Improbable Database Of A Farc Commander


Between 1 March and 3 March at 11.45am, an agent of the Colombian anti-terrorist unit accessed the eight exhibits, in contravention of "internationally recognised principles for handling electronic evidence by law enforcement". Here is what Interpol found (1):

 

Seized exhibit 26, a laptop computer, showed the following effects on files on or after 1 March 2008:

 

* 273 system files were created

* 373 system and user files were accessed

* 786 system files were modified

* 488 system files were deleted

 

 

Seized exhibit 27, also a laptop computer, showed:

 

* 589 system files were created

* 640 system and user files were accessed

* 552 system files were modified

* 259 system files were deleted

 

Seized exhibit 28, also a laptop computer, showed the following effects on files on or after 1 March 2008:

 

* 1,479 system files were created

* 1,703 system and user files were accessed

* 5,240 system files were modified

* 103 system files were deleted

 

And so the list goes on. If it is correct, then for three days the anti-terrorist agent’s top priority, presented with a goldmine of information about the Farc, was to create, modify and delete a total of 48,055 files which held no interest (conclusion no 3).

 

Further questions arise when you read that:

 

Exhibit 28 contains one file that was shown as created on 17 August 2009 Exhibit 30 contains:

 

* 668 files with creation dates that range from 7 March 2009   to 26 August 2009

* 31 files which show as having been last modified between 14   June 2009 and 26 August 2009

* These files contained either music, video or images

 

 Exhibit 31 contains:

 

* 2,110 files with creation dates ranging from 20 April 2009   to 27 August 2009

* 1,434 files which show as having been last modified between   5 April 2009 and 16 October 2010

 

 Interpol concluded that these files "were originally created prior to 1 March 2008 on a device or devices with incorrect system time settings". Yet this didn’t cause it to doubt its conclusion that there was no evidence of abnormal creation, modification or deletion of files.

 

   ________________________________________________________

 

(1) "Interpol’s Forensic Report on Farc computers and hardware seized by Colombia", http://www.interpol.int/public/ICPO

 

Leave a comment