Forwarded from: Simon Taplin 

http://blogs.techrepublic.com.com/security/?p=4069 

By Deb Shinder 
IT Security
July 19th, 2010

INTRO: This is the first of what I hope will be many monthly columns on 
the subject of cybercrime. As a former police officer and criminal 
justice instructor and a current IT professional, I love writing about 
this subject because it allows me to combine the knowledge from both 
fields and attempt to help law enforcement officers and IT pros work 
together to curb this growing problem. This column is aimed primarily at 
the IT side, and so I'll be focusing less on technical issues that you 
already know about and more on law enforcement procedures and how the 
justice system works (and sometimes doesn't) when it comes to this 
particular type of crime, as well as what you can do to help.

Those "in the know" in law enforcement will tell you that criminal 
profiling is both an art and a science. It's all about generalizations, 
but knowing what types of people generally commit specific types of 
criminal offenses can be very helpful in catching and prosecuting the 
perpetrator of a specific crime. That information can also be useful in 
protecting your digital assets from cybercriminals.

As I noted in my book, Scene of the Cybercrime [1], a criminal profile 
is a psychological assessment made without knowing the identity of the 
criminal. It includes personality characteristics and can even include 
physical characteristics. "Fitting the profile" doesn't mean a person 
committed the crime, but profiling helps narrow the field of suspects 
and may help exclude some persons from suspicion. Profilers use both 
statistical data (inductive profiling) and "common sense" testing of 
hypotheses (deductive profiling) to formulate profiles. Profiling is 
only one of many tools that can be used in an investigation.

[1] http://astore.amazon.com/infosecnews-20/detail/1597492760 

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com