ASIC goes to market for Evidence Data Tool

The Australian Securities and Investments Commission (ASIC) has issued a tender for Evidence Management and Early Case Assessment (ECA) Software.

There are 350 users who use ASIC’s current ECA tool which processes around 1 Petabyte (PB) of data a year that is seized by or produced to ASIC.

The tender states “At present the seized data is triaged using a number of forensic tools and only around 15-20% (being user-created material) is imported into the ECA system. For very large evidence items (e.g., EDB mail stores or file servers) further culling is done within the ECA system (e.g., a subset of email mailboxes or a particular set of directories) and a new ECA repository is created containing only that subset, which is made available for review.

“Of the material that is examined outside of ASIC’s ECA tool, mobile phone data is increasingly prevalent. A system that incorporated mobile phone data with other evidentiary material would increase efficiency of review.”

The quantity of data ingested by ASIC’S existing Evidence management and Legal review Tool is roughly 6 million documents (5 TB of evidentiary files, 1.5TB of database content and 160GB of full-text index content) per annum.

“Total evidence storage requirements are for 1800 cases (including archived cases) containing 31 million documents (60 million files including rendered PDFs) totalling 32TB; 4TB of database content and 1.5TB of full text index content.

“There are 1400 users licensed for this tool with up to 300 concurrent users at peak times. There are 3 system administrators and 70 users with administrator privileges.”

ASIC operates a Hybrid Multi-Cloud environment spanning private data centres, AWS, and Azure. The environment for its ECA and EM solutions is in transition from on-premise to the cloud.

ASIC's electronic evidence processing requirements range from a few gigabytes to multiple terabytes in each matter. Sources of electronic evidence ASIC is required to process include (but are not limited to):

• Forensic images in EnCase (or "E01") format, DD format or logical "evidence file" formats (such as EnCase Forensic "L01", FTK Imager "AD1" and X-Ways Forensics "CTR").

• Seized or otherwise obtained computers, laptops and servers relating to investigations.

• Loose files stored on removable media such as CDs, DVDs, "USB drives" and portable hard disks or provided via email or file sharing solution.

• Mobile device data extracted by Forensic tools

• Cloud based account data (including but not limited to: Bloomberg messaging, Google takeout, Microsoft Teams communication, social media accounts).

ASIC expects the winning tender will be implemented in early 2023 with a three year contract.