Data MiningTurning digital evidence from a liability into an assetBy Jad Saliba, Paul Beesley and Jeff AdamThe proliferation of digital devices and the data they are generating is proving to be one of the greatest challenges of modern policing. A decade ago, digital evidence was a niche component in most investigations. Today, it has become essential to almost every investigation. While digital evidence can beintegral to police agencies securing prosecutions or exonerating the innocent, it can also act as a doubleedged sword.There is simply too much digital evidence for the current complement of digital-forensics professionals in police organizations to handle. Agencies are being overwhelmed. They’re building up months-long backlogs, restricting the case types in which digital evidence can be collected, and they’re even seeing judges throw out prosecutions due to delays, as we saw in the Supreme Court of Canada’s R v. Jordan decision.Without additional technical help waiting in the wings, police agencies have put increasing pressure on their digital-forensics professionals. To keep investigations moving, many are working overtime, contributing to increased investigation costs at a time when resources are limited. Police leaders cannot commit to paying overtime costs in perpetuity. Nor can they expect to address the surge in digital evidence by hiring more professionals. They’re under extraordinary pressure just to keep their pre-existing talent in the face of competition from the private sector and a global talent shortage in the field.With cyber and cyber-enabled crime expected to continue its rise, police leaders are at an inflection point. The choices they make now will influence whether their agencies will rise to the challenge or be engulfed by it. Maintaining the current approach will inevitably lead to an erosion of the public’s trust as more and more crime associated with digital evidence goes unaddressed.Transforming EvidenceTo transform digital evidence from a liability to an asset, police agencies must treat digital investigations as an agency-wide strategic imperative. They need to use their broader workforce more effectively and employ technologies like automation, Artificial Intelligence (AI) analytics and the cloud. The goal should be to eliminate case backlogs by redistributing the more menial workload away from digital-forensics professionals, freeing them to allocate their time to tasks more in keeping with their level of expertise.Much of the bottleneck in digital-forensics labs occurs during evidence processing. Devices are recovered by officers in the field, delivered to the lab and added to an ever-growing queue. In cases like a hit-and-run, a video that was recorded only minutes before police arrive at the scene may be all that’s needed from a cooperating witness. In these instances, first responders can contribute to digital investigations and take some of the pressure off the digital-forensics lab.The Federal Bureau of Investigation (FBI) came to the same conclusion in 2016, when it said it was “imperative” for first responders to “have a working knowledge of how to survey and secure electronic evidence.” Research also suggests that the public expects police officers to respond to digital crime, regardless of the size of their agency. Rather than defer the work to a digital forensic professional – who may take hours to recover a single picture or text message at significant cost to the agency – there is an opportunity to empower first responders to recover low-risk evidence by leveraging simple evidence capture tools.Aside from the efficiencies this approach would create, it would also help build public trust. Witnesses and victims are reluctant to submit their devices to police for a day, let alone a week or a month. Informing a victim or witness that they will not need to part with their device, and that they can choose exactly what they’ll share with officers, may give them the assurances they need to support an investigation.Automating the ProcessingEven if first responders engage in low-risk evidence collection, it will not alleviate case backlogs entirely. Unlike a hit-and-run, investigations into homicide, terrorism, human trafficking or child sexual exploitation often require police to collect multiple devices with terabytes of evidence. The evidence for each device must be processed, requiring digital-forensics specialists to run multiple tools and wait around for the results – sometimes for hours at a time. When they’re not physically present during evenings, weekends and holidays, evidence processing grinds to a halt and justice is delayed.Police agencies should automate repeatable tasks related to common digital evidence and case types. Doing so would have multiple benefits, most significant among them being that agencies could keep investigations running 24 hours a day, seven days a week, 365 days per year.Once the processing burden is addressed, agencies can focus on analyzing digital evidence to help complete cases with greater speed and precision by using AI and analytics tools. These tools quickly comb through millions of data points, automatically detecting photos, videos and chat logs pertaining to child sexual exploitation, weapons and drugs. They also create timelines of events and use geo-mapping to link individual pieces of evidence together to develop a better understanding of the crime.Canadian privacy commissioners have questioned whether some AI technology providers have acted ethically and legally, particularly regarding facial recognition technology used by police agencies on open-source data. This should not deter agencies from using AI on lawfully gathered digital forensic evidence. Police leaders must ensure lawful applications are preserved. Agencies should establish internal policies on the limited use of AI applications and work with privacy advocates and their governance bodies to develop a definition of “acceptable use.” The volume of digital evidence will continue to rise, and bans on these technologies stemming from perceived misuse will ultimately be harmful to the public’s safety.While using analytical tools to review digital evidence in the digital-forensics lab can improve case closure rates, it may not be enough to address the issue at large. Agencies may simply be transferring the evidence bottleneck from the processing stage to the review stage.Digital InvestigationsInvestigators currently participating in digital investigations are doing so inefficiently and in a limited fashion. Digital evidence reports are shared with investigators at many agencies via physical storage media. In most cases, this evidence can only be accessed after investigators travel to the digital-forensics lab and wait for a workstation to become available. Making sense of the digital evidence is complicated because of the complex nature of digital-forensic tools. The work of digital-forensics professionals is also impacted as they’re required to give investigators a stepby-step explanation of all the critical evidence. This results in hours of lost productivity for the investigator, the digital-forensics specialist and, ultimately, the agency.Investigators would benefit from working with a digital evidence review platform that is purpose-built for their needs and allows them to securely access evidence from anywhere, at any time. Above all, this platform should be easy to use and require minimal training. Any investigator, regardless of technical expertise, should be able to quickly access and understand the evidence, collaborate with colleagues remotely and develop reports. The platform could be or in the cloud depending on the preference of an agency and its cloud readiness.The organizations that have already implemented elements of this strategy were rewarded with immediate results. For example, the Waterloo Regional Police Service empowered first responders to collect low-risk digital evidence in the field, resulting in 70 per cent of its officers reporting that it was easier to convince witnesses and victims to participate in investigations. Another large municipal agency based in Washington State introduced automation to its digital-forensics lab and was able to turn evidence around to investigators in under 72 hours while finding 30 per cent time savings per case. London’s Metropolitan Police recently deployed a new evidence review platform and expects it will be able to solve cases up to three times faster.The choices before police leaders are clear: they can adapt, invest and transform digital evidence into an asset in the pursuit of justice or stay the course with current procedures and see it become an even greater liability in the years ahead.Jad Saliba is the founder and chief technology officer of Magnet Forensics and a former digital investigator with Waterloo Regional Police Service.Paul Beesley is an advisor to the Canadian Police Knowledge Network and the former Chief Superintendent and executive lead of the Ontario Provincial Police Cyber Strategy.Jeff Adam is a strategic advisor with Microsoft and the former Assistant Commissioner for technical operations with the Royal Canadian Mounted Police.
READ MORE LIKE THIS
[object Object]

