Regional Working Parties
| European Working Party on Information
Technology Crime |
|
|
| 53rd Working Party on Information Technology Crimes, 22-24 September, Interpol General Secretariat, Lyon |
|
| 52nd Working Party on Information Technology Crimes, 19-21 May, University College Dublin |
|
Formed in 1990, it meets three times a year. In 2009 the Interpol General Secretariat will host 3 meetings of the working party. It is currently represented by members from Austria, Belgium, Denmark, Finland, France, Germany, Italy, Netherlands, Norway, Portugal, Sweden, Switzerland, Spain, and United Kingdom.
54th Meeting of Interpol Working Party on IT Crime - Europe: 20 - 22. January 2009
55th Meeting of Interpol Working Party on IT Crime - Europe: 22 - 24 May 2009
56th Meeting of Interpol Working Party on IT Crime - Europe: 22 - 24 September 2009 (dates will be confirmed shortly)
Amongst its many achievements are:
Policing the Virtual Internet Project
The group had considered the great variety of existing Virtual Realities and Gaming Sites, and had taken the decision to focus on some relevant examples from the policing perspective and point of view. The group had committed itself to produce a draft version of its report before the summer recess in order to be able to complete its work at the next Working Party meeting. In April ENISA started a similar project entitled “Security Issues in Virtual Worlds and Gaming”, and this was due to be completed in October. The project group will contact the Chair of the ENISA project, Mr Giles HOGBEN, in order to explore and define possible collaboration.
First Responders Project
The working group tried to come up with a leaflet for police officers with instructions on how to handle digital evidence. It is as short as possible without warnings or disclaimers.
Counter Forensics Project
A presentation of an interactive questionnaire surveying counter forensic methods was given by Mr Owen O’CONNOR of the Garda Síochána.
Network Group: A questionnaire is to be sent to all NCBs. The project report is in draft form, awaiting the inclusion of the results of the questionnaire.
Botnet Follow-Up Project
The project team created and updated the chapters of the Botnet Follow-up document about newer types of botnets and also Updated the training manual with new techniques and new trends on Botnets & Malware.
Live Data Forensics
A demonstration of live forensic techniques arranged by the project group was given by a technical specialist from Microsoft on Wednesday 21st May after the formal business of the Working Party meeting had been concluded the day before.
- numerous training courses in order to share its expertise with other members; these are not only extremely cost efficient (and presented by law enforcement experts for the benefit of law enforcement), but are designed to aim at different levels of expertise and subject areas, ranging from introductory courses to courses specializing in Internet investigations. For 2009 the following courses are currently scheduled:
Train The Trainer course, 12-30/1/2009, Nicosia - Cyprus
These training courses are being held in English only and are self-funded. The participation fees for accommodation, meals and course lectures amount to EUR 850 for each course. Transport costs to the course location are to be born by the participants. The courses are open to law enforcement members. For inscription procedures and further information please contact your NCB;
- a rapid information exchange system which essentially consists of two elements: an international 24-hour response system, the National Central Reference Points (listing responsible experts within more than 100 countries currently listed- this is now being expanded and has been endorsed by the High Tech Crime Sub-group of the G8) and a formatted computer crime message format (to ensure that all the essential information is transmitted);
- The WP also recognized the necessity to complement its expertise with additional outside expertise; in order to not make the WP too cumbersome, this additional expertise (which is not restricted to law enforcement) was incorporated into so-called 'project groups' and is selected by studying the curriculum vitae received in response to a general invitation to European member countries; these project groups are specific task motivated groups led by WP members who within the framework of a specific set period have to complete their project (the meetings are merely used to co-ordinate and streamline the efforts of the individuals, the real work is done on their own time- this has proven to be a very successful and time efficient method).
Future
The EWPITC agreed to prioritise the following projects:
Training:
Collection of existing training material, internationalize it and create training packages for global LE use;
a picture of needed IT Crime investigation courses will be produced to make sure that all needed areas are covered;
aims and objectives for every training module will be defined.
BotNets and Malicious Codes:
The benefit of this project will be that law enforcement agencies worldwide will be better able to investigate botnets and malicious code. The project will also aim to facilitate an operational cooperation project of European BotNet investigators to share intelligence and best practices, in coordination with work being done on this by the General Secretariat.
Mobile Phone Forensics:
The objectives for this project are to compile a best practice guide based on different national initiatives on describing the current forensic tools for mobile phones.
Voice over IP - VoIP:
The purpose of the project is to give a description of the Voice over IP (VoIP) technology, available services related to VoIP and how to investigate criminal cases where VoIP is involved. The description should cover different tools and techniques on analysing computers and other equipment used to communicate through VoIP services.
