Forensic Data Collection in Latin America: Behind the Scenes with a Government Investigator in Colombia 12 Sep, 2017
In recognition of the growing challenges and opportunities associated with forensic data investigations around the world, AccessData recently hosted the first-ever “International Forensic Symposium: Trends and Current Situation” event in Washington, D.C. The event brought together forensic investigators and government officials from a number of countries in Europe and Latin America for a wide-ranging discussion of the unique challenges they encounter with their processes, technologies and operations.
Bayron Prieto, Chief of the Digital Forensics Lab from the Colombian Superintendence of Industry and Commerce, was one of the featured speakers at the symposium. Prieto delivered an address – “Forensic Investigations, Experience and Success Stories” – that explored the processes, workflows, experiences and management challenges associated with forensic data collection in Colombia.
“It’s important for forensic lab managers in any country to understand the software tools that are available to help them conduct their investigations,” said Prieto. “At the symposium, we shared our experiences about how AccessData Lab is a powerful software platform and works very easily with the other AccessData forensic tools, such as FTK.”
After the event, Prieto sat down for a behind-the-scenes interview and shared some of his observations from an exciting job within a forensic lab in Latin America.
Q: What are the most common types of cases for which you are called out to conduct digital forensic investigations?
A: We have three lines of investigation: antitrust and competition, data protection and consumer laws. Our job is to review different infractions as economic cartels, database traffic and other anti-consumer infractions.
Q: Have you noticed any trends of new types of cases that have been assigned to you for investigation?
A: Yes, we have. Most people now use their personal devices for work purposes, specifically devices such as smartphones, and the information from those devices is now stored in the cloud. A practical question that a forensic examiner might now be forced to answer is: How do we recover erased data from the cloud service?
Q: What is the single biggest challenge you face in being able to get access to the data you need to collect in your investigations?
A: As examiners in Latin America, we have two major challenges. The first one is the corporate and personal cloud issue I just mentioned. The second one is the lengths we have to go to now in order to acquire images on encrypted devices.
Q: Can you describe a recent case where you faced a particularly big challenge with data collection and explain how you addressed the challenge?
A: We recently were asked to investigate a case where we asked the person of interest to collaborate with us by providing access to evidence, but we had to deal with many layers of encryption. We had to collect evidence from Exchange and Lotus Notes servers with encryption, evidence from Windows encryption with a deleted certificate and images evidence with system encryption protected by McAfee. We addressed these issues with procedures built into AccessData Lab.
Q: What laws or regulations in your country make your job especially difficult? Or perhaps make it easier for you to get the job done?
A: Actually, in Colombia, we have laws that make it easier to do the job. Principally, we have two laws that help us: (1) The Digital Commerce Act, which explains the procedures that we follow for keeping the digital files and using them as evidence; and (2) The Personal Data Protection Act, which gives us tools to get needed information in our raids. However, we are an administrative police agency and sometimes it is not possible to obtain all of the evidence we need.
Q: Can you describe a recent case where you used software tools to uncover some specific data that made a crucial difference in the outcome of an investigation?
A: Yes, I can think about three of such cases. In the first one, we obtained evidence through the processing of documents using OCR. This evidence could result in fines of up to $30 million. In another case, we were able to recover deleted evidence that allowed us to prove the existence of a diapers cartel. And in the third case, we identified emails with a traffic database that was not authorized. In those cases, by the way, we used the AccessData Lab, FTK, FTK Imager and Summation software tools.
Q: How would you like to see software companies innovate in order to meet your evolving needs?
A: We think that forensics tools should be configured for big data management in the future. We also think they should be designed for a continuous update, making it easier on us to administer. And we’d also suggest that forensic software developers think in terms of multi-disciplinary jobs (e.g., engineers, lawyers and economists) as they create next generations of the tools.
The discipline of digital forensics is now widely accepted in the U.S., Latin America and throughout Europe as a crucial element in both criminal and civil investigations. Indeed, one of the more surprising discoveries is how similar the process of forensic investigation and criminal prosecution is from one country to the next. To be able to thoroughly investigate alleged criminal wrongdoing in today’s culture, digital forensics professionals play a key role in uncovering digitally encrypted and hidden information as part of investigations that take place every day, from California to Colombia.