comunicaÇÃo tÉcnica - iptescriba.ipt.br/pdf/170358.pdfa série comunicação técnica compreende...
TRANSCRIPT
COMUNICAÇÃO TÉCNICA ______________________________________________________________________________________________________________________________________________________________________________________________________
Nº 170358
Automating the chain of custody using RFID technology to support the validation of forensics evidence Denis Bruno Viríssimo Alessandro Santiago dos Santos Maria Cristina Machado Domingues Mário Yoshikazu Miyake Vanessa D'Alessio Giarone Marina Gallucci Mazziero Henrique Frank Werner Puhlmann Luis Orlando Aponte Ruiz
Slides apresentado no IEEE International Workshop on Information Forensics and Security – WIFS, 2011, São Paulo
A série “Comunicação Técnica” compreende trabalhos elaborados por técnicos do IPT, apresentados em eventos, publicados em revistas especializadas ou quando seu conteúdo apresentar relevância pública. ___________________________________________________________________________________________________
Instituto de Pesquisas Tecnológicas do Estado de São Paulo
S/A - IPT Av. Prof. Almeida Prado, 532 | Cidade Universitária ou
Caixa Postal 0141 | CEP 01064-970 São Paulo | SP | Brasil | CEP 05508-901
Tel 11 3767 4374/4000 | Fax 11 3767-4099
www.ipt.br
1
Abstract—The forensic report is based on the legal mandate
that the methods of obtaining and preserving the forensic
evidence must assure its authenticity and integrity throughout its
life cycle, since its obtainment at the scene of the crime until the
completion of the report. This paper presents a proposal of an
automated management and control system for the custody of
forensic evidences. By automating the chain of custody it’s
possible to identify not only the forensic evidence at any time, but
also its responsible. The use of Radio-Frequency Identification –
RFID – in the chain of custody improves the traceability of
evidence. To test the feasibility of the proposal it was undertaken
a proof of concept involving the forensic analysis department of
the Techno-Scientific Police of the State of São Paulo (SPTC).
Index Terms—Custody, Forensic Evidence, RFID, IT.
I. INTRODUCTION
n the Brazilian legal system, the evidences collected in the
scene of a crime in the form of samples and traces must
preserve the characteristics of integrity and authenticity
throughout all the legal process case, up to the final sentence.
Integrity of an evidence refers to the property of maintaining
unchanged all its characteristics. Authenticity refers to the
guarantee that the evidence presented in court is the same
collected in the crime scene. The loss of any of those
characteristics, at any time during the legal process, may lead
to the disqualification of the evidence.
The chain of custody applies to the handling of samples and
traces in order to keep its authenticity and integrity, and it also
refers to the documentation used to register the sample
movements and manipulations by carriers following
determinations mandated by legal authorities [1]. In this
process, each agent having access to the evidence must be
identified and registered. The evidence, in turn, should also be
identified and be identifiable at any time.
The Forensic Police assumes the responsibility of custody
of evidence as soon as it is received by one of its operational
units. Therefore, it is important to have a central authority
responsible for the guard of materials, substances, instruments
and forensic objects, in order to minimize the risks of loss or
alterations on evidences under custody [2] [3].
In 2010 it was launched, in the Superintendence of the
Techno-Scientific Police of the State of São Paulo (SPTC), a
proof of concept of a system designed to automate the chain of
custody of forensic evidences under its jurisdiction.
The present procedures for the custody of forensic
evidences are based on manual procedures and present many
shortcomings.
Due to the manual handling of evidences without strong
control procedures, the chances are high of mismatch between
the evidence and the accompanying documents. Evidences can
be lost inside the operational units of the Superintendence,
since the elaboration of the forensic report can lead to the
execution of many examinations, usually in different
laboratories, located in different units, buildings or even cities.
These factors, combined with the large number of evidences
under custody, generate the need to improve the control of
forensic evidence.
II. A PROPOSAL FOR AN AUTOMATED MANAGEMENT AND
CONTROL SYSTEM FOR THE CUSTODY OF FORENSIC EVIDENCES
The new custody system must provide control in all phases
of the evidence life cycle. The use of automation is aimed at
reducing human errors, minimize the possibilities of
unauthorized manipulation of evidences, and give access to
data in real time.
