The Growth of Digital Evidence Backlogs and Making Them a Thing of the Past
A recent report by the United Kingdom’s police oversight body, Her Majesty’s Inspectorate of Constabulary (HMIC), highlights a key issue that law enforcement agencies across the globe are facing: there is an overwhelming amount of digital evidence piling up.
This shouldn’t come as a surprise given the proliferation of smartphones, tablets, drives, computers, and other connected devices. Some estimates show that there will be 6.1 billion smartphones alone in the world by 2020.
Unfortunately, these devices not only make our lives more convenient, they have also helped to enable criminals. It’s easy to imagine that almost every criminal case could involve some form of digital evidence.
Each device confiscated as evidence comes into a police lab to be imaged (making an exact copy of the device data). The investigative work is done on that copy, so it doesn’t contaminate the original piece of evidence. With the volume of storage on our modern devices, it can take hours to get a copy of the device in to a decipherable format for a specially trained investigator to start reviewing the evidence.
The number of crimes involving digital devices is growing while the staff numbers performing the imaging, searching, and analysing can often remain limited. Twelve years ago, the backlog for cases involving digital evidence was 6-7 months. Our partners in policing tell us that in 2016, the backlog could be upwards of 2-3 years.
This type of backlog could easily lead to cases being thrown out of court as many jurisdictions have provisions for expedient trials. This means criminals could be walking free with the potential of committing more crimes.
The Problem is Growing
The days of looking at a phone and trying to find text messages and photos are long gone. We live in a world of expanding digital storage and data; whether it’s Facebook Messenger content, WhatsApp content, Uber information, Snapchat, geo-tagging locations, time stamps, and more – not to mention people who are tech savvy enough to try to hide it all.
Finding ways to help law enforcement recover and analyse that digital data quickly enough to prosecute or exonerate people is what drives us here at Magnet Forensics. It is the very issue that our Founder and CTO, Jad Saliba, started to see first hand when he was a digital forensic investigator. That’s why he created his first technology tool to conduct digital investigations, and it continues to be at the core of every Magnet Forensics innovation.
The HMIC report highlights the specific and highly technical skills required to conduct digital forensic investigations, but we have to be sure to maximise investigators’ time by utilizing other assets - including technology, non-technical personnel, and forensically-trained experts.
In our newest product, Magnet AXIOM, we focused on ways to make it easier for junior or non-technical personnel to start on a case, allowing senior investigators to use their unique skills at the data analysis and reporting stage.
Streamlined Workflows
There is a certain path of due diligence required for processing a murder case, versus a terrorism case, versus a child exploitation case, versus fraud and so on. With the number of different scenarios, technology can be aligned to work with the unique needs of each type of case.
We’re developing our technologies to fit these unique workflows and leverage automation so that the more tedious and repeatable tasks are handled quickly while time-consuming tasks or those requiring technical expertise are handled at the appropriate moment by the appropriate person.
We have looked to automation to help police agencies address digital evidence backlogs, starting with automating some of the more time-consuming and repetitive tasks. Utilising our products, forensics departments can now queue up multiple devices to be imaged and searched and then allow them to be viewed in a single case - as opposed to reviewing each device in isolation.
This automation not only reduces human error, it allows highly skilled personnel to focus in on strategic interventions - as opposed to spending valuable time connecting devices and waiting for them to process. It allows the important analysis to be done by trained investigators and officers that understand the context of the data that has been recovered.
In-Field Digital Forensics
Another way to decrease case backlogs is to empower front-line officers with some basic digital forensics training to perform a triage and/or extraction of data from a device. By conducting triage in the field, an investigator can act on pertinent information quicker, while waiting on the full report from the digital forensics lab.
This approach requires a combination of technology, training, and clear policies on the handling of digital evidence for each stakeholder in the process. Law enforcement agencies that have implemented this model are seeing an increase in efficiency of an investigation and a decrease in the backlogs within the digital forensics lab.
The HMIC report is not a revelation for Chiefs of Police or senior digital forensics investigators. This is a challenge that has been growing for some time.
We believe that forward-leaning police agencies around the world want to get ahead of their digital evidence backlogs and ensure criminals do not walk free because they could not get to the evidence in a timely fashion. This is no small task and will require strategic thinking and leveraging of all assets including technology partners.
We at Magnet Forensics are ready to roll up our sleeves and work with any police agency who is committed to making digital evidence backlogs a thing of the past.