Cybercrime Technical Evidence Package

Detects cybercrime investigation technical evidence including digital forensics, malware analysis, cryptocurrency tracing, dark web investigations, and covert online personas. Disclosure enables cybercriminals to develop countermeasures.

Type

keyword_proximity

Engine

universal

Confidence

high

Confidence justification

High confidence: requires co-occurrence of cybercrime investigation terminology with technical forensic indicators and classification markers unique to genuine investigation reports.

Jurisdictions

global

Regulations

Criminal Code 1899 (Qld)

Frameworks

QGISCF

Data categories

law-enforcement

Scope

wide

Risk rating

8

Pattern

(?i)\b(cybercrime\s+investigation\s+(?:report|evidence|file)|digital\s+forensic\s+(?:analysis|examination|report)|network\s+intrusion\s+investigation|malware\s+(?:reverse\s+engineering|analysis\s+report)|cryptocurrency\s+(?:tracing|investigation)|dark\s+web\s+investigation|IP\s+attribution\s+(?:report|analysis)|covert\s+online\s+persona)\b

Corroborative evidence keywords

PROTECTED, Law-Enforcement, QPS Cybercrime Squad, ACSC, Australian Cyber Security Centre, digital forensic, malware sample, SHA-256, MD5 hash, IP address, cryptocurrency wallet, Bitcoin address, Tor hidden service, command and control, C2 server, investigation, enforcement, prosecution, arrest, evidence (+37 more)

Proximity: 300 characters

Should match

• PROTECTED Law-Enforcement. QPS Cybercrime Squad — Digital Forensic Analysis Report. Case: CYBER-2025-0234. Network intrusion investigation. Malware reverse engineering: custom Cobalt Strike variant. IP attribution traced C2 server to Eastern Europe. SHA-256: a3f2b8c9d1e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0. — QPS cybercrime forensic analysis with malware and IP attribution
• RESTRICTED. Dark web investigation — Operation SHADOWNET. Covert online persona on dark web marketplace. Cryptocurrency tracing: Bitcoin through three mixing services. ACSC coordination for takedown. — Dark web investigation with cryptocurrency tracing
• Cybercrime technical evidence package. Digital forensic examination of 6 seized devices. Malware analysis: custom ransomware. Cryptocurrency investigation: 47 BTC traced. Dark web investigation confirms subject on two forums. — Multi-device forensic with ransomware and crypto evidence

Should not match

• The ACSC published its annual threat report noting a 23% increase in ransomware. The report recommended multi-factor authentication. — Published ACSC annual threat report
• A cybersecurity conference discussed digital forensic techniques using anonymised case studies from published proceedings. — Conference presentation on cybercrime techniques
• A university thesis examined malware reverse engineering using publicly available samples from VirusTotal. — Academic thesis on malware analysis

Known false positives

• Published cybersecurity threat reports Mitigation: Negative keyword exclusion: 'annual threat report', 'published', 'advisory'. Require case identifiers.
• Conference presentations and training Mitigation: Negative keyword exclusion: 'conference', 'presentation', 'training', 'anonymised'
• Academic research on cybercrime Mitigation: Negative keyword exclusion: 'academic', 'university', 'thesis', 'VirusTotal', 'publicly available'
• Non-law-enforcement IT security incidents Mitigation: Require law enforcement classification markers or agency references