The term 'digital criminal' conjures up images of malicious cybercrime perpetrated by mysterious and nefarious hackers. The truth of the matter is usually more prosaic. There can be precious few crimes committed today that do not involve an element of digital investigation. The deep forensic analysis of a suspected international banking fraud is hardly an everyday occurrence, but the examination of a suspected drug dealer’s phone is more likely to happen more often.
Digital crime is growing exponentially at a time when high-tech crime units (HTCUs) are faced with stringent budgetary demands. We all leave a digital footprint, from the messages on our mobiles to the websites we visit, and criminals are no different. Consequently, in an increasing number of cases a suspect's digital devices will be seized for examination. Police forces everywhere must now have the capability to manage the rapid growth in data passing through the HTCU without needing to bring in additional support.
In the UK alone in 2014, there were 7.1 million incidents of crime, according to the Office for National Statistics. Putting that number into perspective there are 43 police forces in England and Wales, with 129,584 full-time equivalent police officers.
Compounding the challenge, police workforces are shrinking to match budgets slashed by five percent in 2015/16. The UK is certainly not alone in facing cuts to public spending. The simple fact is austerity cuts pose a significant threat to head count on police forces, indeed from 2013 to 2014 the number of officers in England and Wales dropped by 3.4 per cent, making the balancing act of meeting budgets while maintaining the size of digital forensic teams all the more challenging.
Digital criminal, digital challenge
The digital challenge goes beyond the number of devices that shrinking police forces need to deal with, to the types of crimes that units are encountering. Child abuse remains the biggest crime type needing digital forensic examination, but almost all other offences, from counter-terrorism, homicides, kidnapping, fraud, and drug offences, as well as suicides and road death investigations, have a digital factor.
Criminals, of course, are not especially keen on being caught. People who consciously commit crimes are aware of the trail of evidence they leave behind and will often be adept at hiding the trail, all of which adds up to additional time and resource required to investigate the digital property of a suspect.
A world of opportunities for criminals
Dramatic advances in technology has driven the recent data deluge faced by police HTCUs. Mobile devices are benefiting from Moore’s law in terms of processor power and storage and network connectivity is increasing. These developments present criminals with a wealth of opportunity to hide and disseminate harmful information everywhere from your smartphone to your datacentre. Police forces are coming under enormous pressure to process and analyse potential evidence in a very short space of time and in less than perfect IT environments.
Hard drives have to be copied or 'cloned' so as not to 'contaminate' the source of data. This is a major challenge for HTCUs as, in order to preserve data copied from clones, it requires huge storage requirements. It can take hours, or even days, to copy and process confiscated hard drives, together with the systems on which they are working. This has to be done with meticulous care and attention to detail.
In order to preserve the chain (or continuity) of custody a set of very rigid guidelines has been developed. Documentation has to include conditions under which the evidence is gathered. The identity of all evidence handlers must be revealed. The duration of evidence custody, security conditions while handling or storing the evidence, and the manner in which evidence was transferred to subsequent custodians must be stated. This all takes time.
Once cloned, data is 'ingested' by digital forensic experts onto one or several workstations, or high performance PCs. Again this can take a great deal of time depending on the amount of data being ingested before data can be indexed, triaged, and analysed.
In business, time is money. In criminal investigations, time is sometimes a matter of life or death. With increasingly data requirements being placed on HTCUs and shrinking budgets, we will see average waiting times for forensic analysis stretched.
All of this adds up to being a huge headache for police and security authorities. Help is in hand though. With a dedicated team of specialists working closely with police forces across the UK, it is possible to use this insight to form product strategies. These strategies will help companies focus on developing market-driven, highly relevant solutions for police customers, spanning every part of the business from security to services.
Tariq Hussain, director, Government, Dell UK
Image Credit: Shutterstock/Benoit Daoust