Análisis forense del caso Raúl Reyes en relación con la norma ISO/IEC 27042

Abstract

Colombian authorities requested INTERPOL perform a forensic analysis of electronic devices seized at a FARC camp in Ecuador in 2008. INTERPOL sent a crisis management unit called CompFor to perform the analysis. The request focused on determining whether files were created, modified or deleted after March 1, 2008. The INTERPOL report concludes that Colombian authorities accessed the evidence appropriately, but there were problems in the initial handling of the data. No evidence of file manipulation was found after the seizure. Problems in international forensic analysis are highlighted and recommendations are offered to address them. Additionally, a classified technical report is provided to Colombian authorities with additional details. In relation to the ISO/IEC 27042:2015 standards in the context of the analysis and interpretation of digital evidence. It highlights the complexity of the process, the need to justify methods used and the possibility of devising new approaches. It relates to other standards such as ISO/IEC 27037:2012 and highlights the importance of the proper application of methods, which can influence the interpretation of digital evidence. The standard offers a common framework for handling security incidents, addressing issues such as continuity, validity and reproducibility of digital evidence. Other related standards and the importance of following procedures to ensure the reliability of the evidence are mentioned. The investigation seeks to understand incidents, improving remediation, future safety, disciplinary or judicial actions. The reliability and provenance of evidence are crucial, supported by validated analytical processes and detailed records. Repeatability and reproducibility are essential, and the importance of a structured approach is highlighted. Digital analysis, according to ISO/IEC 27041, involves identifying digital artifacts and following validated processes. The importance of reporting additional discoveries and the use of competent tools is highlighted. Two analytical models are presented: static and live analysis. Interpretation seeks to derive meaning from data, highlighting the importance of accreditation and the distinction between facts and inferred information.