Office of the Attorney General of Colombia

It needed to ensure that all operations in its forensic laboratories are performed in a way that enforces the three main parameters for handling digital evidence: confidentiality, integrity and availability.

The team faced a number of challenges to ensure best practices in digital investigation techniques, including:

• Rapidly increasing investigator case loads.
• A growing wave of Colombian cybercrime, as well as other types of crimes involving the use of digital devices, including terrorism, drug trafficking, pornography, money laundering and maritime interdiction.
• Training for investigators to ensure the most forensically sound evidence and the best possible analysis.
• The need to expedite potential evidence collection and analysis.

In 2005, two technical research officials began training in the use of OpenText™ EnCase™ Forensic to perform digital investigations at a new level of efficiency and expertise, including Maria Pinzon Leguizamon who serves as the national cybercrime coordinator for CTI. “It gave us a different picture of how to treat and analyze digital evidence,” said Pinzon Leguizamon. “EnCase Forensic has continued to optimize effectiveness from version to version and the improvements help us analyze electronic data analysis data more efficiently in our work.”

Pinzon Leguizamon relies on EnCase Forensic as a principal tool in a variety of cases in which she is assigned as the expert in the analysis of storage devices, including hard drives, USB sticks, laptops and desktops. “Utilizing OpenText training and EnCase Forensic, we were able to locate important information in areas of hard drives normally inaccessible,” she said. “As well as to effectively rebuild complex RAID arrays on servers, among other findings and procedures that—without this tool and training—would have lessened the success of many investigations.”

The CTI team initiated a program to train all staff on all modules of EnCase Forensic, including recording analysis, internet analysis and more. Pinzon Leguizamon said, “Procedures and protocols for the use of EnCase Forensic were developed and we were able to realize increased performance, accuracy and skill in the analysis and location of information that would probably not have been possible otherwise, all while maintaining the integrity of the evidence throughout the investigation.”

Working toward EnCase vCertified Examiners (EnCE) certification was another important goal of the CTI team, which is now the only judicial police team in Colombia with nine certified experts. “Receiving the EnCE certification for our forensic laboratory of the Attorney General’s Office of Colombia was a major achievement,” said Pinzon Leguizamon. “Prosecutors have chosen us specifically as their trusted judicial police in recognition of our work and the results obtained to conduct investigations of national significance.”

Today, CTI is providing vital assistance to the Attorney General with:

• Faster evidence collection and processing.
• Lower case backlog due to faster case processing and analysis.
• Approximately 100 staff fully trained in the use of EnCase Forensic and best practices digital investigations techniques.
• Licensed copies of EnCase Forensic, as well as trained investigators in 23 offices throughout the country.
• Nine EnCE-certified experts as the preferred expert witnesses by Colombian prosecutors.
• Expert assistance for such nationally noted cases as Jorge 40, Agroingreso Insurance and False Positive and Paul Reyes.

Having committed to expert training for its investigators, the CTI team is reaping the rewards. “We know that success comes not only from using the best forensic tool, but also from the expertise of the investigators,” said Pinzon Leguizamon. “Now we are at the forefront of international forensic computer investigation and lab work.”