|< Day Day Up >|| |
The IOCE was established in 1995 to provide international law-enforcement agencies a forum for the exchange of information concerning computer crime investigation and other computer-related forensic issues. Comprised of accredited government agencies involved in computer-forensic investigations, IOCE identifies and discusses issues of interest to its constituents, facilitates the international dissemination of information, and develops recommendations for consideration by its member agencies.
In addition to formulating computer evidence standards, IOCE develops communications services between member agencies and holds conferences geared toward the establishment of working relationships.
In response to the G-8 Communiquè and Action plans of 1997, IOCE was tasked with the development of international standards for the exchange and recovery of electronic evidence. Working groups in Canada, Europe, the United Kingdom, and the United States have been formed to address this standardization of computer evidence.
During the International Hi-Tech Crime and Forensics Conference (IHCFC) of October 1999, the IOCE held meetings and a workshop that reviewed the United Kingdom Good Practice Guide and the SWGDE draft standards. The working group proposed the following principles, which were voted upon by the IOCE delegates present with unanimous approval.
The international principles developed by IOCE for the standardized recovery of computer-based evidence are governed by the following attributes:
Consistency with all legal systems
Allowance for the use of a common language
Ability to cross international boundaries
Ability to instill confidence in the integrity of evidence
Applicability to all forensic evidence
Applicability at every level, including that of individual, agency, and country
These principles were presented and approved at the IHCFC in October 1999. They are as follows:
Upon the seizure of digital evidence, actions taken should not change that evidence.
When it is necessary for a person to access original digital evidence, that person must be forensically competent.
All activity relating to the seizure, access, storage, or transfer of digital evidence must be fully documented, preserved, and available for review.
An individual is responsible for all actions taken with respect to digital evidence while the digital evidence is in that person's possession.
Any agency that is responsible for seizing, accessing, storing, or transferring digital evidence is responsible for compliance with these principles.
Other items recommended by IOCE for further debate or facilitation include the following:
Forensic competency and the need to generate agreement on international accreditation and the validation of tools, techniques, and training
Issues relating to practices and procedures for the examination of digital evidence
The sharing of information relating to hi-tech crime and forensic computing, such as events, tools, and techniques
During the last three years, the NIPC worked with its international partners on several fronts to address computer crime and cyberterrorism issues. This included outreach activities designed to raise awareness about the cyberthreat, encouraging countries to address the threat through substantive legislation and provide advice on how to organize to deal with the threat most effectively. Almost weekly the NIPC hosted a foreign delegation to discuss topics ranging from current cases to the establishment of NIPC-like entities in other countries. Since the NIPC was founded, Japan, the United Kingdom, Canada, Germany, and Sweden have formed or are in the process of forming interagency entities similar to the NIPC. The NIPC has briefed visitors from the United Kingdom, Germany, France, Norway, Canada, Japan, Denmark, Sweden, Israel, and other nations over the past year.
In order to help make foreign partners more capable to assist international investigations and to address cybercrime within their own countries, the NIPC also provided training to investigators from several countries. Much of this training took place at the International Law Enforcement Academies in Budapest, Hungary, and Bangkok, Thailand. In addition, a small number of select international investigators received training in NIPC-sponsored classes in the United States. The NIPC also held workshops with other countries to share information on techniques and trends in cyberintrusions. In September 1999 the NIPC sponsored an International Cyber Crime Conference in New Orleans, Louisiana, to provide training to international law-enforcement officers and forge links between foreign law-enforcement officers and personnel.
|< Day Day Up >|| |