Rethinking the Digital Intelligence Investigative Process
Because every byte matters
A typical person’s digital profile contains an extensive amount of data about their lives, thoughts, plans, and connections. For investigators, digital data is a gold mine of evidence. But it is impossible to just dive in without the right tools and processes in place.
With the extensive growth in the volume and complexity of digital data, getting to the data can be challenging and law enforcement agencies must rethink the investigative process and embed an end-to-end digital investigation workflow from the get-go.
A fundamental understanding that drives this change is that digital evidence must be embedded into the End-to-End Digital Intelligence Investigation process. This presents a new way of thinking, breaking down the silos modus-operandi, in which digital investigations are carried out – by technical specialists in closed labs.
The Digital Intelligence Platform leverages on modern tools and solutions, empowering investigators to conduct certain elements of the digital investigation process.
It requires leadership and vision, detailed plans, and management control. To assist with such leadership, we recommend considering these six key success factors:
1. Regular Key Performance Indicators (KPI) Reporting and Control – A force-wide, multi-stakeholder End to End Digital Investigation (EEDI) involving thousands of users, would require strict efficiency monitoring and management, with strict user administration controls.
Building the right metrics from day one, organized in a form of Key Performance Indicators (KPI) and monitoring tools are essential foundations for such management to be efficient and effective. These tools would provide timely information among users and the deployed tools, while administration controls would always have a clear and concise way to monitor performance and efficiency.
2. Multi-Tiered Structure – Exhibits backlogs, waiting to be processed by central labs put cases in jeopardy. Law enforcement agencies must implement a more distributed workflow outside the central lab to reduce the backlog and increase the ‘case closed’ rate.
Empowering officers and investigators in the field to collect, analyze, share and act on critical digital data findings is now possible with modern investigative tools and solutions that are simple to operate without jeopardizing any of the strict forensic rules.
Distributing the workload across the force and the investigative team, reduces the backlog, speed investigations, and quickly places the digital intelligence in the hands of those that need it the most.
3. Information Sharing and Collaboration – When working on a case, a collaboration between teams, individuals, and cases are crucial to finding the specific piece of evidence that could speed an investigation. With the right tools in place, consolidated insights, from single or multiple sources as well as cross case collaboration, when needed and allowed, can help investigators see both the bigger picture and all the critical connections.
To do this, users need reliable data management tools implementing advanced investigative engines, in addition to cutting-edge algorithms designed specifically for text and media relevant to specific investigations.
4. Ongoing Digital Forensic Capabilities and Technological Updates – Keeping up with the volume, complexity, and speed of change in digital data is challenging. With OS’s and devices entering the market at a blinding pace, and new social applications launched daily, it is critical to have a reliable and feasible plan in place.
This is to assure that all digital investigation platforms and solutions can support the technological developments of today and are ready to face the changes of tomorrow.
The key is to approach the EEDI as an ongoing campaign that aims to always be one step ahead. How? By partnering with trusted vendors that are committed to always keeping them up-to-date with the latest capabilities that affect any changes and developments related to digital technology.
5. Unlocking the intelligence from within – The majority of investigations today start with the acquisition of data from digital devices. But when a device is locked, damaged, or contains unknown application data formats and encryption technologies, it could delay the investigation process before it has even begun.
Getting past this barrier becomes the critical first step. Even with the most sophisticated digital forensic tools, additional expertise and skills may be required to access the data to surface critical insights that may have otherwise been missed.
6. Ongoing Development of Skills and Knowledge – The same way the platforms and solutions need to be updated with the latest extraction, decoding, analysis, and reporting technology, so do the people handling them. A plan for training, certification refreshers and re-certification is critical to always keep the professionals at the forefront of technology.
By teaming up with the best and most accomplished professionals in the industry, investigators, examiners, and other law enforcement personnel retrain and refresh on a regular basis to fulfill their potential and achieve their goals.