The Greater London area is a sprawling metropolis, with a population of more than 14 million. But the City of London itself is just 1.12 square miles with about 8,000 residents. Known as the “Square Mile,” the City sits alongside the River Thames. It is London’s primary central business district and a major financial center that’s home to the Bank of England and the London Stock Exchange.

City of London Police Logo (Credit: City of London Police)

Protecting the City’s residents, visitors, workers and businesses is the City of London Police territorial police force whose jurisdiction includes London Bridge. The agency has seen its share of high-profile criminal acts since it was established in the 1830s.

Today, the City of London Police has more than 1,000 law enforcement officers and staff. It’s separate from the massive Metropolitan Police, also known as Scotland Yard, which handles law enforcement in 32 London boroughs and protects the Palace of Westminster, Heathrow Airport and much more. The City of London and the Metropolitan Police collaborate often, however, including on anti-knife crime and counterterrorism initiatives.

Paul Dainty – Forensic Manager for the City of London Police, is a firm believer that law enforcement agencies need a digital investigation strategy.” (Credit: City of London Police)

“You can imagine the significance of the Square Mile to those who wish to commit high-profile crimes against the United Kingdom as a nation,” said Paul Dainty, Forensic Manager for the City of London Police. “Our agency, alongside the Metropolitan Police, have a heightened level of security around counterterrorism and we’re briefed regularly by security and intelligence services MI5 and MI6 about the status of threat levels.”

The need to work faster and more efficiently to help protect and save lives and accelerate justice motivates the City of London Police in its ongoing efforts to transform digitally, according to Dainty.

Another ongoing focus for the City of London Police is the “high rate of general volume crime” that occurs within the Square Mile due largely to its many visitors — and the criminals who target them. The agency also leads nationally in investigating fraud and economic crime. For example, it works closely with the National Fraud Intelligence Bureau (NFIB) to run Action Fraud, the U.K.’s national reporting center for fraud and cybercrime.

The agency also operates a dedicated Police Intellectual Property Crime Unit (PIPCU), which works with brands and companies around the world to investigate and deter the counterfeit goods trade. PIPCU also helps combat the digital piracy of streaming content. “The Motion Picture Association of America funds two members of staff who work within our team, and we work alongside them,” said Dainty.

While the City of London Police may be small compared to Scotland Yard, its responsibilities are great, and given the types of serious crimes it investigates — including many that require the collection and preservation of data from an array of digital sources — the agency can’t afford to be slowed down by manually intensive processes and outdated technology tools.

Pressure to Move Fast, Be Present and Manage Expectations

“We have finite resources, and every request is urgent,” said Dainty. “Quite a lot of my day is spent fielding inquiries about what we can and can’t do — and whether people should even submit casework to us — because we don’t have the time or capabilities.”

Dainty joined the City of London Police in 2010 as Head of Fingerprints and was promoted to his current role in 2015. As Forensic Manager, he reports to the Director of Forensic Services. The Forensic Services Department is comprised of five disciplines: Dainty manages the Fingerprint Enhancement Laboratory, the Fingerprint Bureau and the High-Tech Crime Unit (Digital Forensics Unit), and another manager oversees Crime Scene Investigation (CSI) and Collision Investigation.

As part of its digital strategy, the forensics department of the City of London Police has recently adopted Cellebrite Premium to help investigators access and collect digital evidence faster from all iOS and high-end Android devices. (Credit: City of London Police)

Dainty is a firm believer that law enforcement agencies need a digital investigation strategy. “I can say wholeheartedly that a digital strategy is key to a successful investigation. About 99% of the time, the investigations that our High-Tech Crime Unit ends up with that are a mess, or that don’t go according to plan, end up that way because the digital strategy at the outset was poorly conceived.”

An additional pressure for the High-Tech Crime Unit, Dainty said, is frequent requests for team members to go to crime scenes. “I would say that every week, we’re getting requests to provide on-scene assistance. I’m often taking phone calls from officers who’ve turned up at a crime scene with no digital strategy who suddenly found they were confronted with technology they don’t know what to do with. So, they call us.”

Dainty added, “However, consider that my team has only 11 digital forensic examiners right now to support a nationwide network, while also trying to execute warrants and do everything in-house. So, it’s a struggle to meet demands.”

A Lucky Turn that Could Easily Have Been a Miss

One of those urgent calls from the field actually helped to accelerate the decision by the City of London Police to find a way to equip its High-Tech Crime Unit with more advanced technology to access devices. The case involved a large cannabis farm operated by an organized crime group. Investigators executed a warrant to search the property but didn’t have a detailed digital investigation strategy going in — and that proved to be problematic, Dainty said.

