Army deploys PC forensics technology in Iraq

Equipment and techniques normally associated with resolving business disputes have made their way into post-war Iraq, where the army is using it to find evidence of war crimes
Written by Munir Kotadia, Contributor

The British Army has revealed that it is using PC forensics technology in Iraq to search through recovered electronic media to investigate illegal activities undertaken by the previous regime.

The British Army's Land Information Assurance Group (LIAG) -- a specialist TA unit that provides IT services -- has been deployed in Iraq since the end of the war in order to analyse abandoned and partially destroyed electronic media. The unit is responsible for recovering hidden or erased files and emails from all types of electronic storage media in order to build a catalogue of evidence that can stand up in court.

"Any evidence gained has to be legally admissible, and we knew that computer forensic techniques were far more thorough than other methods of data analysis," said the LIAG's Major John Pringle in a statement.

Simon Janes, operations manager for computer forensics at data recovery specialist Ibas UK, which provided the army with a "mobile forensics laboratory", said one of the most important requirements for the recovered data was to guarantee that it had not been altered in any way -- a requirement for evidence to be given in court.

The data recovery device is the size of a small suitcase and is essentially a full-sized PC motherboard with removable bays and the ability to plug in any known type of electronic storage media, according to Janes. The device is loaded with more than 30 data recovery tools that include specialist products as well as standard software available on the Web. "I won't reveal the software used, but some of it is shareware, some is freeware and some is commercially available off the shelf," he said.

Janes said that unless the storage media is physically destroyed, it is usually possible to retrieve much of the data, though physical damage does make the recovery process more difficult. "The more pieces (the storage media) is in, the harder it is to do anything with it," he said.

While there are software tools designed to obliterate all data, they are often misused and can leave behind valuable information, Janes said.

Data recovery systems are usually implemented to resolve commercial disputes, Janes said. "We have been called in on a number of occasions where, on the face of it, Mr X is accused of doing something, but when you look into it, it was actually Miss Y who wants to get rid of him. Things like this have always gone on in the workplace, but now it is on the computer," he said.

Editorial standards