Chris Buttner, a specialist with the AFP's Computer Crime Team, said while most manufacturers of embedded devices are generally helpful when asked how to extract information from their products to assist in a case, cooperation in cracking the security features is less forthcoming.
"When we come up against security features, which are to them marketing tools, [the manufacturers] tend to clam up," Buttner said. "If we get around the security feature we don't publicise it, or even tell them because they'll change it."
In some cases, if a necessary part of tendering evidence to the court is the disclosure that a security measure was breached, that evidence is withdrawn, according to Buttner.
Another problem with examining an embedded device is that, unlike computers, they often have to be destroyed in order to obtain the evidence. This diminishes the chance of the device being successfully tendered as evidence in a court of law. For that reason, said Buttner, processes must be spot on.
Buttner defined an embedded device is one which has a specialised computer system as part of a larger system, such as a mobile phone or on-board vehicle computer. "We'll see a huge proliferation of embedded devices," said Buttner. "All of these devices are potential sources of evidence.
Buttner's claims highlight the tensions between law enforcement agencies and manufacturers over the manufacturers' need to guarantee the confidentiality and security of data held in their product and law enforcement agencies' need to access information to assist their investigations.
The AFP is attempting to secure standardised accreditation for forensic examination of computers and embedded devices in Australia, and is pushing for an internationally recognised standard along with European counterparts, as opposed to the American Society of Crime Laboratory Directors, Laboratory Accreditation Board (ASCLD/LAB).
Two months ago Buttner approached the National Association of Testing Authorities (NATA) to for them to be the Australian assessing body for the standards, and to have the discipline included in the testing AFP currently has with NATA.
If this process is successful, the AFP will be the first agency in the world to have that accreditation. "I would hope that we have it in three years," said Buttner. "There is a lot of groundwork to do, but I'm hoping we'll throw a lot of resources at it."
Buttner said the accreditation was entirely voluntary, but once a critical mass was reached doubt would be cast on the veracity of results from non-accredited laboratories.
"Some labs will undoubtedly face a significant financial cost, which they may or may not decide to bear," said Buttner.
Buttner gave a talk on this technology at the University of Technology Sydney's science forum into surveillance and security, which is funded by the Department for Education, Science and Training.
