UK police may be forced to develop a bespoke digital forensics device for seized computers after testing of market offerings failed to meet price, technical and speed standards. A special Association of Chief Police Officers (ACPO) group has been working on a national rollout of what's been dubbed a "digital breathalyser" for …
How many computers seized?
How many computers are seized each year in the UK ?
At a school I worked at...
We had one of our laptops siezed.
It wasn't returned by the time I left (5 months later).
It's funny, because if they had asked us about the laptop we could have saved them the time and explained how deepfreeze works.
I have an MSc from 2006 for research in this area.
Its sad to see that 4 years have gone by since I submitted my research in this area and still nothing has changed. The conclusion of my research was that CF solutions at the time were not simple enough for general police use and there was a need to identify a general case/evidence management solution which could be augmented by a modular design (both procedurally and technically) for additional functionality allowing basic users to do the ground work and identify the need for further investigation while still maintaining a clean, unbroken and easily explainable chain of evidence while allowing for a stremlining of basic activities, thus increasing throughput.
We can do it better, faster, cheaper!
Hey, all the digital forensic tools in the market are too slow, useless, and too expensive. So let's develop our own! Everybody knows that it's cheaper to re-invent the wheel.
"... to allow officers with only basic technology training to gather and analyse digital evidence..." - That whole concept is a joke. Coming up next: traffic plods doing crime scene investigation on a murder site...
Someone needs to be breathalysed
"officers needed training on when to seize computer equipment"
Most also need training on how to do it correctly - the majority of failures are due to people not following the correct procedures and the case failing due to invalid evidence. There are some indications (mostly anecdotal) that a number of cases should fail but don't as the CPS / local force blag their way through the evidence and don't get challenged robustly enough.
"allow officers with only basic technology training to gather and analyse digital evidence"
There is a problem with this - anyone can look at a mucky photo and work out if it is pr0n or not if they are given some sensible guidelines (although it is still possible to make an error of judgement), but they also have to analyse other files and produce a valid determination of what they are, the sequence of events, and then give an explanantion that can stand up to scrutiny in court. This requires a lot more training and experience and the average PC ain't going to be given the time to it.
Although as per my comment above, they are obviously hoping that if they cross their fingers and bluster hard enough, they will get away with doing a half arsed job, using invalid assumptions based upon incorrect readings of potentially flawed data.
Time for a beer - or should it be beer goggles
Do I Smell FAIL?
Another over ambitious national public sector IT project. So what's going to happen to that then?
Function creep? More like function leap. It will go massively over budget, massively over timescale and then eventually be scaled back or scrapped entirely. That's always assuming it manages to get going before the next election.
There are some tasks in the world that demand technical expertise and can't be automated. It will be amusing when someone comes to trial as a result of automated digital breathalyzation and the stupid, untrained plod who ran the bespoke software is cross-examined in detail. Or will the UK govt get rid of the idea of cross-examining the prosecution witnesses as a medieval holdover not in keeping with our brave new technological world?
"Plod" is exactly the right word for the coppers, in so many different ways it hurts to think about it.
What if the software is leaked?
If the UK is like the US
It doesn't surprise me. I don't know how many news programs I've seen where police are carrying computer monitors out of a suspects house. What, they don't have any monitors at police HQ? Or are they like so many clueless users, who believe the monitor is "the computer" and "I don't think I need one of those box thingies. It looks like it would take up too much room."
My equipment was siezed in 2005
They took about :-
50 hard disk drives
20 Computer bases
Digital camera, mem cards etc
Router & wireless repeater
10 photographs (all of adults fully clothed)
It took them 6 months to find nothing
I think this is mainly due to me data scrubbing every drive I buy second hand, as it comes into the office.
Still mustn't grumble....
at the payout I'll be getting
@anonymous school coward
Which would have been funny because then they could have explained to you how deleted material in unallocated clusters works!
Stick to the day job.
Part of the backlog...
... was caused by too many "speculative seizures" by technologically naive detectives.
And much of the rest was caused by them engaging in desperate fishing trips in the hope that they could find something, anything, on the computers that they could do the suspect for...
As I understand it, the idea is to be able to grab data from a running PC. Well that would completely invalidate any evidence value of whatever they might find.
Don't they know that a running PC is almost continually writing to the hard drive?
Also, how can they possibly categorically prove that their software didn't 'accidentally' put information there?
Well this aught to work great on my TrueCrypt drive
I've collected forensic evidence for the police before. The only reason I got called in was because they botched it so bad they were going to get away. The only reason I worked with the pigs was that someone had first hand knowledge that children were in danger. Frankly the only people the police are able to catch are the outright stupid and the innocent.
Police siezed computers
At my previous company I went on a training course by @Stake into how to deal with IT security incidents. The first thing that they pointed out was that if you have a computer siezed by the Police you will never see it back again, at least not in good working order. Anecdotally a couple of friends from times past got raded for computer misuse type offences, they never say their equipment back.
It is truly frightening that non or less technical staff may be given IT forensics work to carry out. This sort of system should make it easier for technical experts, rather than possible for Joe Plod to carry out this work. Apart from anything else, if they don't have a very good understanding of what they are doing they may miss genuine crims. I'm also sure that I don't have to go into the debacle that was Operation Ore.
Anon for obvious reasons.
Why are ACPO involved in this?????????
ACPO, despite it's representations to the public, is a private company which makes money out of charging the Govt for information it obtains (possibly illegally) from police forces throughout the UK and collating it. To be a shareholder in ACPO you have to be a police officer who has attained a certain rank, not sure if it's Inspector or Super, however this is still a private company that has too much input on Govt. policy and is given too much access to confidential data.
Do some checking up, if you don't believe me, and you'll be surprised to find that they had to repay £18 million earlier on this year for charging for data that police forces were supposed to supply as standard operational data.
Do I hate ACPO, yes I do, we pay senior police officers enough without them ripping us off throough some shell company whilst appearing to be a benificial adviser to all. Bastards.
Posted anonymously as ACPO can be very vengeful when exposed.
They came to my place. Went onto the computer ,looked around. I showed them how to get into some parts like windows explorer. They of course found nothing and left ,taking their empty polythene evidence bags with them. IS THAT NORMAL PROCEDURE ???
Instead of developing marginally useful software at great expense, software that they hope will allow biased, clueless officers that are out of their league to perform forensic analysis, (kind of like offering a home surgery kit with a quick-start guide) how about spending the money hiring an expert or consulting firm that will do the job properly and efficiently?
There, does that win the longest sentence award?
Yeah, that'll work
'ACPO plans for the "breathalyser" to allow officers with only basic technology training to gather and analyse digital evidence'.
This won't fly as well as the previous grand plan to rid the world of programmers by introducing COBOL.
the ACPO that's a private Limited Company set up to benefit the shareholders who just happen to be public "servants"?
Enough, of this chicanery.
A computer breathalyser? Really?
That's a great analogy in the same way a fish isn't ;)
Our approval process to check for malware and security issues with software is currently running at about 30 days. I hope they will be happy to wait a few weeks....