A lot of people think e-crime is just cybercrime and computer hacking, but
it’s not. The majority of e-crimes involve all sorts of crime where
computers or electronic devices are being used as:
• a tool in the commission of an offence;
• a storage device in the commission of an offence;
• the target of an offence.
What does the Electronic Crime Lab do?
The ECL exists to recover electronic evidence. As you know, society’s
changing. We’re storing our information differently, we’re communicating
differently and, as a result, during investigations we’re coming across not
just physical evidence but electronic evidence, as well – hard drives,
computers, laptops, personal organisers, cellphones, digital cameras, you
name it – and it needs a forensic expert to bring the evidence out.
Not just that, it needs to be in a form investigators can understand and that a jury
can understand when it goes to court.
We also provide forensic assistance with the investigation, sometimes even
sitting in on interviews and asking questions.
We have three divisions within the ECL:
• Signal processing: this is how it all started in the 1980s. It’s basically
recovering audio and video evidence;
• Data processing: this is now the biggest part of our operation.
Everything that contains data needing to be recovered is analysed by
the team; and
• Research and development: this develops tools and technology that we
use in our investigations.
Any crime can have an electronic component – drugs, homicides, national
security, sexual, burglary, fraud, anything – and e-crime can relate to any
offence. Often it’s traditional crimes coming out in different forms, but
containing electronic evidence that needs to be recovered.
Exponential increase In 2004, the Lab’s 11 analysts handled 1,150 cases, involving16,300
exhibits.
A quarter of the crimes were drug-related, 20 per cent were
sexual offences, followed by fraud (18 per cent), burglary and theft (13 per
cent) and homicide (eight per cent).
We’ve seen an exponential increase in the number of cases submitted to
the police over the years (below) – if you put the uptake of the Internet
alongside, it’s almost the same curve.
Recovering electronic evidence
Policing challenges
There are a range of challenges we face with e-crime, including:
• anonymity, global reach, and speed;
• multiple victims;
• volatility of evidence;
• widespread availability of encryption;
• capability gap among generalist staff;
• legislative framework largely based on physical world.
There’s understandably a capability gap among generalist staff. We get
100s of calls from people around the country asking for help. It’s unrealistic
– and expensive – to train everyone to have a level of understanding that
can actually deal with these sorts of investigations, so the lab serves as a
point for these complaints, or at least works as an interface.
Electronic evidence has been around since 1984 – but advancing technologies and a
proliferation of illegal activities are providing ever changing challenges for the New Zealand
Police’s Electronic Crime Laboratory (ECL), according to Maarten Kleintjes.
PLENARY DAY 2
20000
18000
16000
14000
12000
10000
8000
6000
4000
2000
0
90 91 92 93 94 95 96 97 98 99 00 01 02 03 04
3173 Netsafe Symposium 6.0 38
3173 Netsafe Symposium 6.0 38
7/26/06 2:17:34 PM
7/26/06 2:17:34 PM
Page 2
39
Legislative framework
The law is lagging behind when it comes the electronic age. I’ve been
working for years to revise:
• the searching of intangible spaces;
• remote searching;
• the existing search warrant regime;
• misconceptions and the Privacy Act (people seem obsessed about not
releasing information to the police!)
We want to be able to execute a search warrant in Cyberspace.
There are offenders who don’t have computers but store data somewhere in
Cyberspace.
If they can access it in New Zealand we should be able to
search for it legally.
Our search warrants are also for a particular address. If we go to a
defendant’s house and there’s no data there (it’s all stored somewhere
else), we have to go and get another search warrant. But by the time we
do, the person will have taken steps to erase the information.
Managing demand for services
We’re currently developing “zero skill” tools that will allow any
investigator, who can point and click a mouse and knows what they’re
“We’re currently developing “zero skill” tools that will allow any
investigator, who can point and click a mouse and knows what they’re looking for, to search a computer in a forensically sound way.”
looking for, to search a computer in a forensically sound way. This will let
investigators do the investigation and give the work to those who should
be doing it in the first place.
Reporting e-offending
I believe that large proportions of e-crimes, in terms of cybercrimes, are
not actually being reported to the police because people don’t know
where to go. We need a single point for reporting e-crime, developing e-
crime intelligence, co-ordinating transnational crime, and managing
internal and external relationships.
A couple of weeks ago we had three incidents occur in different parts of
the country that were reported to us. We had an overview and could see
what was happening – it came down to one ISP.
The next step is a hi-tech crime centre.
This would be a virtual operation bringing together people working from their own premises. I’d like to see this happening and I think we’re going to get there.
omaarten kleintjes is national manager of the new zealand police’s electronic
crime laboratory (ecl). he presented the plenary e-crime and law enforcement.
Spot the ATM difference? Can you tell which is the real ATM and which one’s been compromised?
And this is how it’s done:
Genuine ATM
Fit camera
Fit skimmer
Compromised ATM
Harvest data
A
B
C
D
(Real = A and C; compromised = B and D.)
3173 Netsafe Symposium 6.0 39
3173 Netsafe Symposium 6.0 39
7/26/06 2:17:35 PM
7/26/06 2:17:35 PM
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment