System administrators will need to ramp up their computer forensic skills this year with the introduction of new standards for IT professionals to ensure that systems measure up to evidentiary benchmarks.
The new forensic standard, which will be released later this year, will be funded jointly by the Attorney General's department and the Australian Federal Police (AFP).
The standard will apply to all enterprise IT systems and is being developed by Standards Australia in consultation with financial bodies, telcos, the Defence Signals Directorate (DSD) and the Australian Security Investment Commission (ASIC). Business today is dependent on computers; good corporate governance means having benchmarks and processes in place to protect systems.
A Standards Australia spokesman said a computer forensic handbook will be released in coming months detailing the standard and will target executives, system administrators, legal bodies and law enforcement.
Computer forensic standard committee chairman Ajoy Ghosh said a lot of business contracts are now submitted online, which is why business needs to take a proactive approach rather than reacting after a hack attack has occurred.
Forensic standards will provide an evidentiary trail that can be used in court and Ghosh believes the standards could become mandatory with the support of the federal government.
This means computer forensic skills will no longer be restricted to the investigation units of big consulting firms, but a responsibility delegated to the IT departments implementing and maintaining the Standard Australia guidelines.
To accommodate the growth in e-commerce, Australia's law enforcement agencies have been strengthening their high-tech crime fighting skills including a $6.7 million funding injection last year for the AFP to add five new staff to its 13-member electronic evidence team.
As well as increasing staff and computer forensic capabilities, the AFP increased training to undertake the ambitious task of ensuring 80 per cent of its investigators are e-literate.
Last year at the Australasian Police Commissioners' meeting, agreement was reached to establish the Australian High Tech Crime Centre (AHTCC) to provide multi-agency and multi-jurisdictional support in the investigation of electronic crime.
AHTCC Coordinator federal agent Alastair McGibbon told Computerworld that the ultimate goal of the centre is to provide a centralised national investigative capacity, as well as a support facility for other jurisdictions and to be a clearing house for intelligence related to electronic crime.
McGibbon said the computer forensic standards currently being developed will provide guidelines for forensic examiners that are compliant with Australian legislation. While unable to confirm the number of staff to be employed at the centre, McGibbon said recruitment has already begun and the centre will also play a supporting role in the protection of Australia's critical information infrastructure as well as computer-based incidents such as hacking and denial-of-service attacks.
Once a standard is developed private sector investment in forensic software is sure to follow, but a number of Australia's state policing bodies are already investing in cutting-edge software to increase its forensic capabilities.
For example, the Queensland Police Service (QPS) has been using MathWorks Matlab software in a joint research project with the Queensland University of Technology. QPS has an electronic recording section (ERS) within its Forensic Services Branch that provides investigators with forensic laboratory signal processing services and uses Matlab for forensic comparison and indentifying offenders through voice sampling techniques.
Sergeant Troy O'Malley, of the ERS who was involved in the initial Matlab installation, said the unit handles more audio and visual material than any other law enforcement agency in Australia.
The field of forensic digital signal processing was in its infancy when Matlab was adopted to assist in examinations and analysis.
O'Malley said due to the limited number of commercial applications available in this field, QPS worked closely with the provider to enhance the technology.
Through the application of the Matlab image processing toolbox, he said the ERS has developed a forensic software application to decode and enhance a video from most proprietary multiplexing systems.
ERS officer in charge, Senior Sergeant Barry Cross, said growth in the use of video equipment and security surveillance systems means that more crime that is filmed or recorded is becoming key evidence.
"Producing the best image possible, or clearest sound possible, is vital if the evidence is to be successfully used in court," Cross said.
Adelaide's Forensic Science Centre is using a sophisticated IT control system to help police link criminals with DNA, drugs and other crime information. Shaw Solutions has designed an advanced software system that fully integrates new technologies which provide online delivery of forensic and crime scene reports to the police.
The centre's assistant director, Dr Paul Kirkbride, said a modern crime lab generates huge volumes of technical data that must be processed and delivered to crime fighters.
"The ability to process and deliver test results to the police as quickly as possible is an essential part of linking crime scenes to suspects and obtaining a positive result in the courts," he said.
"It's all about generating the intelligence for intelligence-led policing as quickly as possible by means of a very high level of automation and smart systems.
"We already have the most advanced system in Australia and it is home grown." Forensic SA, which is part of the Department for Administrative and Information Services, currently handles 8000 cases a year, a number that is expected to rise to about 25,000 this year as a result of new DNA legislation.
Steve Fitzgerald, manager of professional services at Shaw Solutions, said the company's Promadis CaseMan technology effectively pulled together all the separate elements of the Forensic Science system for analysis and reporting.
"This data must be processed and in the hands of crime fighters almost immediately to ensure that the evidence and information is relevant," Fitzgerald said.
"Speed in relation to court hearings is also critical as delays can cause legal situations that are not in the best interests of the State.
"This is the reason we not only focus on laboratory results, but also on reporting, performance and information distribution as well. All of these areas are essential parts of forensic management."
Promadis CaseMan has been in development for four years. It gathers laboratory test results through a single server into a comprehensive database using collation and analysis processes for immediate reporting.