European Union (EU) funding has financed establishment of a national Cybercrime Centre of Excellence for Training, Research and Education (L3CE).
Upon its establishment in 2013, it joins international network of Centres of Excellence for Cybercrime and Cybersecurity (2Centre) helping to fight crime.
Academia and business resources were consolidated to form the L3CE, which then joined the international network of the Centres of Excellence for Cybercrime and Cybersecurity (2Centre).
The Network brings together national Cybercrime Centres of Excellence in many European Union (EU) countries. It provides access to these countries' Law Enforcement Agencies (LEA) to Network resources from officers’ training and certification programmes, to forensics tools, developed by researchers and scientists, to innovation and R&D results for cybercrime forensics.
The network is coordinated and development of R&D is supported by EU institutions such as EUROPOL, the Joint Research Centre of the Commission, the European Cybercrime Training and Education Group (ECTEG) and others.
The L3CE development was supported by the European Commission via funding the L3CE project under Prevention of and Fighting against Crime Programme for 2007-2013 (ISEC). It was expected that the centre will become a gateway in fighting against cybercrime in Lithuania and the Baltic region.
Lithuanian and foreign LEA could use the information, methodologies, tools, programmes that will be available at the Centre.
The L3CE project continues the 2Center network project idea to establish sustainable network of Cybercrime Centres of Excellence across EU that will act as a global collaborative platform. In the fight against cybercrime, cooperation among the EU and Lithuanian LEA and other relevant authorities is very important.
The emergence of such a centre is a timely and right step toward closer collaboration among in Lithuanian LEA and academia.
In cooperation with Lithuanian LEA – the Vilnius County Police Headquarters (VCP) – 2 new curricula for Lithuanian LEA were developed during the project.
The first programme, “Identity Theft in Cyberspace: Legal aspects” was developed mainly by Mykolas Romeris University. The second programme, “Forensics Investigation in a Virtual Environment and Hidden Crime Information Detection” was developed mainly by – the Kaunas University of Technology.
Under each programme, 10 trainers were trained, who will be able to continue to train officers in the workplace, or later – through training courses.
Such LEA and academia joint activity enables not only better understanding of end-users needs, but also offers more tailored and relevant products.
The first programme, devoted to LEA officials and providing knowledge about the identity and personal identification in the physical and cyber space, enables to perceive the potential use of personal identity in cyberspace, including the illegal use of another person's identity in cyberspace.
The second programme is designed for LEA agents who are carrying out criminal investigations and forensics of offences in virtual and cloud computing environments.
Another two training programmes were taken over from a foreign partner – Dublin College University Centre for Cyber Security and Cybercrime Investigation (UCD), and then adapted and localised in Lithuania.
Such adaptation of other EU countries' developed curricula enabled to save time and resources without development of analogic programmes.
The first adapted programme, “First responders,” is designed for LEA officials investigating IT use in committing the offense, but who are non-IT professionals. The programme aims to introduce training participants to the potential abuse of technology and to provide instructions on how to effectively respond to cybercrime and to offer methods for proper investigation of these crimes.
The second adapted programme, "Deepthought,” is a training forensics tool. Deepthought is for LEA officers who work at crime scenes or search such scenes, seeking to collect data that has the potential to become evidence for cybercrime forensics laboratories where very large-scale forensics are carried out.
The Deepthought tool reduces a number of the manual files reviews thus increasing efficiency of exploitation and of limited resources at the disposal by LEA in many countries.
The latter programme became an integral part of a broader training programme, “External Storage Investigation”, that has been designed and tailored for LEA officers who carry out investigation of external storages, possibly used for illegal use of IT to commit crime.
This broader programme was developed by VCP and the Company, "Ekonominės konsultacijos ir tyrimai."
The “External Storage Investigation” programme aims to provide training for participants with the knowledge and understanding of the methods and tools for digital traces collection, and to provide with information about successive stages and actions in each stage, and how to prepare for and carry out digital traces collection, how to record collected evidence in order that it can be recognised in the courts.
There were 10 trainers educated, under each adapted programme, and Deepthought training was emphasized as a practice by way of the demonstration method or so-called hands on training.
