A Prototype for Support of Computer Forensic Analysis Combined with the Expected Knowledge Level of an Attacker to More Efficiently Achieve Investigation Results

This paper describes a novel approach to combine the strengths of an automated presentation and argumentation support system with a classification of cybercriminals similar to the ones used in law enforcement work. The discussed concept is still in an early stage of development with no substantiated scientific results. The beginning of the paper is dedicated to the description of a prototype based on an automated forensic support system called ¿CFAA¿ (¿Computer Forensic Analyzer and Advisor¿). This description is followed by a short classification of current cybercriminals and their knowledge levels. This classification is a slight modification of the one described in "Scene of the Cybercrime" by Debra Littlejohn Shinder. The paper then continues with the presentation of an envisaged approach towards combining the software tool with the determined classification to increase the efficiency of the forensic analysis. The core aim of this paper is to demonstrate the possible increase of efficiency with adjusting the appropriate cybercriminal levels according to the forensic investigation.