„Co-funded by the Prevention of and Fight against Crime Programme of the European Union“ New certification programmes for law enforcement will facilitate the better collection of digital evidences Newly developed certification programmes for Lithuanian Law Enforcement agencies (LEA) –„Collection of electronic objects” and „Windows artefacts” are designed for LEA officers, IT specialists and experts, carrying out an investigation: First certification programme „Collection of electronic objects” is designed for LEA operating groups’ officers, criminal police officers carrying out an investigation, forensic specialists, involved in examination and review of crime scenes and often facing with problems at collection of digital evidences. The programme’s objective – to prepare competent investigation officer, who will be able to act at crime scenes, review or seizing, while electronic objects are detected in place. Second certification programme “Windows artefacts” is developed and designed for LEA officers who perform a review of the most common operational system – Windows OS. The programme’s objective – to prepare competent specialist, who will be able to perform review of Windows OS. „While cybercrime is growing rapidly, and in most cases the offense or on the spot the electronic items are found (computers, mobile phones, tablet, etc.), not all officials and experts, who taking place the scene, are well familiar with prevailing architectures of computer technologies, know the most common forms of external drives, are not always analysing on the spot existing networks and accesses to them or collecting information from peripheral devices or computerised systems of common infrastructure, – as highlighted Sergej Boldyrev, Head of Forensics Division at Vilnius County Police Headquarters. – Thus a part of potential evidences are not collected, or contrary, often over-collection of equipment and devices is taking place, this leads to excessive recording, logistic, storage and forensics that burden LEA work.” Tackling to solve these problems a certification programme “Collection of electronic objects” was developed. Once electronic objects are collected, the detail analysis is performing, then the crime evidences or to investigation relevant information are looked for. Usually the greatest attention is drawn for analysis of Windows operational system (hereinafter – OS) (Windows 7, XP, 8, 8.1, Vista), those in 2014 amounted 98.88 % of all used OSs (Source: Kaspersky report on secure network: Windows use and challenges. KasperskyLab, 2014) However, the Windows OS can investigate only professionals authorized to conduct IT investigations or inspections or enrolled into Lithuanian police list of specialists on IT objects forensics. These specialists were called only in 0.07% cases of all registered offenses in Vilnius County in 2014. Thus, there remains a chance that some information in Windows OS based electronic items will be not picked up or lost. The above mentioned specialists must have higher education in IT, but namely the specialty - IT professionals by criminals - it does not preparing by any Higher Education institution in Lithuania. Therefore, one of the quickest ways is to train already employed officers and investigators on how to investigate the Windows OS based electronic objects for searching the digital evidences and taking them. 1 „Co-funded by the Prevention of and Fight against Crime Programme of the European Union“ While forensic experts and IT professionals who work in law enforcement, constantly improving qualifications, however, there is a lack of systematic skills development on a larger scale. Namely a lack of experts and specialists causes the queues in Lithuanian Forensics Centre and other forensics institutions to carry out IT forensics. New certification programme “Windows artefacts” will allow in much shorter period to train and prepare competent experts and specialists, able to carry out Windows OS artefacts analysis. Numerous proceedings illustrations help to learn how to properly perform Windows artefact analysis. Developed certification programmes were presented to interested parties for validation, and pilot trainingsimulation under certification programme “Collection of electronic objects” was organised for LEA officers – in advance prepared classroom was being simulated a search and collection of electronic object (simulation of search, collection of items, recording, composing of photo tables etc.). This was followed by training participants to discuss actions and problem situations encountered in the collection of electronic objects. Developed certification programmes are going to be incorporated into single framework on LEA officers’ competence improvement. Active discussions about competence map development are going on and where various training and certification programmes should find its place. Such LEA competence framework will enable at least partly to standardise competences at national level. A lot of discussions about standardisation and competence recognition are going on at EU level too: E.C.T.E.G (European Cybercrime Training and Education Group) at EUROPOL seeks to establish the common European framework on LEA competences, to standardise LEA training and disseminate training programmes, developed in other EU countries, and share the best practices. Mentioned certification programmes were based on Spanish certification programmes “Collection of electronic objects” and “Analysis of Windows artefacts” via localisation and adaptation to the needs of Lithuanian LEA and IT forensics carried out in Lithuania. Development of both certification programmes were funded by the European Commission from ISEC programme under the project “Lithuanian Cybercrime Centre of Excellence for Training, Research and Education, L3CE, reference No HOME/2013/ISEC/AG/INT/4000005176). Programmes were localised and adapted by Vilnius County Police Headquarters, Lithuanian Cybercrime Center of Excellence for Training, Research and Education, Mykolas Romeris University and company Ekonomines konsultacijos ir tyrimai. 2