Once the evidence is received in the forensic analysis
department it receives a RFID tag with its identification code
[4]. At this time, the evidence is registered in the chain of
custody system. The identified evidence is then stored in the
evidence warehouse. All movements of the evidence must be
monitored by the system.
In order to manage and control the chain of custody, it is
proposed a computer system divided in four layers: Central
System Layer, Local System Layer, Monitor System Layer,
and RFID Portal.
The RFID Portal has two main purposes: automatic
evidence identification capture; and local signaling system to
indicate authorized and denied operations with the evidence.
This Portal embeds technologies that enable a quick and easy
identification, with as little human interaction in the process as
possible, and to identify several evidences at the same time.
All the movements of evidences between sensible areas within
the forensic analysis department are monitored by RFID
Portals located at the accesses of these areas.
The Monitor System manages the information flow from
RFID Portal and identifies from which area the evidence is
coming.
Automating the chain of custody using RFID
technology to support the validation of forensics
evidence D. B. Viríssimo, IPT, A. Santiago, IPT, M. C. Machado, IPT, M. Y. Miyake, IPT, V. D. Giarone, IPT,
M. G. Mazziero, IPT, H. F. W. Puhlmann, IPT, L. O. A. Ruiz, SPTC
I
2
The Local System is responsible for the intelligence of
forensic evidence movement.
The Central System consolidates all the information from
the Local Systems, allowing the managerial control of the
entire chain of custody over the evidence life cycle.
III. PROOF OF CONCEPT
In this context, it was studied and implemented a particular
combination of technologies to test the viability of the
proposed control system.
The proof of concept had to adopt some requirements
proceeding from the custody environment, namely: control of
incoming and outgoing evidences, validating the integrity and
authenticity of these; control of the volume of incoming and
outgoing evidences in the analysis department; inventory
management of the warehouse; real time location of evidences
in the different areas; control access to evidences; detection of
irregularities in evidences movements; tracking a specific
evidence’s chain of custody; evidence status (in admission,
examination, ready for dispatch); identification of faulty points
in the chain of custody.
Besides these requirements, some choices have been made
for the definition of the proof of concept: adopting a model of
standard low-cost RFID tag; smallest possible interference in
day-to-day activities of the experts; allow the traceability of
the evidences, including information about its carrier and its
current location; laboratories must satisfy technical conditions
for confinement rooms.
Thus, the proof of concept was built using RFID EPC Gen
2 technology, a passive tag model, standardized and with a low
cost, operating around the 900 MHz band. The laboratory
which received the solution works with materials such as CDs,
tapes, and DVDs. These forensic evidences are stored in
security envelopes, in which the RFID tag was attached. In
addition, the chosen evidences did not contain elements such
as water and metal, which could difficult the reading with the
EPC Gen 2 model.
It was decided to restructure the analysis department room’s
layout, in order to create an enabling environment to set up
traceability requirement. In addition, the carriers also received
a RFID card to identify their movements in the controlled
areas.
It was necessary to redesign processes for the entrance,
distribution and emission of forensic reports in a way to
conform to the steps shown in Fig. 1.
Fig. 1. also shows the new layout of the analysis department
and the operational sequence of administrative activities to be
accomplished to establish a full trace of the forensic evidence.
Fig. 1. Proof of concept case scenario.
In this proof of concept, the following tests were
performed: capability of simultaneous tag readings;
alternatives for positioning of the antennas; variation of
passage speed and synchronization in the portals; best position
for the tag in the envelope; studies about types of evidences
containers, e.g. trolleys; alternatives for warehouses design.
IV. CONCLUSIONS
With the modification of the code of criminal procedure by
the Law 11.690/08 [5] the importance of the chain of custody
has become evident in recent criminal cases. In many
situations, the forensic evidence produced at the crime scene
was invalidated by faulty manipulation.
