Select Committee on Home Affairs Written Evidence


10.  Memorandum submitted by the National Technical Assistance Centre

  NTAC is a Home Office unit in the Crime Reduction and Community Safety group. Within NTAC the Forensic Computing Team (Stored Data) are responsible for providing technical support to UK law enforcement and intelligence agencies in order to assist them gain access to protected data.

  NTAC forensics staff work on a diverse case load primarily associated with supporting the investigation of serious and organised crime. Typical tasks involve accessing encrypted files or password protected electronic devices.

  Cases are submitted to NTAC via a Principle Points of Contact network comprising individuals usually working in the forensic computing or data recovery units of the respective customer agency.

  Referred cases are generally a minimum of several weeks old by the time they are allocated to NTAC although casework involving crimes of a terrorist nature usually arrive more quickly. Delays occur for either or both of the following reasons:

    —  Limited resources within LE forensic teams This means that work is queued, sometimes for several months, awaiting an initial review by heavily tasked officers. It is only when this process takes place that encryption is recognised and NTAC contacted.

    —  Large amounts of data seized. In many serious investigations the sheer quantity of material needed to be examined means that it may take several weeks for the investigator to discover encrypted material.

  On arrival at NTAC forensic case investigation starts immediately; even when total caseload is heavy, work is commenced on a new case within five working days.

  An initial examination will reveal the extent of the encryption and indicate the likelihood of success. This process takes less than a week. The subsequent timing of the case is wholly dependant on the type of encryption applied and the nature of the forensic information recovered from the suspect computer. For example NTAC have processed cases for over one year and have still remained optimistic of obtaining a successful result. Other cases have been completed in less than a week.

  In general terms however it would be fair to say that if resolution of a case had not been possible after a reasonable period then the likelihood of a positive result diminishes significantly. An exact value for the length of this period is hard, if not impossible, to determine precisely due to the variety of factors involved. Past experience has shown that two months is usually adequate if a result is possible although this might extend to three months where a substantial amount of data or a large quantity of computers and media are involved. After these timescales the case officer will, in most cases, have secured a result; have identified indicators which pointed towards a positive outcome with considerable further work or concluded that the chances of success were limited or non existent.

26 January 2006





 
previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2006
Prepared 3 July 2006