Regional Working Parties

	European Working Party on Information Technology Crime
	African Regional Working Party on Information Technology Crime
	Asia - South Pacific Working Party on Information Technology Crime
	Latin American Working Party on Information Technology Crime

European Working Party on Information Technology Crime

53rd Working Party on Information Technology Crimes, 22-24 September, Interpol General Secretariat, Lyon

52nd Working Party on Information Technology Crimes, 19-21 May, University College Dublin

Formed in 1990, it meets three times a year. In 2009 the Interpol General Secretariat will host 3 meetings of the working party. It is currently represented by members from Austria, Belgium, Denmark, Finland, France, Germany, Italy, Netherlands, Norway, Portugal, Sweden, Switzerland, Spain, and United Kingdom.

54th Meeting of Interpol Working Party on IT Crime - Europe: 20 - 22. January 2009

55th Meeting of Interpol Working Party on IT Crime - Europe: 22 - 24 May 2009

56th Meeting of Interpol Working Party on IT Crime - Europe: 22 - 24 September 2009 (dates will be confirmed shortly)

Amongst its many achievements are:

• the compilation of the Computer Crime Manual, now called Information Technology Crime Investigation Manual (ITCIM), a best practice guide for the experienced investigator, which is continually updated; in order to be more practical (in terms of its volume) and cost efficient, the manual has been made available on CD; an updated version of the CD is currently under production. The content of the Computer Crime Manual is also being converted into HTML format, and is digitally available via Interpol's restricted website; Amongst many others the ' following projects are available for Law Enforcement only in the new ITCIM:
  
  

  The Manual Revision Group
  There had been nothing for this group to do at the present meeting. A new licence for the manual search engine is to be obtained.

Policing the Virtual Internet Project
The group had considered the great variety of existing Virtual Realities and Gaming Sites, and had taken the decision to focus on some relevant examples from the policing perspective and point of view. The group had committed itself to produce a draft version of its report before the summer recess in order to be able to complete its work at the next Working Party meeting. In April ENISA started a similar project entitled “Security Issues in Virtual Worlds and Gaming”, and this was due to be completed in October. The project group will contact the Chair of the ENISA project, Mr Giles HOGBEN, in order to explore and define possible collaboration.

First Responders Project
The working group tried to come up with a leaflet for police officers with instructions on how to handle digital evidence. It is as short as possible without warnings or disclaimers.

Counter Forensics Project
A presentation of an interactive questionnaire surveying counter forensic methods was given by Mr Owen O’CONNOR of the Garda Síochána.

Network Group: A questionnaire is to be sent to all NCBs. The project report is in draft form, awaiting the inclusion of the results of the questionnaire.

Botnet Follow-Up Project
The project team created and updated the chapters of the Botnet Follow-up document about newer types of botnets and also Updated the training manual with new techniques and new trends on Botnets & Malware.

Live Data Forensics
A demonstration of live forensic techniques arranged by the project group was given by a technical specialist from Microsoft on Wednesday 21st May after the formal business of the Working Party meeting had been concluded the day before.

•  numerous training courses in order to share its expertise with other members; these are not only extremely cost efficient (and presented by law enforcement experts for the benefit of law enforcement), but are designed to aim at different levels of expertise and subject areas, ranging from introductory courses to courses specializing in Internet investigations. For 2009 the following courses are currently scheduled:
  
  

  Train The Trainer course, 12-30/1/2009, Nicosia - Cyprus

These training courses are being held in English only and are self-funded. The participation fees for accommodation, meals and course lectures amount to EUR 850 for each course. Transport costs to the course location are to be born by the participants. The courses are open to law enforcement members. For inscription procedures and further information please contact your NCB;

• a rapid information exchange system which essentially consists of two elements: an international 24-hour response system, the National Central Reference Points (listing responsible experts within more than 100 countries currently listed- this is now being expanded and has been endorsed by the High Tech Crime Sub-group of the G8) and a formatted computer crime message format (to ensure that all the essential information is transmitted);
  
  
• The WP also recognized the necessity to complement its expertise with additional outside expertise; in order to not make the WP too cumbersome, this additional expertise (which is not restricted to law enforcement) was incorporated into so-called 'project groups' and is selected by studying the curriculum vitae received in response to a general invitation to European member countries; these project groups are specific task motivated groups led by WP members who within the framework of a specific set period have to complete their project (the meetings are merely used to co-ordinate and streamline the efforts of the individuals, the real work is done on their own time- this has proven to be a very successful and time efficient method).

