Towards a Smart Digital Forensic Advisor to Support First Responders with At-Scene Triage of Digital Evidence Across Crime Types
Lead Research Organisation:
University College London
Department Name: Computer Science
Abstract
Over 90% of reported crime involves a digital device, and the increased use of digital devices in criminality has resulted in significant backlogs within the departments that forensically examine these devices. Despite this backlog, front-line officers often seize devices that have little evidential value to an investigation. This is perhaps unsurprising, as most digital evidence is seized by front-line officers who often lack awareness and training around digital forensics and technology. The speed at which technology develops and is adapted for use in criminality means that even those with advanced training can struggle to stay up to date. This can lead to risk-averse decision-making and a "seize all" mentality, increasing the digital forensic backlog. Prior research and government reports highlight the issues related to the digital forensic backlog within Policing and highlight how existing approaches are in need of modernisation to help address the problem.
Digital device triage is one potential way of helping to reduce the backlog. This is the process of evaluating digital devices at a crime scene to assess their investigative value based on the circumstances of the case. Devices deemed likely to be of evidential value would be seized and submitted to a digital forensics lab for in-depth examination and analysis. While this approach may be effective in reducing the number of devices seized, there is a risk of inconsistent approaches to triage decision-making, and low digital awareness reducing decision-making effectiveness. This project makes a first step in addressing this, by laying the foundations for developing a smart digital forensic advisor tool to support first responders conducting digital evidence triage at-scene.
To do this, we will explore existing practices, resources, challenges, and user needs around the process of search and seizure of digital devices across two distinct crime types. Through this, we will identify data that could be used to inform the smart advisor tool, and data gaps that the tool itself could address. We will also be exploring both the legal and ethical implications of its use, due to the tool's potential in helping to shape decision-making. Finally, drawing on our findings we will develop a set of early-stage low-fidelity prototypes to present back to our user groups.
Digital device triage is one potential way of helping to reduce the backlog. This is the process of evaluating digital devices at a crime scene to assess their investigative value based on the circumstances of the case. Devices deemed likely to be of evidential value would be seized and submitted to a digital forensics lab for in-depth examination and analysis. While this approach may be effective in reducing the number of devices seized, there is a risk of inconsistent approaches to triage decision-making, and low digital awareness reducing decision-making effectiveness. This project makes a first step in addressing this, by laying the foundations for developing a smart digital forensic advisor tool to support first responders conducting digital evidence triage at-scene.
To do this, we will explore existing practices, resources, challenges, and user needs around the process of search and seizure of digital devices across two distinct crime types. Through this, we will identify data that could be used to inform the smart advisor tool, and data gaps that the tool itself could address. We will also be exploring both the legal and ethical implications of its use, due to the tool's potential in helping to shape decision-making. Finally, drawing on our findings we will develop a set of early-stage low-fidelity prototypes to present back to our user groups.
