is .onion and it uses the traffic anonymization technique of onion routing.

Considering the popularity of the darkweb amongst the organized criminals groups, a cyber crime investigator must have a thorough working knowledge of the dark web.


Skill 15:
Strong practical knowledge of email investigation

Despite the popularity of instant messengers (such as Whatsapp) and social media, email remains one of the most popular methods of online communication in the world.

This makes it essential for a cyber crime investigator to have a strong knowledge of email tracking & tracing.


Skill 16:
Thorough practical knowledge of Server Log analysis

In a large number of cyber crime cases, the investigation begins with an analysis of server logs. It is essential for a cyber crime investigator to have a sound working knowledge of server log analysis.


Skill 17:
Strong practical knowledge of browser forensics

In many cases of cyber crime, valuable evidence can be obtained from web browsers. This makes it important for a cyber crime investigator to have a strong practical knowledge of browser forensics.

These evidence points include history, bookmarks, credit card information & contact information stored in autofill, saved passwords, files in the download location. Browser forensics also involves analysis of cloud printers and other connected devices, extensions, cookies and site data, location settings and exceptions, media settings (like camera and microphone permissions) & exceptions, unsandboxed plug-in access & exceptions, automatic downloads and exceptions and more.


Skill 18:
Thorough understanding of Social Media Forensics

It’s probably not incorrect to say that almost every Internet user is part of at least one social media platform. This makes social media forensics an essential skill for a cyber crime investigator.


Skill 19:
Thorough understanding of the Google Ecosystem & its Forensics

Google isn’t just a search engine anymore. The Google ecosystem is all around us – Gmail, YouTube, Google groups, Google sites, Google plus, Google keep and so much more.

This makes Google forensics a must have skill for cyber crime investigators.


Skill 20:
Strong working knowledge of forensic technologies

It is essential for a cyber crime investigator to have a strong working knowledge of forensic technologies and cyber forensic concepts.


Skill 21:
Understanding of the ISO/IEC 27037 standard

A cyber crime investigator must have a strong understanding of ISO/IEC 27037 - the most important global standard for identification, collection, acquisition and preservation of potential digital evidence.


Skill 22:
Basic working knowledge of cyber security

A basic working knowledge of cyber security is essential for everyone and more so for cyber crime investigators. Aspects of information security include Application Security, Cloud Computing Security, Computer Security, Cyber Security Standards, Data Security, Database Security, Information Security, Internet Security, Mobile Security, and Network Security.


Skill 23:
Working knowledge Cryptography & Steganography

Many people use cryptography and steganography. And these include criminals and terrorists. Hence a working knowledge of these is useful for cyber crime investigators.


Skill 24:
Strong practical knowledge of password recovery & forensics

In many cases it is found that potential evidence is locked up in password protected files. This makes it essential for cyber crime investigators to have a strong practical knowledge of password recovery & forensics.


Skill 25:
Updated knowledge of the latest cyber attacks around the world

Every major new cyber-attack must be analysed by a cyber crime investigator to understand the evolving tools, techniques and motives of malicious hackers and cyber criminals.


Looking to develop these skills?

Check out the ASCL Certified Cyber Crime Investigator program.

Tagscci