U.K. police looking for PC crime breathalyser

Published 8 February 2010

U.K. e-crime cops turn to technology to boost frontline forensics; the Police Central e-Crime Unit (PCeU) is looking for “digital triage” tools that would give frontline police with little training in digital forensics the ability to search for anything from text in e-mails relating to stolen goods to illegal images

A portable digital forensics lab // Source: cybex.es

U.K. police is continuing to develop a tool to detect evidence of illegal activity on PCs that could be as easy for officers to use as a breathalyser. Specialist e-crime policing organizations have been examining commercially available digital forensic devices that can search text, pictures, and computer code on a hard disk for material of police interest.

Silicon.com’s Nick Heath writes that this “digital triage” tool would give frontline police with little training in digital forensics the ability to search for anything from text in e-mails relating to stolen goods to illegal images.

Detective superintendent Charlie McMurdie, the chief of the U.K.’s Police Central e-Crime Unit (PCeU), told silicon.com that research is continuing to find a suitable commercially available digital forensics tool that could be adapted for use by frontline officers. McMurdie said: “Most of the tools we looked at are already being used by high tech crime units, the idea behind this is we take some of those tools and make them evidentially sound and test them so we can skill up a lower level skillset within law enforcement. We tested a number of tools - there really was no one tool that suits the needs for law enforcement currently. We have a number of other tools we are looking at.”

Commercially available digital triage tools targeted at law enforcement typically boot the target computer using a CD, which runs a forensically sound operating system to preserve the integrity of the data it holds for use in a criminal case. A separate program run from a USB drive will then search the disc for the material and extract it to the drive.

McMurdie said the tools play an important role in providing better cybercrime training for frontline police officers. “We have 140,000 police officers within the U.K., we can’t just leave cybercrime issues to the 300-400 high tech crime unit [officers] that exist. We need to introduce skills across the board,” she said.

The software would help reduce the number of machines seized at crime scenes and aid local forces in reducing the number of machines waiting to be analyzed — with backlogs running to two years within some forces, according to McMurdie. “You go into any house they probably have four computers, a couple of desktops and laptops,” she said.

If we have a tool that enables us to preview and identify this is where the digital material sits on that laptop then we only take that one laptop, we don’t take all four and have to carry out the forensics on all four computers. It’s also about raising their [frontline police officers] understanding as to where digital material sits, what to seize, how we can look at that digital material fast, rather than outsourcing it and wait six months for it to come back to us. For example we have scenes-of-crime staff that go out on searches, they are not the fingerprint experts but they can retrieve and preserve fingerprints at a crime scene for later evidential use.

McMurdie said the PCeU has produced draft guidelines on training for frontline officers on how to search, seize, and preview digital material at the crime scene.

The PCeU is also encouraging regional high tech crime units attached to forces in England and Wales to pool their resources and manpower, and to share their intelligence.

One force may have half a dozen covert internet investigators but limited forensic capability and a neighboring force the reverse — we are looking at what is the perfect model and what sorts of people and kit should each force have in place,” said McMurdie.