When we hear the word ‘forensics’, many of us will understandably picture items of clothing tucked away in zip-lock bags or perhaps finger prints on door handles – but in an increasingly digital world, crimes are being committed using phones, laptops and other digital devices, and this has meant a spike in digital evidence, or ‘digital forensics’, as it’s otherwise known.
It’s not just cyber and e-crime causing an increased reliance on digital forensics, either; email accounts, hard-drives and other forms of digital evidence are often used to prosecute all types of crime. It can help uncover relationships, show intent, and act as proof of whereabouts for suspects called into question.
With this in mind, it’s becoming increasingly important for police forces to have processes in place to support the handling of digital evidence and, unsurprisingly, technology has a big part to play.
Since the rollout of National Enabling Programmes, police across the UK are using Microsoft technology more than ever before. The good news: with clever use of Microsoft functionality tailored to meet police requirements, mapping digital forensic exhibits as they make their journey through the system is easy to master in just five steps. Let’s break them down…
When a crime is committed, a ‘case’ will be created digitally so that all information related to that case can be stored centrally and accessed by investigating officers, including the Digital Forensics Unit (DFU) and the Officer in Charge (OIC).
A case number is assigned, giving each case a unique identifier that can be searched in the system for the quick return of data and information relevant to the crime in question.
Once a case has been created, digital forensic exhibits can be logged in relation to that case – and this can be done in one of two ways.
The first, and perhaps most obvious, is when an officer comes into possession of an exhibit – let’s say they’ve taken a suspect’s phone from them at a crime scene. The officer can use an app on their own mobile device to log it against the relevant case.
There may, however, be instances where citizens are providing evidence to support police investigation, for example doorbell cam footage or direct messages they’ve received from a suspect. An online citizen portal gives members of the public a quick and convenient way to submit digital exhibits if requested to do so by an investigating officer.
Once an exhibit’s details have been logged, it will be ‘booked’ into the system and given an ID number of its own so it can be easily tracked through the remaining stages of its journey.
With the exhibit correctly logged in the system, triage can begin, starting with a supervisory review.
When reviewing an exhibit, officers can assign a RAG (red, amber, green) status depending on how high a priority they believe the exhibit to be. A DFU officer will them be assigned to an exhibit and the RAG status helps them understand which they should turn their attention to first.
The assigned DFU officer will carry out their analysis, updating the digital case as they progress. Notifications can be sent to all concerned parties, saving the OIC time requesting updates on any of their case exhibits.
Once DFU analysis is complete, findings can be uploaded to the digital case file and resourcing can be updated accordingly.
With analysis complete, an exhibit can be returned and subsequently unassigned from the DFU before the case being closed, where appropriate.