Filling the gaps
It is increasingly important that every police officer has the ability to tackle digital crime, and Paul Slater explains how police forces, even with limited budgets, can do more with technology to keep up with cyber criminals and combat an evolving threat landscape.
As we are living more and more of our lives online, the number and variety of digital crimes is also rising exponentially, which makes it vital that every police officer has the ability and tools to tackle digital crime. However, phishing, trolling, malware, online scams, revenge pornography and the spread of child abuse imagery still go largely unrecorded and unanalysed. As a result, prosecution rates for computer-based crimes remain low.
Criminals are manipulating technology and the tools to preserve anonymity online more quickly than law enforcement is able to implement new techniques.
Why are police forces so woefully behind when it comes to tackling cybercrime? The problem is not just tied to budgeting. While police forces are being tasked to do more with less, this digital skills gap also represents a wider misunderstanding of digital crime as a whole.
The problem is accelerated by the fact that politicians and governments often try to solve the policing problem by increasing staff numbers, rather than empowering existing staff. Addressing staffing issues is important, but when it comes to digital investigations and intelligence, the problem lies in lack of resources to improve overall productivity, information sharing and collaboration between forces or agencies.
The notion is fairly simple. When you are trying to prevent or investigate criminal activity, the more information you have accrued, the better your chances are of succeeding. However, obtaining the right amount of information is one of the biggest hurdles faced by investigators today. Matters of secrecy, conflicting interests and communications all complicate efficient information sharing, and prevent officers from having access to the information they need to adequately investigate a crime.
In digital investigations, investigators need to evolve beyond traditional forensics tools and workflows, so they can efficiently analyse the contents of multiple evidence sources simultaneously.
On top of this, law enforcement agencies are dealing with a rapidly increasing amount of data, resulting from the expanding number of devices that are now being used in daily life. Aside from computers, evidence sources can include cloud-based email, social media, media players and wearable devices, among others.
This means that for larger-scale investigations, officers could be dealing with dozens of evidence sources from multiple suspects.
Information sharing is key to digital investigations
Investigative methodologies need to allow investigators to examine and cross-reference multiple evidence sources at the same time. However, crucial information can sometimes reside outside of the evidence that has already been gathered for a specific investigation.
The evidence may be from a previous or concurrent investigation conducted by different personnel, a different agency, office or country.
Law enforcement officials are acutely aware of the need to share intelligence both internally and externally, but they can be impeded by technical and procedural boundaries. This can lead to inevitable backlogs of evidence waiting to be analysed, which can invariably delay the prosecuting process.
One of the difficulties investigators face is making digital evidence available for review to internal or external personnel.
Investigative technology vendors have tried to address this problem by combining legal review platforms and forensic investigation tools, or by adding forensic processing and analysis capabilities to an existing review platform. These tools are often incredibly clumsy and difficult to set up.
Because the tools come from a legal review background, where most evidence is stored in email and documents, they are very text-centric, lacking fundamental abilities to examine multimedia such as photographs and video, and social interactions including phone call logs, SMS and instant messages, Skype chat and call logs, and browser histories and caches.
Another obstacle to effective collaboration is the fact that, in inve