Welcome to The Cyber Crime Research Lab

About The Lab

The Cyber Crime Research Lab is engaged in cutting edge research related to cyber crime technology, cyber threat intelligence, cyber law and jurisprudence, cyber criminology, and cyber threat hunting.  We are the home of Forensic Threat Hunting™. It is the personal research home of Peter Stephenson, PhD, CISSP (Ret), VSM, LPI (Michigan).

To subscribe to the Forensic Threat Hunter blog, see the RSS Feed button at the bottom of the page.

About Our Tool Kit


The Cyber Crime Research Lab uses next generation analytical tools from the following commercial vendors among others, plus open source and freeware tools:

Lab News

  • 16 July 2018 - New peer-reviewed paper published: "Digital Forensic Science: An Oxymoron?" - Stephenson in "Legal Issues Journal"
  • 8 June 2018 - Look for on-line training courses coming in the near future. More details as they develop.
  • 23 May 2018 - We will be at the enfuse conference at Caesar's Palace in Las Vegas.  Our two session topic is "Jurisdiction in Cyberspace - A Question of Conflict of Laws?" This is a presentation based upon a peer-reviewed paper submitted for publication in a noted law journal. Both sessions are in the afternoon and the pdf of the slides is in the "Papers" section of this site for your download.
  • 6 May 2018 - We will be at the ISACA Western New York Conference on 8 May in Rochester, NY.
  • 9 February 2018 - We have made several changes that I think you'll like.  First, we have changed the Intel & IoC page to a blog-style.  This lets you comment within the posting if you wish, just as you can in the Blog page. Second, we have added new RSS feeds for Intelligence and Indicators of Compromise.  The RSS feed buttons are at the bottom of the Intelligence and IoC sections of the page.  The RSS feeds now work correctly. Finally, we have repaired the intelligence alert email request, but a word of caution: when you sign up, please check your spam folder for the email confirmation request.  Then make sure that you've white-listed us so that our intel alerts don't end up in your spam folder.
  • 18 January 2018 - NEW! Network Views using our monitoring tools.  Check out our new page, Network for views of the attacks against our network, sinkholed IPs and a dashboard of general activity.  We will add new views as we add new tools and we will update these views weekly.  We are working with our vendor partners to offer live feeds so stay tuned. Meanwhile, this will give you an idea of the malicious activity that we are monitoring and researching.
  • 18 January 2018 - Watch for our new WEEKLY INTELLIGENCE REPORT - Subscribe on the IoCs & Intel page at the bottom ("Subscribe to email alerts"). We will send out the Intelligence Reports approximately weekly and alerts as needed to highlight important events in the cyber underground. Alerts will be marked RED (Urgent), AMBER (Routine) or GREEN (Info Only). Remember, you can stay current at the IoCs & Intel page and, for additional IoCs, subscribe to the AlienVault OTX.
  • 11 January 2018 - New blog posting :  Now You See It, Now You Don't (or do you?) - A Threat Hunt Without an Obvious Threat - part 1  - Highlighted tools: Sqrrl, Cisco Investigate, Attivo BOTSink, Maltego
  • 2 January 2018 - Happy New Year! There is a new paper in Papers that analyzes the recently-announced Microsoft software privacy suit against the unknown users of an IP address. I conclude that there are several roadblocks to success. Also, please note that I have added an RSS feed subscription button at the bottom if you'd like to add my blog to your feeds. As well, at the bottom of the IoCs & Intel page there is an opportunity to sign up for email alerts as we add new information to the IoCs & Intel, and Dump Shops pages.
  • 2 January 2018 - See the latest news about a 10 million card breach that appears to cover two individual breaches - 3 million high-end clothing store cards and 7 million luxury restaurant chain cards. Visit Dump Shops and IoCs & Intel tabs.
  • 2 January 2018 - Our new forensic threat hunting blog series went live today with a list of some of our upcoming posting topics. The Lab operates with the help of our improved test environment. We are in the process of configuring an Attivo BOTSink deception network instrumented by Sqrrl, McAfee ESM, Packetsled, Cylance, AlienVault and Niksun NetDetector Live. We will be developing and sharing forensic threat hunting trees using SecurITree. Finally, we will publish - and share with AlienVault OTX - our findings of potential C&C servers and domains/IPs that fall into our sink hole. All of that coming around the first of the year.
  • 14 December 2018 - Underground payment card dump shops beware... we will be highlighting your activities here.
  • 10 November 2017 -- Take a look at our new page, IoCs & Intel.

Bio of Dr. Peter Stephenson, CISSP (Ret), VSM, LPI (Michigan)

  Dr. Peter Stephenson has retired from active consulting and teaching after a career spanning over 50 years and now spends his time in writing and research. His research is in cyber criminology, cyber jurisprudence and cyber threat/intelligence analysis on large-scale computer networks such as the Internet. From time-to-time he provides pro bono cyber threat and intelligence analysis for law enforcement. He is enabled in his research by an extensive personal research laboratory supported by some of the top security intelligence and analytics tools in the industry.

He has lectured extensively on digital investigation and security, and has written, edited or contributed to over 20 books as well as several hundred articles and peer-reviewed papers in major national and international trade, technical and scientific publications.  He retired from 25 years with "SC Magazine", more than ten of which were as technology editor.   

Dr. Stephenson obtained his PhD at Oxford Brookes University, Oxford, England where his research was in the structured investigation of digital incidents in complex computing environments. He holds a Master of Arts degree in diplomacy with a concentration in terrorism from Norwich University in Vermont. He currently is pursuing a second PhD by research in law focusing on cyber jurisprudence at University of Leicester, School of Law, Leicester, England.

Dr. Stephenson is a full member, ex officio board member and CISO of the Vidocq Society. He is a member of the Albany, NY chapter of InfraGard and serves as a volunteer member of the technology committee of Leader Dogs for the Blind in Rochester, Michigan. He has held – but retired from - the Certified Cyber Forensics Professional, Certified Information Security Manager, and Fellow of the American Academy of Forensic Sciences designations. He is a licensed professional investigator (Michigan) as well as holding the CISSP (ret) lifetime designation.  

Dr. Stephenson's Full CV

CV Of Peter Stephenson - 18 Feb 2017 (pdf)


Contact Me

Questions or Comments?

Subscribe to My Blog RSS Feed