NCJ Number
222924
Date Published
May 2008
Length
102 pages
Annotation
Findings and recommendations are presented from an examination conducted by Interpol on the user files of eight Fuerzas Armadas Revolucionarias de Colombia (FARC) (Revolutionary Armed Forces of Colombia) computer exhibits seized by Colombian authorities in March 2008.
Abstract
Upon completing their computer forensic examination, Interpol experts concluded: (1) the eight seized Fuerzas Armadas Revolucionarias de Colombia (FARC) laptop computers, USB thumb drives and external hard disks contain a total of 609.6 gigabytes of data, including documents, images, and videos; (2) all seized FARC computer exhibits were accessed by Colombian authorities between March 1, 2008, when they were seized, and March 10, 2008, when they were handed over to Interpol’s computer forensic experts and access to data contained in the eight seized FARC computer exhibits did conform (when handed over to Interpol forensic experts) and did not conform (when turned over to the Grupo Investigativo de Delitos Informaticos) to internationally recognized principles for handling electronic evidence by law enforcement; and (3) Interpol found no evidence that user files were created, modified, or deleted on any of the eight seized FARC computer exhibits following their seizure by Colombian authorities. Several recommendations were submitted following the investigation: (1) enhanced training for first-responder police units encountering electronic evidence during criminal investigations; (2) creation of a properly trained, dedicated, and equipped computer forensic and Internet investigation unit at Interpol; and (3) review of Interpol’s provision of computer forensic assistance to Colombia in order to identify lessons learned. These findings and recommendations are a result of the Colombian authorities request for Interpol to conduct an independent forensic examination of eight seized FARC computer exhibits from the Ecuadorian border region. Appendices