E-Discovery Tools for Cyber Evidence
According to the European Union (EU), data on computers can provide essential evidence of a crime and can reveal the means by which a crime is committed. To this end, the European Commission established a project called “Cyber Tools On-Line Search for Evidence (CTOSE).†CTOSE is a legal project designed to study authentication methods for electronic evidence in cybercrime cases so that this evidence may be admissible in court proceedings. The project helps to identify, secure, integrate and present electronic evidence related to online criminal offenses and also ensures the legal admissibility of such information. This article illustrates the reader on the CTOSE project and its implementation in the European Union.
Today, fraudulent transactions, computer hacking and viruses, high-tech crime, identity theft and computer fraud have become common occurrences. The Cyber Tools On-Line Search for Evidence (CTOSE) methodology was developed to thwart the rise in cyber crime. Electronic records such as computer network logs, emails, word-processing files, and picture files are often collected as evidence in online criminal cases. However, problems arise as to the lack of consistency across the EU countries on how such information should be obtained and presented to be admissible in court proceedings.
How was the CTOSE project formed?
CTOSE was funded by the European Commission’s Information Society Technologies (IST) organization.
The CTOSE project that was completed on 30 September 2003 and combined the expertise of French telecommunications and security company, Alcatel, UK Security company, QinetiQ, and three research Institutes.
50 experts from Europe and the United States, with a wide range of specialist backgrounds, such as Computer Emergency Response Teams, computer lawyers, computer forensic tool suppliers, high-tech police investigators, and IT security staff from key financial institutions participated in this project.
How do the tools developed by the CTOSE project work?
The tools developed by CTOSE are offered after simulated attacks that range from hacking and Website defacement to organized fraud are conducted. The attacks tend to depict real online commercial hazards and offer tools as actual solution to the problem detected through the pretended attack.
CTOSE has developed certain tools such as:
• A Cyber-Crime Advisory Tool (the C*CAT tool) that notifies investigators, at every phase of an investigation, the necessary procedures and decisions.
• A Legal Advisor that offers advice on the legal and procedural aspects of computer investigations. It points out these legal requirements to investigators and ensures that the evidence collected is admissible, convincing, and legally obtained.
• An XML-based specification for electronic evidence that allows an investigator to package a piece of evidence and hand it over to another investigator so as to establish a safe ‘chain of custody’ for all electronic evidence.
• A demonstrator, a software tool designed to simulate the effects of cyber attacks such as hacking, Website defacement or organized fraud. This tool shows what happens in the event of an attack, on both a typical unprotected Website, and on a Website which has followed the project’s guidelines on forensic readiness. The Websites thus subjected are in a position to investigate and respond to an attack properly.
What the project tools ensure?
These tools introduced by the CTOSE project allow system administrators, information technology security staff, computer incident investigators and police and law-enforcement agencies to follow consistent and standardized procedures when investigating computer incidents using ‘computer forensic tools’.
The CTOSE tools endeavor to ensure that all electronic evidence is legally and properly gathered and preserved. Additionally, CTOSE tools assure that the evidence so collected is uncontaminated and compelling to prove a crime. Lastly, these tools ensure admissibility of evidence collected following these proper protocols, be they presented before an administrative tribunal, civil or criminal court.
For more on E-Discoveries mail us at info@iprfirm.com
