Unleashing the value of digital forensics

Blog post

Unleashing the value of digital forensics

It is hard to imagine a crime where digital evidence does not play a role in its investigation. This poses both an opportunity and a challenge. The opportunity is that there is now more potential evidence that may be relevant in a criminal investigation and that could help to secure convictions. The challenge is getting policing into a position where it can access, process and examine such large volumes of data in a way that meets the standards we expect from criminal investigations.

Today the Police Foundation publishes a new report on digital forensics, commissioned by the Transforming Forensics Programme and intended to inform the development of a new national Digital Forensics Strategy for the police service.

While the public value of digital forensics is difficult to assess empirically, we have pinpointed several ways that it has a key public impact: it can speed up identification of offenders and innocent suspects, support the conviction of prolific offenders and therefore prevent numerous future crimes, reduce investigation time and reduce court costs.

Our research identified particular digital forensic techniques that have had added significant value to police investigations. The extraction of telematic data from vehicles, for example, can provide GPS waypoints, show when doors were opened and identify erratic driving. In the Anglesey crossbow murder in 2019, while the vehicle was not the subject of the crime, such software helped prove that a specific vehicle was the crime enabler.

Other impactful techniques include the capture of timestamped and hashed open source internet data, wifi router analysis to reveal all previously connected devices and expose hidden devices, and analytics software that can use AI. For various reasons, these are not available across all 43 forces, meaning capability fluctuates across England and Wales.

It is widely accepted that automation and cloud-based storage would advance digital forensics. Automation would save around a third of examiners’ time by avoiding cumbersome manual tasks. Cloud-based storage would enable a greater amount of data to be stored and accessed remotely (and by other forces if appropriate), dispensing with the need for often slow on-site servers.

However, we have identified five key challenges facing digital forensics that need to be rapidly addressed if policing is to make the most of this potential, and indeed ensure that crimes are investigated to the standards society expects. 

Firstly, the sheer volume of data trails is growing at an alarming rate and in parallel with ever-improving criminal innovation. Meanwhile, human resources continue to be constrained and technological resources outdated. There is a unique requirement for examiners to have IT and investigatory competencies, which can be hard to find and retain. The upshot: criminal enquiry backlogs of up to six months.

Secondly, in terms of skills and knowledge, our research made clear that frontline police officers need improved training on digital forensic procedures and better communication with examiners to understand their capacity. Additionally, enabling officers to use frontline kiosks for low-level examination would provide early intelligence and enable labs to be more proactive in their evidence gathering.

Thirdly, a fragmented police service is widely deemed ineffective for the purposes of digital forensics; each force has different governance, systems, priorities and capabilities. Silo working undoubtedly has a negative impact on quality and this is exacerbated by a lack of common standards. While ISO accreditation ensures that evidence submitted to courts is reliable, forces have generally struggled to attain it. Furthermore, it is normal practice to contract private forensic providers to cope with demand, but a lack of collaboration and the use of different tools can affect extraction results. This is of particular concern when presenting evidence in court.

Fourthly, technological challenges arise from the increasing range of devices and data formats requiring examination which is made more difficult by minimal communication between the police and device/app manufacturers. Encrypted devices pose a similar challenge as they offer various consumer benefits to the manufacturer. In addition, the public are increasingly using third-party cloud-based storage that may be hosted in other countries. Getting legal permission to access evidence across jurisdictions can be time-consuming and it is not necessarily preserved.

Finally, legal challenges include the technical understanding of courts; legal practitioners often ask for further investigation in unrealistic timescales, ask for evidence in complicated formats and have low quality audio-visual systems in courtrooms

Long-standing ethical debates on privacy versus security remain a prominent challenge for digital forensics. The answer is often framed around proportionality but the police struggle to navigate unclear legal frameworks, including guidance on data retention. Recent rape trials have highlighted a serious tension between a victim’s right to privacy and a defendant’s right to a fair trial. Victims may already be reluctant to hand their devices to the police as doing so limits their communication methods and they must also be reassured that their personal data will not be sifted through. These fears can deter victims from reporting crime.

Such debates will only intensify as new technology emerges. Ambiguous legal frameworks have led to the police to develop their own protocols around live facial recognition, which has triggered significant controversy that should perhaps be resolved by parliament.

The ubiquity of digital traces has created an overwhelming problem for the criminal justice system. Technological change has outpaced the knowledge and understanding of society and we have not yet adapted to the changing nature of crime. Perhaps one of the biggest challenges for the future is prioritisation. The problems facing digital forensics are multifaceted and interrelated. The police and the wider criminal justice system will need to tackle most or all of these challenges if the value of digital forensics is to be unleashed. Ultimately this requires increased investment, as well as greater coordination, which we hope will be taken forward by the new Forensic Capability Network.