The project provided a great opportunity for Lithuanian LEA to learn from the experiences of Irish colleagues during Lithuanian LEA visit to UCD (Ireland): relevant activities in the various Irish Police units were introduced and observed – in units on criminal investigations, forensics of mobile phone and video recording devices, internal surveillance systems, computer forensics, and in mobile phone forensics laboratory.
UCD also introduced Master's Degree programmes available to police investigators and demonstrated the developed software tools for cybercrime forensics.
In showcasing the tools, 3 forensic tools were selected for further adaptation and localisation in Lithuania.
The first tool, FiRST, was designed for pre-trial investigators going to a crime scene and carrying out analysis of live systems, especially if it is suspected that the system may contain encryption and disk erasing software or there were some connections to cloud computing services networks.
The second tool, Mighty Artefact Analyser (MAA), is the inter-platform graphical interface-based tool for verification of the various artefacts, found in the suspect devices. It is able to quickly and accurately perform various user artefact analysis and present the results in a user-friendly form.
MAA is easy to use for anyone, regardless of their expertise. The unique feature of MAA is that advanced users can create new - tailored to their needs shaped plug-ins.
The third tool, Deepthought, quickly detects graphic files, images, photos, movies, video, internet chats, e-mails, websites visited or searched, encrypted files, virtual machines according to created keyword lists. It generates a search results report into separate evidence drives without leaving any trace on the suspect device.
Although transfer of forensic tools is the fastest way to provide with the most advanced forensic investigation tools, there is an expectation that, in the future, forensics tools in Lithuania will be developed too.
Kaunas University of Technologies has developed an R&D results based forensics method and prototype for investigation of cybercrime in Internet of Things. Based on this method a prototype and a new forensics tool may be developed later.
Experience of foreign partners was helpful in another area too. The Spanish S21SEC Institute, that is acting in cybercrime and cybersecurity, transferred two certification programmes that were later adapted and localised in Lithuania – "Electronic Objects Collection“ and „Windows Artefacts“.
The first certification programme aims to investigate officers, who work with electronic items collection on site. Officials involved in the examination of the crime scene, search, seizure and operational group of officers.
The second certification programme is designed for artefact analysis of the most common operational systems, Windows, performed in forensic laboratories or police stations.
Lithuanian LEA officers and specialists were trained under the first certification programme and examined.
The pilot training programme, “External Storage Investigation,” was carried out using reality simulation methods that allow not only to consolidate the knowledge gained, but also to gain practical skills and avoid mistakes.
The certificates issued to trainees, who passed an exam, are attesting that officials and experts are certified. Therefore digital evidence, collected by such officers, will be more difficult to dispute in court.
This has been one of the gaps, why cyber offenders sometimes eluded punishment.
In addition, more trained LEA officers and specialists will enable much faster cybercrime forensic investigation.
The developed training and certification programmes should become an integral part of national LEA competence improvement framework.
It is expected that over 2,000 officials and professionals could be trained under these programme across Lithuania.
Together with suggestions on how to improve EU and EU Member States competence framework for LEA, this best practice was presented in the Europol ECTEG Annual Meeting and in a round-table discussion at Germany's Cybercrime Centre of Excellence. It is actively participating in development of national competence framework and contributes to elaboration of competence standards at the EU level.
The products developed during the project are available for LEA online through the L3CE web portal: information on training and certification programmes, the latest tools for cybercrime forensics, to get the R&D results and agendas of international events related to cybercrime and cybersecurity topics.
In a one-year period, the operating web portal www.l3ce.eu gradually becomes not only a competence gateway for Lithuanian LEA, but also serves as an international collaboration platform for LEA in EU, and other countries.
Developed programmes and tools will be improved further and will be shared with other Cybercrime Centres of Excellence and LEA across EU. Therefore, a supply of means for cybercrime forensics should grow. This activity will be performed by L3CE.
The L3CE project and activity of the Centre has received recognition of the Commission in a short-time: multiplication across EU and extension of this project was funded in 2015.
It is expected that collaboration will be strengthened among analogic EU national Cybercrime Centres of Excellence by uniting them into a common network. Then various developed training, certification programmes, tools, R&D results and best practices would be shared.
The common standards and models will be elaborated at the EU level. The joint actions will be carried out, discussions arranged and solutions how to handle the new threats and problems will be offered.