Cybercrime Investigation Body Of Knowledge



The Cybercrime Investigation Body Of Knowledge was developed with the support and contributions of 12 experienced legal, judicial, and industry leaders. An additional 14 select reviewer from three countries also provided critical feedback to produce this important Body of Knowledge for the development of a standard for investigating cybercrimes.
The CIBOK (1st edition) made its debut in November 2016 with the approval of the CIBOK Steering Committee and is available in print.
The objective of the CIBOK is to coordinate and demonstrate the knowledge, techniques and attitudes required for cybercrime investigation; including the systematic management of cybercrime investigative resources and staff.

The CIBOK is organized according to the following five objectives:

  1. Popularizing and promoting a global commonsense and consistent approach to cybercrime investigations.
  2. Positioning of systematized practices for defining the scope of cybercrime investigations.
  3. Characterizing through demonstration the content that should be put into practice in cybercrime investigations.
  4. Providing structural guidance for utilizing CIBOK as an investigation asset to plan, conduct, and review cybercrime investigations.
  5. Demonstrating the organizational and individual skills and knowledge development needed for cybercrime investigations.

The CIBOK is intended for these readers:

For investigators and prosecutors in law enforcement

  • Investigators new to cybercrime investigation

  • Those who organize cybercrime investigation department

  • Future senior officers who will lead investigation

  • Human resource development trainers

For IT/Security managers and staff in private organizations

  • Those who are in charge of incident response in SOC, CSIRT, and IT department

  • CIO and CISO who organize incident response system

  • Manager of CSIRT or risk management department

  • IT Security human resource development trainers

CIBOK objectives and application

  • Determine the current capabilities of an organization


    • Objectively evaluate capabilities to requirements
    • Define and optimize information systems in an organization
    • Determine through measurement the maturity of an organization
  • Review department requirements


    • Determine roles, duties, and staff needed
    • Review business process requirements by risk tolerance and impact
    • Develop training and staffing plans
  • Fulfill professional requirements


    • Develop self-awareness of their own role
    • Pursue associated skills development
    • Understand career path

CIBOK Official Training

CIBOK official training provides overview of knowledge, skill and technique for cybercrime investigation such as how to identify, respond, and investigate cybercrimes, which is required by law enforcement and corporate security officers and executives. The training will be delivered through Cybercrime Investigation Knowledge Forum as the official training.

Aside from the official CIBOK training, CIKF is capable to deliver the subject matter expert training fit to your needs for both public sectors and private sectors. For more detail, click here.

Training courses and target audience

Executive Training Course (Half Day)

This course is aimed to executives to know how to understand the risks, how top management should build and operate the organization which investigate cybercrime continually evolving . Through this course, you will learn issues to be addressed and what top management should take care of first.

【Who should take this course】
  • Top management at law enforcement
  • Executive Managers such as CxO, CISO or Head of Risk Management Team of private enterprise
Managers Training Course (1 Day)

Based on the common and widely adopted framework, this course is aimed to enable managers to understand the skill and knowledge necessary to build and manage organization which deals with cybercrime investigations. Through this course, you will learn what you need to do in order to build and operate a cybercrime investigations organization.

【Who should take this course】
  • Managers in law enforcement agencies
  • Supervisor in law enforcement agencies
  • Director, Supervisors for Cyber Security Team, CISO, Head of Risk Management Team of CSIRT of private enterprise
Fundamental Training Course (2 Days)

Upon conducting an investigation of cybercrime which is continuously evolving , this course is aimed to enable law enforcement agency or cybercrime investigations team to deal with incidents correctly and systematically in their respective positions. By using  common framework you can understand knowledge and its essence needed for that and through this training, you will learn the outline of various areas related to Cybercrime effectively.

【Who should take this course】
  • Investigators in departments related to cyber security
  • Investigators in law enforcement agencies
  • Team Member of CSIRT of private enterprise, SOC engineer, Engineer at security vendors
Professional Training Course (5 Days)

In addition to the 2 days fundamental course, 3 days hands-on training for the practical and technical area (such as OSINT and Darkweb research, Malware Analysis or Digital Forensics)

【Who should take this course】
  • Investigators in departments related to cyber security
  • Investigators in law enforcement agencies
  • Team Member of CSIRT of private enterprise, SOC engineer, Engineer at security vendors

For more details, please contact CIBOK secretariat from [Inquiry] form.