Making Bold, Courageous Change

Interview with Jacqueline Edwards, recipient of the 2021 OACP President’s Award of Merit

[object Object]

Collective Leadership for Current Challenges and Changes in Policing

Collective Leadership for Current Challenges and Changes in Policing

[object Object]

Building Community Trust

Re-imaging de-escalation and crisis intervention

[object Object]

Safe Justice

Navigating the way forward

[object Object]

What (We Think) We Know About Body Cams

Canadian research is needed to examine how officers operate body worn cameras

TRENDING ARTICLES
1

THE FUTURE OF LEADERSHIP IN POLICING

Under the leadership of Chief Jim MacSween, the executive leadership team at York Regional Police (YRP) established a mission to re-imagine leadership development within the organization. YRP knew that standardizing leadership principles and delivering them to all ranks of the organization would enrich the development of ethical and professional leaders.

HQ Winter 2022 · Jan 29, 2022
2

President ’s Message

As police leaders, living in uncertain times is part of the fabric of our professional lives.

HQ Winter 2022 · Jan 29, 2022
3

Behind Blue Eyes

Behind Blue Eyes: A Police Officers Resiliency Journal as a way to help myself, other police officers, and first responders heal. My journal is a tool and resource and was created because my 23-year-old self would have benefited from the wisdom, insights, and life experiences that I have now. I was not prepared for the death, trauma, and suffering that I would see in my career. Since I was not prepared for it, I didn’t know how to navigate it or to handle it effectively.

HQ Winter 2022 · Jan 29, 2022
4

Connect, Lead, Inspire

As policing leaders, there are key elements to consider when it comes to developing outstanding organizations. Opening conference keynote presenter Tanya McCready of the Winterdance Dogsled Tour and author of Journey of 1000 Miles opened the conference with a timely message: time, dedication, trust, and practice are key elements to leadership, as well as ensuring that leaders know their team and where they thrive best.

HQ Winter 2022 · Jan 29, 2022
HQ Magazine

HQ Magazine

OACP Online Media Hub

info@oacp.ca
Privacy Policy
Terms of Service

Categories

Explore our inspiring content by topic

HQ's Comms Hub
HQ Summer 2023
HQ Magazine Winter 2023
HQ Winter 2022
HQ Summer 2022
HQ Summer 2021
HQ Magazine Winter 2024

Social Footprints

Follow us on our Social Media Channels

Facebook
Twitter