“When they entered the building, they found routers galore, cables running through ceilings and digital devices here, there and everywhere — many of them encrypted,” said Dainty. “That’s when someone said, ‘Who has the number for the High-Tech Crime Unit?’”

The City of London’s High-Tech Crime Unit also provides assistance for officers in the field who often call in for help when confronted with technology at crime scenes that they don’t know what to do with. (Credit: City of London Police)

The investigators applied Cellebrite solutions to the only unencrypted mobile device found on the scene and, luckily, collected ample digital evidence to advance the investigation. “That unencrypted device we accessed was massively key, particularly in terms of messaging between suspects and timelines and identifying the chain of command,” said Dainty.

“With Cellebrite, we were able to access the device and collect digital evidence from it quickly. While investigators were still examining the scene, we had already sent the report back to the investigative team for review. That quick intelligence let them say to the suspects, who weren’t cooperating, ‘Hey, we know Person A is the big boss.’”

Dainty says the digital evidence collected by his team helped to send all but one suspect to prison, and those who are incarcerated are now serving multi-year sentences. But while this case had a positive outcome, Dainty said the experience helped underscore a significant gap in the investigation capabilities of the City of London Police. The agency lacked the ability to access encrypted Android devices quickly and efficiently — and without luck being on investigators’ side, the drug farm investigation could have stalled or fallen apart.

The City of London Police was already weighing options for helping the High-Tech Crime Unit improve its data collection and preservation methods. The core question was whether it would be more cost-effective over the long term to insource or outsource these capabilities. Dainty said it became increasingly clear that enhancing in-house capabilities was the way to go if the High-Tech Crime Unit was going to address the ever-growing backlog of everyday cases that deserve investigation — but were deprioritized due to the team’s resource constraints.

“We have a lot of low-value or low-level crime that would benefit from digital evidence being collected, but we couldn’t justify the expense for investigating that type of crime. And that meant we were disproportionately failing to investigate or recover evidence for these cases because it just wasn’t financially viable.”

After weighing options to help the High-Tech Crime Unit improve its data collection and preservation methods, the City of London Police chose to include more advanced Cellebrite tools. (Credit: business.panasonic.co.uk)

The City of London Police recognized this situation was worsening — and undermining the agency’s work to help protect and save lives. Dainty said his team knew Cellebrite Premium was the solution they needed to have from observing their counterparts in the Metropolitan Police using the advanced access solution. “We knew it would be effective for us, too,” said Dainty.

An Opportunity To Use Illicit Gains for Good

To support the addition of Cellebrite Premium to its technology toolkit, the City of London Police secured funds under the Proceeds of Crime Act 2002 (POCA). The Act of U.K. Parliament allows departments to request the use of illicit gains from crimes to be reinvested in policing. Dainty led the work on the POCA application, which took about a year to complete and navigate through approvals.

“Ultimately, I was able to justify the investment in Cellebrite Premium by demonstrating that the solution would represent a significant return in terms of value for money, as well as a massive increase in the capability for City of London policing,” he said.

As of April 2021, the High-Tech Crime Unit was just starting to work with Cellebrite Premium — but Dainty said they’re anticipating big changes now that the solution is in place. “We’re expecting a 75-100% increase in mobile phone submissions to the unit because it’s literally been a 100% suppressed demand,” he said.

The city of London Police is expected to continue expanding its relationships with Cellebrite and other technology vendors to keep pace with digital change. (Credit: City of London Police)

According to Dainty, an “e-discovery platform” for ingesting data collected from devices in investigations is also on the longer-term road map for the department. This platform would be accessible to investigators, prosecutors and others working on cases. “This isn’t about accessing artifacts,” said Dainty. “It’s about logging into the platform and seeing what you can discover about your case.”

He would also like to have “digital managers” sitting in on briefings, pre-execution discussions. and other critical meetings to help influence digital strategy for the City of London Police. “If you’re looking to become cloud-based in the future, you need this type of staff member coordinating digital investigations tools, tactics, and activity by liaising with the investigating officer about their requirements and then informing the CSIs on what they need to do,” he said. “Someone should be able to coordinate both the wet and digital forensics on investigations.”

“There’s always a lag between what the criminals are capable of doing with technology before we’re capable of dealing with it,” said Dainty. “There are plenty of sources who can tell us what’s coming — like the Cellebrite community, forensic websites, industry conferences, and blogs. We just need to stay aware.”