About CIBOK Editorial Committee

A steering committee of industry and legal professionals formed in 2016 with the goal of helping to protect ICT (Information and Communication Technology) assets and operations of society from cybercrime. To achieve that goal, the CIBOK 1st Edition was produced with the support of Dr. Shane Shook as executive editor. Dr. Shook coordinated the definition of the CIBOK structure and content with thought leaders and experienced practitioners from around the world. Their individual and collective experiences included traditional criminal investigations, litigation, and prosecution – as well as public and private sector cyber security breach investigations and response.
The guiding principle throughout the development of the CIBOK was to produce a useful “body of knowledge” from contributors’ experience so that professionals in the field - including law enforcement officers, judiciary, and corporate risk management staff – could have a definitive reference for conducting efficient and actionable investigations of cybercrimes. To support this principle, specific examples of knowledge, skills, techniques, and human resources requirements were expanded upon with examples to provide a method of knowledge transfer for organizational training.
The CIBOK Steering Committee will evolve to adapt to global requirements with the participation of industry and law enforcement professionals. Contributions, and participation, are welcomed.

Executive Editor

  • Shane Shook
    Shane Shook Well-known veteran of information security with nearly 30 years of experience in government and industry Information risk management issues.


  • Judith H. Germano
    Judith H. Germano The founding member of Germano Law LLC, a law firm specializing in cybersecurity governance and data privacy issues.
  • Craig W. Sorum
    Craig W. Sorum A 25-year veteran of the FBI who conducted and supervised hundreds of domestic and international cybercrime investigations.
  • David Cowen
    David Cowen A Certified SANS Instructor, CISSP, and GIAC Certified Forensic Examiner working in digital forensics and incident response.
  • Patrick A. Westerhaus
    Patrick A. Westerhaus A veteran FBI investigator and former Big4 Auditor, now at Wells Fargo, developing an enterprise program to reduce cyber, fraud, and money laundering risk for the institution.
  • Chris Coulter
    Chris Coulter A forensic examiner and incident responder of computer crimes investigations. A patent holder in methods of evidence acquisition.
  • Eric Zimmerman
    Eric Zimmerman A senior director in Kroll’s Cyber Security and Investigations practice and former FBI Special Agent with a tremendous depth and expertise in cyber investigations.
  • Noriaki Hayashi
    Noriaki Hayashi A Senior Researcher of Trend Micro Incorporated in Japan with more than 17 years of systems management and security experience.
  • Luke Dembosky
    Luke Dembosky A partner in Debevoise & Plimpton’s Cybersecurity & Data Privacy group who has been a regular advisor to the leadership of the DOJ and theFBI.
  • John Jolly
    John Jolly President of Syncurity and the former Vice President of the Cyber Security Division at General Dynamics.
  • Philip Fodchuk
    Philip Fodchuk Formerly of the Canadian RCMP and Big4 Audit firms, now at Suncor, maturing and enhancing the information security and cyber investigations capabilities of the organization.
  • Ian (Iftach) Amit
    Ian (Iftach) Amit An Expert with vast experience in information security- from enterprise security to end user software and large back-end systems.


Download CIBOK sample and related brochures.

CIBOK pricelist

Product Name Price【Sale】
Cybercrime Investigation Body of Knowledge Japanese 1st edition (color) JPY 50,000 → JPY 21,000
Cybercrime Investigation Body of Knowledge Japanese 1st edition (black/white) JPY 25,000 → JPY 10,000
Cybercrime Investigation Body of Knowledge English 1st edition (color) JPY 55,000 → JPY 22,500
Cybercrime Investigation Body of Knowledge English 1st edition (black/white) JPY 27,500 → JPY 11,500
  • * Prices above are as of September, 2021
  • * The amount of money fluctuates depending on the status of the exchange rate.


Please submit your inquiries concerning CIBOK and training with the form below.
Please allow us three business days to respond to your provided email address.