Blog

Industrialize the processes around the examination of digital devices

A Police sign above the doorway to a police station in London, United Kingdom

The BBC reported on their website [1] that police forces in England and Wales risk being “overwhelmed” by the volume of digital evidence. This was a response to the recent publication by her Majesty’s Inspectorate of Constabulary (HMIC) of the PEEL police efficiency 2016 report [2].

In fact, police forces around the world are at the same risk. At Tracks Inspector, we know this because we have been studying backlogs in digital forensics laboratories when we first started developing a new type of solution to address backlog issues arising in the Dutch Police in 2010.

The HMIC publication and responses, in combination with previous reports and publications from e.g. the UK Home Office and the DFRWS community, indicate that the real challenge for police forces is the industrialization of the processes around the examination of digital devices [3].

Tracks Inspector

Frank Coggrave is co-founder of Tracks Inspector and was VP of EMEA sales for Guidance Software. Frank has a great deal of experience with digital forensic laboratories around the world and explains how police forces should transform the process of examining digital devices:

“Police forces need to break down the process, i.e. get investigators closer to the data, enable experts to focus on the “hard stuff”, enable communication across the case, have flexibility for new forensic data sources, integration across a range of management solutions and build speed, resilience and rigor into the process.”

The HMIC report notes that forces need to give serious thought to the ICT architecture that they are designing. Hans Henseler, managing director and co-founder of Tracks Inspector with 25 years of academic and commercial experience in Digital Forensics and E-Discovery explains this is exactly why Tracks Inspector was developed and how it was designed:

“We have built Tracks Inspector as an enterprise solution, i.e. move from software applications that live on desktops to enterprise solutions that live in server rooms, provide intuitive web-based access via standard office and mobile equipment, scale the number of users, storage capacity and processing speed to whatever is needed, enable process automation and quality control, reduce IT complexity,  increase agility and integrate with other (enterprise) processes, e.g. case management and domain authentication.”

Improve business processes

The caveat with digital forensics expert tools and mobile phone examiner software is that there is no such thing as a perfect tool. Experts use a variety of tools, depending on the type of phone or computer artifacts (emails, calls, chats etc.) that may be relevant. However, the investigators need to make sense of these artifacts, because they are the ones that understand the case.

Every tool has its own export format and experts will present device extractions to investigators by using either a low-cost desktop search tool or, if available, a license-free viewer that is provided by the tool vendor. In some cases experts may print their results to PDF files expecting investigators to browse through hundreds if not thousands of pages to identify relevant information.

This process needs to be re-designed because it can get very messy, is prone to errors and takes time without any chance for collaboration. With Tracks Inspector, experts can upload forensic copies and xml reports in a single review platform. This platform presents the easy-to-understand artificats in an intuitive web interface enabling investigators to search, sort, filter and collaboratively label relevant findings.

Scalable, compatible and affordable

Man fingers setting cost button on minimum position. Concept image for illustration of cost management.

Tracks Inspector has a steadily growing customer base and continues to invest in integrations with mobile phone extraction kiosks and tools for digital forensics experts. To date it is the only commercial web-based review platform with an unparalleled ease of use enabling non-technical investigators to review digital evidence and improve collaboration with the experts.

We have designed our software from the start to complement both commercial as well as open source digital forensic expert tools and to deliver scalable performance on affordable standard enterprise servers. We have an architecture that IT departments understand and that will also perform on virtual environments such as ESX and Hyper-V.

Pricing model

Tracks Inspector software is sold as a yearly subscription for concurrent users. Organizations are charged only for the maximum number of users that need to have access at the same time. We do neither charge for the volume of evidence that needs to be processed nor do we charge for the number of servers or CPU cores in your servers. Need more storage or faster processing, just ask your IT department for more (physical or virtual) resources.

Want to know more? Contact us or one of our partners for more information.

More reading:

  1. http://www.bbc.com/news/uk-37846705
  2. https://www.justiceinspectorates.gov.uk/hmic/news/news-feed/police-forces-urged-to-get-back-to-the-future
  3. https://www.linkedin.com/pulse/real-challenge-digital-evidence-hans-henseler