Police celebrate e-crime anniversary with new forensic tool
- 23 August, 2009 22:00
The New Zealand Police force has launched a new virtual evidence tool as they celebrate the 25th anniversary of their e-Crime Lab.
The Environment for Virtualised Evidence (EVE) application was launched at an event in Wellington today.EVE, created by the New Zealand Police Electronic Crime Group, consists of a combination of off-the-shelf software and custom development.
Delivered through a web interface, EVE allows investigators to examine a seized computer or storage device, using search tools or a virtual representation of the device to keep it forensically safe and not put evidence at risk.
Digital forensic examiners faced with a complex inquiry can spend weeks delving into a computer to find the traces of evidence required for a successful prosecution, Police say.
Further, with the proliferation of computers and storage devices such as mobile phones and PDAs the number of devices seized outweighs the availability of forensic specialists to analyse them.In New Zealand, detectives typically had to wait four to six months for the results of computer forensic analysis, Police say.
The tool also allows investigators to use a computer as the suspect would have used it.
The end result is more evidence being recovered, faster and therefore increased numbers of guilty pleas, saving court time, Police say.
EVE, which cost around $500,000, allows functions normally completed by forensic specialists to be shifted to investigators, who are better placed to know what is relevant to an investigation. EVE is also available across New Zealand over the Police network.
The virtual element means when a case is loaded into EVE, the analyst can choose to convert a computer exhibit into a virtual copy of that computer, resetting the administrator password in the process.
The detective can then log onto EVE, start the virtual machine and use the computer and any files or applications it contains, as the suspect may have used it.
All EVE activity is logged for audit purposes, Police say.
Search functionality includes image search and video search recognising 3gp, asf, avi, mov, mp4, mpeg, mpg, qt, rm, rmvb, vob, wmv formats and converting these to the Flash format to be viewed on most desktops. The Electronic Crime Unit was launched in 1984 and originally called the National Tape Laboratory.