How Police Officers Are Tackling The Data Backlog With Digital Forensics

Uploaded on 2022-10-10 in GOVERNMENT-Law Enforcement, FREE TO VIEW

Police forces across the globe are struggling with unprecedented volumes of data. In the UK, 90 percent of crimes now feature some digital element and officers across England and Wales claim cybercrime data is doubling every 18 months. Yet the way in which this data is collected, processed and reviewed is time consuming and resource intensive, with an overdependency on hardware and bottlenecks caused by the need to physically get the data to Digital Forensics Units (DFUs). 

Those forces that do have the capability to process data digitally are now finding themselves hampered by the speed with which this can occur. Some cases produce such massive amounts of data that they overwhelm existing equipment.

For instance, one European federal police agency needed to process seven terabytes of data from a Mac image, including a back-up folder and several PST email files – a process that would have taken days, if not weeks, particularly with respect to then indexing the data. Being able to divide and conquer this data has therefore become paramount.

Increasingly, police forces are seeking to empower their officers on the ground through remote collection. Digital kiosks, for instance, allow them to quickly extract and process evidence. However, any subsequent data that then comes to light has to be submitted directly to the DFU which may mean evidence is not analysed side by side, leading to connections being missed, pointing to the need for a collaborative environment.

But, putting police officers in the role of the investigator requires significant adjustments to be made to ensure that the process if defensible, the chain of custody is maintained, and that the officer is also protected. Controls would therefore need to be built-in to ensure certain aspects were automated, that officers weren’t subjected to graphic material unnecessarily, and that connections were made between seemingly unrelated pieces of evidence.

Cloud-based Digital Forensics

There’s long been an awareness that the digital forensics process needed modernising. The Digital Forensic Science Strategy makes the case for a cloud-based solution to centralise data management, enable collaboration between officers and digital forensics investigators, automate and streamline processes and rationalise data storage. This would make it possible for digital evidence to be collected remotely from anywhere but was seen as unachievable until 2025 at the earliest.

Despite the challenges involved, however, West Midlands Police became one of the first forces worldwide to deploy a cloud-based digital forensics service earlier this year.

Using Exterro’s FTK Central platform housed in Microsoft Azure, the force is now collecting, processing and reviewing extremely large volumes of data at speed, whilst also centralising access allowing officers and digital forensic investigators to work on evidential data simultaneously.

Forensic and legal review workflows delivered via a single collaborative, web-based tool gives users a real-time view into their assigned cases. As the solution requires minimal training, front line officers can work with forensic reviewers, examiners, and investigators to collect, process, and review key case-evidence. 

Protecting The Police

Built-in controls help protect the user, such as Explicit Image Detection which incorporates a mental health shield for investigators by guarding against unnecessary exposure to graphic material during forensic review. The AI-powered Video Recognition and Explicit Image Detection also interfaces with CAID and Project Vic, a comprehensive unified missing/exploited children database to identify victims while cross-case analytics also helps to identify possible connections, helping to safeguard children sooner. 

Other forces stand to gain the same benefits with officers and investigators able to work flexibly and collaboratively, freeing up resource and eliminating the delays that have allowed case load data to accumulate. Forces will also be much better placed to deal with future change, with the ability to access data over a variety of endpoints and help maintain accreditation with the ISO17025 quality standard for their forensic science activities which is now a mandatory requirement. 

On the continent, the European federal police agency referred to earlier, has also been able to use the same technology to tackle its data mountain. It processed the seven terabytes of data in just an hour and 40 minutes and indexed that data in under 12 hours by configuring one Distributed Processing Manager to manage 11 Distributed Processing Engines. This effectively shared the processing power over these multiple pieces of hardware, accelerating processing speed to unparalleled levels.

Going forward, this processing capability coupled with workflow processes that both protect and empower the police, promises to significantly reduce the data backlog, expedite case reviews and increase speed to justice, helping to safeguard citizens faster. And, as AI develops, the expectation is that this form of digital forensics will lead to virtual assistants that will make causal links, propose possible avenues for further investigation, and offer up actions for consideration.

Such advances are therefore not only empowering the police and making the process faster but will also make it more thorough by exhausting every line of enquiry.

Harsh Behl is Director of Product Management (Digital Forensics and Incident Response) at Exterro

You Might Also Read: 

Europol Is Told To Delete Its 'Big Data Ark':

 

« Ukraine Predicts A Massive Cyber Attack From Russia
October Is Cyber Security Awareness Month »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cybsecurity Foundation (CSF)

Cybsecurity Foundation (CSF)

Cybsecurity is a non-profit NGO, which aims to work on improvement of security levels in the Polish cyberspace.

iboss Network Security

iboss Network Security

The iboss cloud is designed to deliver Network Security as a Service, in the cloud, using the best malware engines, threat feeds and log analytics engines.

Semperis

Semperis

Semperis is an enterprise identity protection company that enables organizations to quickly recover from accidental or malicious changes and disasters that compromise Active Directory.

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC) is one of the most distinguished Cybersecurity, Privacy and Information Security Conference in Thailand and Southeast Asia.

Lumen Technologies

Lumen Technologies

Lumen is an enterprise technology platform that enables companies to capitalize on emerging applications and power the 4th Industrial Revolution (4IR).

National Cybersecurity Student Association (NCSA) - USA

National Cybersecurity Student Association (NCSA) - USA

The National Cybersecurity Student Association is a one-stop-shop to enhance the educational and professional development of cybersecurity students through activities, networking and collaboration.

eResilience

eResilience

eResilience is a division of Referentia Systems, a pioneer in an ultra-secure information safeguarding technique known as “Enclaving”, in which data can be segmented and protected within a network.

AaDya

AaDya

AaDya provide smart, simple, affordable and effective cybersecurity software solutions for small and medium businesses.

DataFleets

DataFleets

DataFleets is a privacy-preserving data engine that unifies distributed data for rapid access, agile analytics, and automated compliance.

Harvey Nash

Harvey Nash

Harvey Nash is a leading global provider of talent and technology solutions.

Fireblocks

Fireblocks

Fireblocks is a digital asset security platform that helps financial institutions protect digital assets from theft or hackers.

LayerX Security

LayerX Security

LayerX's user-first browser security platform turns any browser into the most protected & manageable workspace, by providing real-time monitoring and governance over users’ activities on the web.

Northrop Grumman

Northrop Grumman

Northrop Grumman is a global provider and integrator of complex, advanced and rapidly adapting information technology, cybersecurity, mobility and optimized services and solutions.

CyberSecureRIA

CyberSecureRIA

We founded CyberSecureRIA specifically to secure and support RIAs. We exist to secure SEC-registered RIAs, and keep them compliant with cybersecurity regulations.

Dispel

Dispel

Dispel makes the fastest secure remote access for industrial networks. Built by operators for operators: a zero trust engine for your entire OT, IoT, and xIoT stack.

C5 Technology

C5 Technology

C5 Technology specialises in the provision of networking, security, and infrastructure services to enterprises and government agencies.