Tools and Techniques 3:
The aim of this project is to write a document describing the current forensic tools for IT Investigations (Protocol) in particular for:
device /media imaging ('bit stream' copy)
device/media write protection (software and hardware methods)
image (and/or file system) analysis.
revision of the Information Technology Crime Investigation Manual.
| African Regional Working Party on Information
Technology Crime |
|
|
The current chairman is Mr Beaunard Grobler from the Cyber Crime Unit of the South African Police Service, Vice-Chairmen are Mr. Mboya Tom Gerald (Kenya), and Mr Kassala Samso (Tanzania).
The Technical Advisor to the Working Party is Professor Dana van der Merwe
from the Department of Criminal and Procedural Law of the University of South
Africa in Pretoria.
The group agreed unanimously on following objectives for the African Working
Party on Information Technology Crime:
- Developing and making expertise available for combating IT crime in the
region and inter-regional
- Develop and enhance partnerships with organizations, which deal with IT
crime
- Establish, co-ordinate and promote the use of best practices in investigation
and prevention of IT crime
- Increase information flow within the regional Computer Crime units
- Promotion of operating procedures standardization in the African region
The group agreed unanimously on following project for the Interpol Working Party on Information Technology Crime - Africa:
To run an awareness program for the top management level for African countries and regional police organisations and to start targeting all African countries with information on IT Crime on a regular basis. The Heads of CIDs should be invited to the next meeting of the group to formulate a plan of action to deploy Cyber Crime Units.
Esther KGHOLE (SAPS) was unanimously nominated as project Co-Ordinator.
| Asia-South Pacific Working Party on Information
Technology Crime |
|
|
As activities of IPSG for combating High-Tech Crime in Asia-South Pacific (ASP),
IPSG annually holds 2 Meetings and 2 Training Workshops for ASP member countries.
Interpol Working Party on IT Crime – ASP (ASPWP)
Objectives:
Interpol Working Party on IT Crimes – Asia South Pacific region was established in 1997 and annual meeting is being held.
The aims of this Working Party are
- Cooperation, sharing of knowledge and practical experience
- Promotion of standardization of methods such as Investigation method, training method and so on
- And establish good practice guidelines
and practical activities are
- To share significant expertise
- To share the current crime scenes
- To establish new projects
Nowadays, 4 projects are on going on this Working Party.
- Intelligent Scoping Project (Leader: IPSG): to measure and scope the current situation on IT crime and the current law enforcement initiative against such crime.
- Case Information Sharing Project (Leader: Korea): to share the experience of IT Crime investigations and study from the investigation strategies from other cases
- Training Project: (Leader: Hong Kong): to create/update training manuals and provide training to member countries
- Computer Forensic Project (Leader: Japan): to share the experience of computer forensics for various types of digital devices
Previous ASPWP:
1st meeting in Melbourne, Australia from 17 to 19 February 1997
2nd meeting in New Delhi, India from 20 to 22 November 2000
3rd meeting in Hong Kong, China from 26 to 28 November 2001
4th meeting in Seoul, Korea from 17-18 October 2002
5th meeting in Shanghai, China
6th meeting in Bangkok, Thailand from 15 to 17 December 2004
7th meeting in Tokyo, Japan from 28-30 September 2005
8th meeting in Hong Kong, China from 19-21 December 2006
9th meeting in Bali, Indonesia, from 20-22 November 2007
10th meeting in Seoul, Korea, 14 November 2008
Future ASPWP:
11th meeting in Thailand, 2009
Recommendation of Last ASPWP:
10th INTERPOL Working Party on Information Technology Crime for Asia and South Pacific
Seoul, 14 November 2008
Recommendation
The Working Party recognises that:
The initiatives undertaken at previous working party meetings be continued and further developed,
The delegates at the 10th INTERPOL Working Party on Information Technology Crime for Asia and South Pacific recommend:
- That Member States should seek close cooperation between regional entities such as ASEANAPOL and to develop partnerships with public and private entities based in the ASP Region;
- That the ASPWP shall keep giving our assistance to Latin America Working Party in order to help them to develop their own training materials;
- That Member States should empower INTERPOL to organise ad-hoc meetings when specific cyber crime issues are identified;
- That the existing WP projects (Intelligence Scoping Project, Information Sharing Project, Training Project and Forensic Project) shall be continued effectively. In particular Country Reports shall be updated continuously in order to share the latest Information among the Member States under the Intelligence Scoping Project;
- That the National Central Reference Points (NCRPs) network list shall be kept fully updated; especially Member States should make effort to contact to the ASP Countries who are not on the NCRP list to be affiliated;
- That NCRP should be used appropriately as a tool of Operational Assistance;
- That Member States shall take part in our Training Party from the Trainers and Trainees point of view to develop Capability Building.