Future

The EWPITC agreed to prioritise the following projects:

Training:

Collection of existing training material, internationalize it and create training packages for global LE use;

a picture of needed IT Crime investigation courses will be produced to make sure that all needed areas are covered;

aims and objectives for every training module will be defined.

BotNets and Malicious Codes:
The benefit of this project will be that law enforcement agencies worldwide will be better able to investigate botnets and malicious code. The project will also aim to facilitate an operational cooperation project of European BotNet investigators to share intelligence and best practices, in coordination with work being done on this by the General Secretariat.

Mobile Phone Forensics:
The objectives for this project are to compile a best practice guide based on different national initiatives on describing the current forensic tools for mobile phones.

Voice over IP - VoIP:
The purpose of the project is to give a description of the Voice over IP (VoIP) technology, available services related to VoIP and how to investigate criminal cases where VoIP is involved. The description should cover different tools and techniques on analysing computers and other equipment used to communicate through VoIP services.

Tools and Techniques 3:
The aim of this project is to write a document describing the current forensic tools for IT Investigations (Protocol) in particular for:

device /media imaging ('bit stream' copy)

device/media write protection (software and hardware methods)

image (and/or file system) analysis.

revision of the Information Technology Crime Investigation Manual.

African Regional Working Party on Information Technology Crime

5th African Working Party on IT Crime
Pretoria, South Africa, 17 to 19 May 2005
	Resolution of the Delegates

The Technical Advisor to the Working Party is Professor Dana van der Merwe from the Department of Criminal and Procedural Law of the University of South Africa in Pretoria.

The group agreed unanimously on following objectives for the African Working Party on Information Technology Crime:

• Developing and making expertise available for combating IT crime in the region and inter-regional
• Develop and enhance partnerships with organizations, which deal with IT crime
• Establish, co-ordinate and promote the use of best practices in investigation and prevention of IT crime
• Increase information flow within the regional Computer Crime units
• Promotion of operating procedures standardization in the African region

The group agreed unanimously on following project for the Interpol Working Party on Information Technology Crime - Africa:

To run an awareness program for the top management level for African countries and regional police organisations and to start targeting all African countries with information on IT Crime on a regular basis. The Heads of CIDs should be invited to the next meeting of the group to formulate a plan of action to deploy Cyber Crime Units.

Esther KGHOLE (SAPS) was unanimously nominated as project Co-Ordinator.

Asia-South Pacific Working Party on Information Technology Crime

The first meeting of the Asia-South Pacific Working Party on Information Technology Crime (ASPWP), held in 1997, attempted to identify key aspects of Information Technology (IT) crime. Since then, it has not only identified key IT crime problem areas, but has begun to provide solutions to these issues through a combination of international co-operation, sharing of knowledge and practical experience, and coordinated training efforts.

The current chairperson is Mr. Alan MAN, Senior Superintendent of the Hong Kong Police Force. The current vice chairpersons are Mr. Yuichi KIJIMA, Assistant Director, High-Tech Crime Technology Division, National Police Agency of Japan and Pol.Col. Pisit PAOIN Deputy Commander of Technology Crime Suppression Division, Royal Thai Police.

26 INTERPOL member states in the Asia and South Pacific region have actively participated in the working party. These currently include: Australia, Bangladesh, Bhutan, Brunei, Cambodia, China, Fiji Island, Hong Kong - China, India, Indonesian, Iran, Japan, Macao - China, Malaysia, Myanmar, Nepal, New Zealand, Pakistan, Papua New Guinea, Philippines, South Korea,  Singapore, Sri Lanka, Thailand, Timor-Leste, and Vietnam.

