Could we be more proactive with the cloud for a 'Hot' crime scene?

Some of the difficulties being faced with any major or minor incident that occurs is that the crime scene and evidence could be contaminated or changed long before the police and forensic teams arrive on site. The evidence becomes older, and is less appropriate as time goes on.

We are well and truly in the mobile digital age. No longer are laptops and computers the primary method of working and communicating for the vast majority of people on this planet. Mobile devices are where it's at now, with 70% of people in the US and the UK carrying them. (Source: Mobile Phones carried US and UK)

This information is critical for law enforcement, as whenever there is a major (or minor) incident, one of the first things (some) people do, is get their device out to record it. This could be in the form of pictures taken, videos recorded, instagramming, tweeting, snapchatting, live facebook video, or any number of other forms. This evidence can play a vital role in the swift movement of a critical case, and currently, to collect this evidence there is no fast way to do it, and the public are loathe to submit their devices for interrogation as they are too attached to them.

The recent mass murders in New Zealand were live streamed on Facebook live, and went viral immediately.

I performed a search to see if any forces are actively using technology to gather fresh evidence from the public, and after a lot of searching, i found this:

Munich Terror attacks - Appeal for evidence

This is the location which the Munich police (Germany) asked members of the public to upload their videos to. There is no explanation, it’s currently inactive, and it was only found by going through a large number of clicks to find it.

There is surely a missed chance here, it only takes one key and vital piece of evidence to further or secure the investigation, surely inactive portals/hard to find locations are detriment to the investigation?

I believe the future is in the digital cloud. Providing an app, QR code or tap NFC point, for witnesses to scan on their mobile device which prompts them to upload their data directly. This link could also be given out using mass-media such as Radio or television, or within News apps as part of a breaking news alert.

Witnesses may not even be aware that they may have captured something important.

A Web or App portal for witnesses to upload their data with direct connection to the evidence processors already gathering data from collected sources.

The image above could look like a typical upload portal. The information uploaded would go into a protected geo-fenced AWS or Azure location, and an API could be ready to detect a file going into the location, for automatic processing into a predefined case. Investigators would be notified automatically when the processing was complete.

This would then allow investigators to remain within their forensic lab and watch all of the evidence coming in, live real-time, fully analysed, extracted, auto-tagged, auto image recognition - meaning the investigators can quickly determine or confirm the identity of interesting parties to officers on the ground who may still be dealing with the live crime scene.

Being able to place the data collected right alongside all of the other evidence collected (drone data, pictures, mobile phone acquisitions, CDR, physical evidence, disc collections) enables an investigator to see the bigger picture without having to constantly switch machines to view different types of collected data.

Another great thing about a DIRECT evidence upload, would be that the metadata from the file would be retained (it's stripped off by social media such as Facebook/Whatsapp to prevent users from inadvertently posting their whereabouts) and therefore a lot of false data could be ruled out immediately due to incorrect EXIF (GEO location data within a picture). This will ensure that the investigation is more streamlined with less false data.

I would love to see more investigators making real use of the flexibility that the cloud offers us. The data is protected with various ISO standards, and the information is GEO fenced so that it cannot leave the borders.

The cloud is no longer a data experiment, it's real, and it's here to change our digital lives forever. I'm on board - Are you?

If you would like a demonstration of the cloud portal and automatic ingestion of data into our web review and processing platform, please contact your AccessData representative.

This article was written in collaboration with Jonathan Shorter, VP International Engineering, AccessData

About the author: Sam joined AccessData in 2017. He has a long standing background in Technical Pre-Sales Support, Quality Management and Compliance. Sam is a specialist in supporting new and potential customer opportunities, by building and delivering bespoke Proof of Concept projects, across the entire AccessData product estate. His rich and varied skill set allows him to immerse customers into new product experiences, tailored to their personal workflows. Sam has authored a number of Industry related articles on subjects including GDPR, Financial Compliance and Digital Forensics.

Sam’s areas of interest include Cloud Technology, Artificial Intelligence, drone forensics and mobile device investigation.