Seoul, 14 November 2008
Interpol Information Technology Crime Investigation and Training Seminar (SEMINAR)
Objectives:
Seminar is mainly for the TECHNICAL EXPERTS on the field of combating High-tech crime investigation and digital forensics.
They gather and discuss about new and essential technical issues. SEMINAR is targeted on the 3 areas in line with the projects of ASPWP.
There are
- IT Crime Investigation
- IT Crime Training
- Computer forensics
and as an important task, SEMINAR is recommended to make reports and feed them back to ASPWP.
Previous Seminars:
1st SEMINAR in Hong Kong, China from 6-8 October 2003
2nd SEMINAR in Seoul, Korea from 19-21 July 2004
3rd SEMINAR in Xi’an, China from 17 to 19 May 2005
4th SEMINAR in Tokyo, Japan from 27 to 29 September 2006
5th SEMINAR in Tokyo, Japan from 2-4 October 2007
Minute of Last Seminar:
5th INTERPOL Information Technology Crime Investigation and Training Seminar was held from 2 to 4 October in Tokyo, Japan. 28 participants from 13 countries/jurisdictions attended this Seminar and shared lot of technical-oriented information relating to IT Crime Investigation, methods and materials for training investigators and digital forensics to combat High-Tech Facilitated Criminality. The participants, in particular, discussed about BOTNETS, P2P Networks, Information Leakage, Phishing Scam, Data Analysis of e-mails, windows vista and hands-on Forensic examinations. Also teaching materials of Training Workshop on Investigation and Forensic were discussed to be updated. All summaries are now available to see by click above 5th SEMINAR in Tokyo, Japan from 2-4 October 2007.
Train-the-Trainer Workshop on Information Technology Crime Investigation for ASP (TTI)
Objectives:
In October 2003, 5th Interpol Asia and South Pacific Working party on Information Technology crime agreed to hold the 'Train-the-Trainer Workshop on Information Technology Crime Investigation' annually, in order to provide a training opportunity cheaply to increase the number of Information Technology Crime investigators in Asia and South Pacific region.
Previous TTI:
1st TTI in Seoul, Korea from 8 to 12 November 2004
2nd TTI in American Samoa, USA from 13 to 17 June 2005
3rd TTI in Tokyo, Japan from 9 to 13 January 2006
4th TTI in Melbourne, Australia from 13 to 17 November 2006
5th TTI in Seoul, Korea from 25 to 29 June 2007
6th TTI in New Delhi, India from 17 March to 4 April 2008
7th TTI in Bangkok, Thailand from 12 to 16 May 2008
Future TTI:
8th TTI in Fiji, 2009
Minute of Last TTI:
The Seventh Train-the-Trainer Workshop on Information Technology Crime Investigation for Asia South Pacific was held in Bangkok, Thailand from 12 to 16 May 2008. 19 participants from Bangladesh, Cambodia, Indonesia, Iraq, Laos, Oman and Thailand joined the workshop and in addition to the INTERPOL officer, 5 trainers from Australia, Hong Kong, Korea and Thailand took part in the workshop.
The workshop covered basic and intermediate Internet investigation mainly and some part of computer forensics. Thanks to the experienced trainers, the workshop included many brand new investigation techniques such as Windows vista and Social Network System technology. Also more practical topics such as investigation cases of detecting the place (Server) of the pictures of child pornography were added to the course.
Regarding forensic topics which are essential knowledge even for investigators, trainees were requested to set up servers and analyze the phenomenon in Servers such as the way of recording logs or of transferring the information on packet level.
According the feedback from trainees, we recognized that the level of this course was exactly what we aimed (half basic – Half intermediate) and all trainees thought of themselves that they could understand more than 50% of entire materials. The result of the test (13 of 19 trainees passed the examination) also reinforced this fact.
Also some of the participants claimed the short term of this course. The main reason to say so was the lack of practice and exercise time. As it would be very difficult to occupy splendid trainers from several countries for more than 1 week, trainers will discuss to expand the course time of a day to increase the time for exercise.
According to the feedback from the participants, all participants said that the workshop was very useful or useful and 90% said the materials had very good or good quality.
Feedback from participants
Note: Teaching Material of TTI (PowerPoint Presentation) is now compiled on CD. You may contact IPSG – FHT High-Tech team to obtain it.
Train-the-Trainer Workshop on Computer Forensic for ASP (TTF)
Objectives:
On the basis of the success of Investigation Training Workshop, 7th Interpol Working Party on IT Crime – ASP in Japan agreed to hold 'Train-the-Trainer Workshop on Computer Forensics' annually, in order to provide a training opportunity cheaply to increase the number of the officers who is in charge of digital forensics in Asia and South Pacific region, as well as TTI.