ASPWP has reached many milestones since its inception. Some of the most notable achievements are as follows:

• Coordination of training workshops on IT crime investigations and computer forensics relating to the defined key IT crime issues
• Creation and coordination of the following projects. Approximately 30 active members of ASPWP continue working on these subjects.

• Case Information Sharing Project (Leader: Korean National Police Agency): to share the experience of IT Crime investigations and study from the investigation strategies of  previous cases
• Training Project: (Leader: Hong Kong Police Force): to create/update training manuals and provide training to member countries
• Computer Forensic Project (Leader: National Police Agency, Japan): to share each country’s forensic knowledge and procedures for dealing with various types of digital devices
• Intelligent Scoping Project (Leader: INTERPOL General Secretariat): to measure and define the current scope of IT crime, as well as the current law enforcement initiative against such crime

• Organization of Interpol Information Technology Crime Investigation and Training Seminars to exchange and share practical knowledge and know-how through hands-on experience

ASPWP envisions a world where every country in this region has the capacity to deal with IT crime. It will continue to promote the widest possible mutual assistance between all law enforcement agencies in an effort to make a substantial difference against international IT crime.

ASPWP activities:

Working Party meetings

Train-the-Trainer Workshop on I.T. Crime Investigation

Train-the-Trainer Workshop on Computer Forensics

Interpol Information Technology Crime Investigation and Training Seminar

Latin American Working Party on Information Technology Crime

Formed in 2005 the Latin American Working Party on IT Crime (LAWPITC) annually holds 2 Meetings for member countries.
Delegates from 17 countries (Argentina, Bolivia, Brazil, Chile, Colombia, Costa Rica, Cuba, Dominican Republic, Ecuador, El Salvador, Mexico, Nicaragua, Panama, Peru, Spain, Uruguay and Venezuela) have participated in these Working Parties since the first meeting held in November 2005.
Currently, the permanent members of the LAWPITC are the representatives of the Specialized High-Tech Crime Investigation Units from Argentina, Brazil, Chile, Colombia, Costa Rica, Cuba, Mexico, Panama, Peru, Spain, Uruguay and Venezuela.
The current Chairman is Mr Jaime Edgardo Jara Retamal (Chile). The Vice-Chairmen are Mr Juan Salom Clotet (Spain) and Mr Miguel Ángel JUSTO (Argentina).
Objectives:
The aims of this Working Party are:

• To improve the cooperation, sharing of knowledge and practical experience among INTERPOL member countries and other International Organizations dealing with High-Tech Crime.
• To promote the standardization of methods and working proceedings to combat efficiently cyber crime.
• To establish a good practice guidelines.

The practical activities are:

• To coordinate with the rest of INTERPOL working parties on IT Crime.
• To promote international police cooperation among Latin American countries.
• To share expertise on IT Crime investigations.
• To create and supervise the work done by the Sub-groups coping with the specific necessities of the specialized units dealing with high-tech crime in Latin America.

Previous LAWPITC activities:

• 1st meeting in San Salvador, El Salvador from 28 to 30 November 2005
• 2nd meeting in Buenos Aires, Argentina from 15 to 17 May 2006
• 1st board meeting in Cartagena de Indias, Colombia from 25 to 29 September 2006
• 3rd meeting in Panama City, Republic of Panama from 24 to 26 January 2007
• 2nd board meeting in Bogota, Colombia from 7 to 8 June 2007
• 4th meeting in Santiago de Chile, Republic of Chile from 26 to 28 March 2008
  
• 5th meeting in Madrid, Spain from 9 to 11 June 2008

Future LAWPITC activities:

• 6th meeting in Cuba or in El Salvador in 2009 (place and dates to be confirmed)
• 7th meeting in Argentina in 2009 (place and dates to be confirmed)