AccessData has been collecting data for criminal and civil purposes for decades. A lot has changed over that time – not just volumes, and the types and sources of data, but the urgency with which it must be collected and analysed.

Data used to be reasonably predictable – it was generated on static computers, stored in predefined places, and consisted of a limited range of data types. Today, the urgent need to collect data may spring up from anywhere at any time, not least as a result of some criminal or terrorist activity. It is recorded in multiple formats by law enforcement, by CCTV, or by any passer-by with a smartphone. Its volumes can be enormous, and the need to analyse it may be extremely urgent where, for example, it may help prevent a further incident.

These things are the subject of two recent blog posts by AccessData. One is called Access data is assisting law enforcement with deployment of massive investigation capabilities in the face of evolving terror and critical incidents. The other is called Could we be more proactive with the cloud for a “hot” crime scene? Both deal with slightly different aspects of the same thing.

The primary focus of the articles is on the extremes – a major terrorist incident in a location devoid of digital forensics technology and of suitably trained people and, perhaps, also without any adequate web connection. How do you set about collecting the enormous quantities of data from, among other things, body-worn cameras, CCTV and smartphone footage, as well as data such as emails and social media posts? For these purposes, a traditional laboratory in a fixed location is obviously inadequate. What is required is a mobile solution which can be taken quickly to the scene of an incident and begin immediate assimilation and processing of data. The collection and all subsequent handling must meet strict standards both of security and of residential integrity. That is one of AccessData’s specialist skills.

The obvious place to put this data is in the cloud, and the AccessData articles are mainly about the benefits of this. What, however, if the data is collected in an area which has no web access or access that is only at speeds inadequate for the purpose? One answer is Amazon’s AWS Snowball – heavy duty data transfer devices using the Amazon delivery network and encryption. The first article explains how this is used and what happens to the data thereafter using a combination of AccessData tools and AWS.

Available features include the ability to upload the data immediately to investigators, facial recognition and image recognition, and the distribution and workflow benefits of AccessData’s Quin-C HTML-5 review platform.

The second article expands on a specific aspect of this, the rapid collection of data from the public. It refers to recent events in New Zealand and Munich where the police asked members of the public to upload their videos and photographs of the incident.

It says this:

one of the first things (some) people do, is get their device out to record it. This could be in the form of pictures taken, videos recorded, instagramming, tweeting, snapchatting, live facebook video, or any number of other forms. This evidence can play a vital role in the swift movement of a critical case, and currently, to collect this evidence there is no fast way to do it, and the public are loath to submit their devices for interrogation as they are too attached to them.

… making the additional point that witnesses “may not even be aware that they have captured something important”. There is a need, the article says, for an upload portal which would make it easy for people to contribute their data easily without losing access to their devices – many people fear this is much as they fear becoming embroiled in proceedings as a witness.

Although the context of these articles is on major incidents generating terabytes of data, the principle of such a direct access portal is applicable elsewhere. Capturing the data is, of course, only the start. Whatever resources may be available for major incidents, the day-to-day problem is of collecting and analysing data from more routine events. The UK government has wilfully destroyed the forensics capability available to the police and other law enforcement agencies, who now lack the resources and expertise to manage even small quantities of data.

That is a separate and heavily political point. How to analyse the data is irrelevant until it has been captured, and these articles offer an interesting insight into how this might be done.

Incidentally, the map used in these articles looked strangely familiar and is in fact of Oxford, including my street. The image is a static one, leaving me wondering if this was pure chance or some very clever technology which has localised the article for my benefit.

Home