Police Are Mishandling Digital Forensic Evidence

Police officers are trampling over vital forensic evidence, are under-trained, and often do not know what they are looking for, MPs investigating digital disclosure problems have been told.

Giving evidence to a justice select committee inquiry into failures to hand over material that have led to multiple court cases collapsing, leading digital forensic experts warned of funding shortfalls and inadequate skills.

“One of the problems is the sheer amount of digital evidence the police have to look at,” said Dr Jan Collie, of Discovery Forensics, who specialises in defence work.

“You have to consider the cloud [for digital storage], too. There’s evidence everywhere. With cuts in funding, officers don’t have the time to do all that.

“When I first started, the police had their own digital forensic units and knew what they were about. Now you are getting very sketchy evidence. People give me screenshots of pictures of a phone. I need to see [a copy of the] original, be able to repeat and verify tests.”

Police forces do not have sufficient resources, she added: “When they have the people, they haven’t got the money to send them on courses.” Officers do not always understand the context of where digital information is found – whether it has been inadvertently hoovered up through a browser or purposefully searched for, Collie said.

“A lot of police stations have mobile phone extraction kiosks where they put a mobile phone in and press a couple of buttons, but it’s not enough analysis. A police officer who has been trained for about a day can use the equipment. He can click it in and handle the buttons, but often they spoil the evidence by mishandling. It’s like they have trodden on the evidence. Interpretation of data is being carried out by ordinary officers – they are not trained to do it.”

Many recent cases that collapsed involved rape charges where crucial text message exchanges were either missed by investigators or only released belatedly. 

Prof. Peter Sommer, an expert witness in digital forensics cases, told MPs: “These kiosks are designed for preliminary inquiry, to see if it is worth pursuing. They don’t really produce reliable evidence. 

“It’s cherry picking. The posh phrase is confirmation bias. It’s got worse because the volumes you have to deal with have got much greater. These tools have deskilled [people]. Unless you know what you are looking for, the results can be very misleading.”

He also pointed out that underfunding of the criminal justice system was leading to many digital forensic experts to quit. “People are ceasing to do it because it’s uncompetitive,” he said. “In criminal work, it’s £72 an hour. If you work for civil case clients, it’s £250 an hour.”

Dr Gillian Tully, who is the official forensic science regulator, told the committee: “Police digital forensic units are quite good at extracting information and making copies. They then pass copies to the general police, and investigators don’t necessarily have the tools to search the information or make good use of it.” 

Tully has called for additional funding for forensic science, adding: “When it comes to legal aid funding, it’s largely awarded to the business with the lowest quote – which is not helpful for quality.” 

Sommer suggested one way to solve disclosure failures would be for all the digital material to be handed over to the defence. But Rebecca Hitchen of charity Rape Crisis, told the committee that disclosure of highly personal evidence often leads to victims refusing to testify, particularly in sexual assault cases.

“When a complainant learns of the level of intrusion into their lives, they often decide it’s not in their best interest to continue,” she said.

“There’s incredibly high levels of withdrawal [from police investigations around the issue of personal history, for example if someone had an abortion at an earlier stage and the police can’t give an assurance that it won’t be revealed. The sensation of sex crime survivors is often that they are being put on trial.”

College of Policing:      Guardian:         Met Police

You Might Also Read: 

UK Police Give Cybercrime Warning:

Terrorists Deploy New Techniques To Counter Digital Forensics:

« Terrorists Deploy New Techniques To Counter Digital Forensics
Bank of England CIO Sets A Cybersecurity Challenge »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BMS Group

BMS Group

BMS is an independent, employee-owned specialist insurance broking group. Broking solutions include Cyber and Technology.

SQNetworks

SQNetworks

SQNetworks provides a full range of cybersecurity consultancy, services and solutions.

Avira

Avira

Avira provide a portfolio of antivirus, security and performance applications for Windows, Android, Mac, and iOS.

AllegisCyber Capital

AllegisCyber Capital

AllegisCyber is an investment company with a focus on seed and early stage investing in cybersecurity and its applications in emerging technology markets.

Deceptive Bytes

Deceptive Bytes

Deceptive Bytes provides an Active Endpoint Deception platform that dynamically responds to attacks as they evolve and changes their outcome.

6point6

6point6

6point6 is a technology consultancy with strong expertise in digital transformation, emerging technology and cyber security.

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71) is Singapore's first cybersecurity entrepreneur hub.

BrandShelter

BrandShelter

BrandShelter specializes in providing online brand protection for companies and trademark owners.

Tier One Technology Partners

Tier One Technology Partners

Tier One Technology Partners is an IT managed services provider that focuses on cybersecurity, cloud services, IT consulting, and infrastructure.

CRI Group

CRI Group

CRI Group excels at deterring, detecting and investigating crimes against businesses using a global network of professionals specially trained in Anti-Corruption, Risk Management and Compliance.

Ostrich Cyber-Risk

Ostrich Cyber-Risk

Ostrich Cyber-Risk is a risk management company that helps organizations reduce the complexity of identifying financial and operational risks related to your cybersecurity posture.

Heartland Business Systems (HBS)

Heartland Business Systems (HBS)

Heartland Business Systems serves commercial, public sector and small to medium business with results-driven and dedicated information technology services.

Colt Technology Services

Colt Technology Services

Colt Technology Services (Colt) is a global digital infrastructure company which creates extraordinary connections to help businesses succeed.

Onum

Onum

Onum helps security and IT leaders focus on the data that's most important. Gain control of your data by cutting through the noise for deep insights in real time.

CyberSalus

CyberSalus

CyberSalus is a pioneering cyber tech services company dedicated to protecting the digital integrity of healthcare organizations.

X-PHY

X-PHY

X-PHY is a pioneering cybersecurity company dedicated to hardware-based cybersecurity solutions that protect data at its core.