The technologies employed in the proof of concept
represent an advance in the evolution towards the automation
of chain of custody management control systems. Ideally the
new systems will reduce incidents with evidences and the
disqualification as proofs in legal processes.
The success of the solution depends not only on the
efficiency of employed technologies, but also on the redesign
of processes in the chain of custody and the training and
motivation of people involved.
Nevertheless, the proof of concept demonstrated that the
adopted technological solution shows potential for
improvements in the efficiency on the chain of custody.
V. REFERENCES
[1] N. S Bonaccorso, “Aplicação do exame de DNA na elucidação de
Crimes,” [DNA exam application in crime elucidation] master’s
dissertation, Faculty of Law, Univ. of São Paulo, São Paulo, 2005 (in
Portuguese).
[2] N. S. Bonaccorso and C. Perioli, “Centro de Custódia,” [Center of
custody] 16th Congresso Nacional de Criminalística (CNC 01),
Florianópolis, 2003 (in Portuguese).
[3] R. Yaeger. “Criminal Computer Forensic Management,” InfoSec
Conference, USA, 2006.
[4] V. D. Hunt, A. Puglia, M. Puglia, RFID: A Guide to Radio Frequency
Identification, Wiley-Interscience, 2007.
[5] Código de Processo Penal, relativos à prova, e dá outras providências.
Law 11.690, Brasília, Distrito Federal, 2008 (in Portuguese).
Automating the chain of custody using RFID technology
to support the validation of forensics evidence D. B. Viríssimo1, A. Santiago1, M. C. Machado1, M. Y. Miyake1, V. D. Giarone1,
M. G. Mazziero1, H. F. W. Puhlmann1, L. O. A. Ruiz2 1 Institute for Technological Research, 2 Technical-Scientific Police of the State of São Paulo
Authors’ contact: [email protected] +55 11 3767-4656
The RFID Portal has two main purposes: automatic evidence
identification capture; and local signaling system to indicate authorized and
denied operations with the evidence. This Portal embeds technologies that
enable a quick and easy identification, with as little human interaction in the
process as possible, and to identify several evidences at the same time. All the
movements of evidences between sensible areas within the forensic analysis
department are monitored by RFID Portals located at the accesses of these
areas.
Fig. 3. RFID Portal scheme
1. Introduction
The chain of custody applies to the handling of samples and traces in
order to keep its authenticity and integrity, and it also refers to the
documentation used to register the sample movements and manipulations by
carriers following determinations mandated by legal authorities. In this process,
each agent having access to the evidence must be identified and registered. The
evidence, in turn, should also be identified and be identifiable at any time.
In 2010 it was launched, in the Superintendence of the Technical-
Scientific Police of the State of São Paulo (SPTC), a proof of concept of a
system designed to automate the chain of custody of forensic evidences under its
jurisdiction.
3. Conclusion
The technologies employed in the proof of concept represent an advance
in the evolution towards the automation of chain of custody management
control systems. Ideally the new systems will reduce incidents with evidences
and the disqualification as proofs in legal processes.
The success of the solution depends not only on the efficiency of
employed technologies, but also on the redesign of processes in the chain of
custody and the training and motivation of people involved.
Nevertheless, the proof of concept demonstrated that the adopted
technological solution shows potential for improvements in the efficiency on the
chain of custody.
2. The proposal
The new custody system must provide control in all phases of the
evidence life cycle. The use of automation is aimed at reducing human errors,
minimize the possibilities of unauthorized manipulation of evidences, and give
access to data in real time.
Once the evidence is received in the forensic analysis department it
receives a RFID tag with its identification code. At this time, the evidence is
registered in the chain of custody system. The identified evidence is then stored
in the evidence warehouse. All movements of the evidence must be monitored
by the system.
The Monitor System manages the information flow from RFID Portal
and identifies from which area the evidence is coming.
The Local System is responsible for the intelligence of forensic evidence
movement.
The Central System consolidates all the information from the Local
Systems, allowing the managerial control of the entire chain of custody over the
evidence life cycle.
Fig. 4. Proof of concept case scenario Fig. 1. RFID Tags on Evidence wrapper
Fig. 2. System Architecture