Monday 14 July 2014

From Police Oracle with thanks

 Posted in Police Oracle

Date - 11th July 2014
By - Stuart Hyde

Operational policing challenges of digital evidence
One of the challenges to policing is securing evidence from digital devices.

So often simple demands for service require officers to have an understanding of technology including how to secure and access evidence or intelligence from digital devices. Likewise reference to social media has grown substantially to an extent that many incidents and calls for service now have a digital aspect. That can range from allegations of Facebook bullying, to recovering images of missing people, from identity fraud, to producing evidence of drug offences.

Now, evidence or information from digital devices or social media can be required in a large proportion of cases or calls for service. Reference to social media in incident logs has more than doubled in the last two years.

Backlogs, changing technology, access to support, the risk of damage or corruption of data, are just some of the barriers to effective policing. Officers investigating a criminal act often need to produce evidence, which has traditionally been located in fingerprints, DNA, witness information, suspect behaviour and other investigative techniques.

These days' investigators require much more information, intelligence and data from digital devices. Yet the process for securing that evidence is often subject to log jams and remotely located High Tech Crime Units.

What the investigator needs is direct access to the contents of the device, quickly and effectively to allow an informed and effective interrogation, and linking it to more traditional techniques.

Over the years the quantum of data that could potentially be considered has grown exponentially in relation to the availability of people to gather and analyse that data. Now, terabytes of data are the norm and much more difficult both to search and to analyse.

Identifying evidence that can show connection between fellow criminals, location of suspects at a particular moment in time, the ownership of images of child abuse, or logs demonstrating connectivity prior to a hack or an identity crime, are all valued in the investigative process.

Providing the investigator with the ability to examine and assess that data is of paramount importance. Keeping all digital work centralised, in remote locations where expensive journeys are essential to secure evidence, will not always reduce the current backlogs or help to develop the digital investigation skills of officers.

Police officers only want to serve their public and are often frustrated by the time it takes to secure evidence from a seized laptop, tablet phone or hard drive. The delay in securing this evidence and slowing up the investigation is as annoying to the investigator as it is to the public.

Waiting six months to view evidence from a seized computer is simply not good enough for the investigation or the public.

By using commercially available software or outsourcing, the backlog can be reduced. However, this is only part of the solution. Bringing officers into the investigation process and allowing them some engagement and ability to analyse will help to develop their professional digital skills.

Keeping officers isolated and remote, could discourage seizing digital devices or miss the opportunity to help them learn. A solution that matches upholding digital forensics standards, as well as allowing effective and efficient analysis of the digital recovery, will help officers to understand digital evidence and prepare them for the future.

I wrote this in my role as Director of Solutions Law Enforcement, CCL Group
Do you have an interesting news story? Contact the Police Oracle newsdesk on 0203 119 3360
or alternatively get in touch via the contact form.

Popular Posts in last 7 Days