Previous TTF:
1st TTF in Tokyo, Japan from 22 to 26 January 2007
2nd TTF in wellington, New Zealand from 4 to 8 February 2008
3rd TTF in Hong Kong, China from 20 to 24 October 2008
Future TTF:
4th TTF, 2010
Minute of Last TTF:
The Third INTERPOL Train-the-Trainer Workshop on Computer Forensics in Asia South Pacific was held in Hong Kong, China from 20 to 24 October 2008. 20 participants from China, Fiji, Guam, Hong Kong, India, Indonesia, Macau, Philippines, Thailand and LoBang joined the workshop and in addition to the INTERPOL officer, 5 trainers from Australia, Hong Kong, Korea and New Zealand took part in the workshop.
The workshop covered basic knowledge of computer forensics. It means that this Training Workshop focused on the fundamental knowledge such as file systems/structures (FAT, NTFS) of hardware and byte basis analysis (using WinHex) rather than learning the famous forensic tools (like EnCase), because forensic experts should know the core part of how the useful forensic tools work during finding evidences. It is as if car-mechanic should learn the structure of the vehicle rather than how to drive car.
Thanks to the experienced trainers, this Training Workshop included much core knowledge about computer forensics such as how to treat hardware and external devices, Live Forensics, File Systems and principle of file recovery.
According to the feedback from the participants, all participants said that the workshop was very useful or useful and the materials were very good or good quality.
This result indicates that our tactics has succeeded because almost all participants considered covered area were appropriate.
As a result of the test held on the final day of the course, 8 of 20 trainees have acquainted the INTERPOL Certificate as trainer of Computer Forensics.
Feedback from participants
The feedback from participants said that the workshop fitted the need of participants. Also they were pleased to be given brand new teaching materials and tools packaged in CD. We should keep the training materials up to date in order to reflect the change of the Computer forensics. To keep in touch with trainers should be necessary for IPSG.
Some participants, in particular the participants who had efficient knowledge of computing in advance, requested the contents of the class should be leveled up. On the other hand, majority of the participants claimed to continue holding this level’s course.
Whereas it is important to train forensic examiners to be advanced one, we have to admit that basic level’s one is currently more important then advanced one in ASP region.
Given that situation, it would be appropriate to keep holding the basic course; in addition it would be nicer that we can find the additional sponsor to hold the new intermediate level course.
Note: Teaching Material of TTF (PowerPoint Presentation) is now compiled on CD. You may contact IPSG – FHT High-Tech team to obtain it.
| Latin American Working Party on Information Technology Crime |
|
|
Formed in 2005 the Latin American Working Party on IT Crime (LAWPITC) annually holds 2 Meetings for member countries.
Delegates from 17 countries (Argentina, Bolivia, Brazil, Chile, Colombia, Costa Rica, Cuba, Dominican Republic, Ecuador, El Salvador, Mexico, Nicaragua, Panama, Peru, Spain, Uruguay and Venezuela) have participated in these Working Parties since the first meeting held in November 2005.
Currently, the permanent members of the LAWPITC are the representatives of the Specialized High-Tech Crime Investigation Units from Argentina, Brazil, Chile, Colombia, Costa Rica, Cuba, Mexico, Panama, Peru, Spain, Uruguay and Venezuela.
The current Chairman is Mr Jaime Edgardo Jara Retamal (Chile). The Vice-Chairmen are Mr Juan Salom Clotet (Spain) and Mr Miguel Ángel JUSTO (Argentina).
Objectives:
The aims of this Working Party are:
- To improve the cooperation, sharing of knowledge and practical experience among INTERPOL member countries and other International Organizations dealing with High-Tech Crime.
- To promote the standardization of methods and working proceedings to combat efficiently cyber crime.
- To establish a good practice guidelines.
The practical activities are:
- To coordinate with the rest of INTERPOL working parties on IT Crime.
- To promote international police cooperation among Latin American countries.
- To share expertise on IT Crime investigations.
- To create and supervise the work done by the Sub-groups coping with the specific necessities of the specialized units dealing with high-tech crime in Latin America.
Previous LAWPITC activities:
- 1st meeting in San Salvador, El Salvador from 28 to 30 November 2005
- 2nd meeting in Buenos Aires, Argentina from 15 to 17 May 2006
- 1st board meeting in Cartagena de Indias, Colombia from 25 to 29 September 2006
- 3rd meeting in Panama City, Republic of Panama from 24 to 26 January 2007
- 2nd board meeting in Bogota, Colombia from 7 to 8 June 2007
- 4th meeting in Santiago de Chile, Republic of Chile from 26 to 28 March 2008
- 5th meeting in Madrid, Spain from 9 to 11 June 2008
Future LAWPITC activities:
- 6th meeting in Cuba or in El Salvador in 2009 (place and dates to be confirmed)
- 7th meeting in Argentina in 2009 (place and dates to be confirmed)
