Changing Perceptions Of Large And Complex Investigations

Changing Perceptions of Large and Complex Investigations

The perception of what constitutes a “large and complex” investigation has evolved dramatically over the decades. One of the most illustrative examples of this evolution is the Yorkshire Ripper case from the late 1970s in the UK. This investigation required the manual effort of interviewing 250,000 individuals, collecting 32,000 witness statements, and scrutinizing 5.2 million car registration numbers. This historical investigation exemplified the exhaustive manual processes and rudimentary technology of the time. In stark contrast, a contemporary investigation might involve the analysis of a single mobile phone, which could easily yield 2.2 million messages, 1.4 million photos, and over 50,000 contacts. This comparison highlights the staggering volume and intricacy of modern digital evidence. Unlike the Ripper case, which relied heavily on paper records and a large team of investigators, current investigations often depend on advanced digital tools managed by a smaller team or even a single investigator.

Traditional Investigative Approaches and Their Limitations

Today, investigations like the Ripper case would hopefully find themselves managed accordingly – but what about our single mobile phone investigation? Many organisations already employ a risk-based prioritising matrix to figure out case/device priority – but how many extend this logic to considering the potential volume and complexity to ensure the right tool is used? A controversial answer perhaps is to consider that almost all contemporary investigations should be treated in an analogous way to the Ripper case, and considered both high volume and high complexity from the offset.

The Need for Modern Investigation Tools

The digital forensic technology market has evolved significantly, providing a diverse array of tools for collecting and analysing emerging sources of digital evidence. Some specialise just in mobile centric data types (such as Android/IOS), whereas others have added functionality to provide a wider breath of support to include mobile, computer, or cloud data.

It is worth remembering that many of these solutions were developed before the explosion in data size and complexity. Designed to handle a limited number of devices effectively (a deep dive forensic view if you would), they often provide a one-to-one relationship between the tool, a single user and the evidence. And importantly, many remain constrained by their underlying original ‘single device’ architecture.

Whilst this is not necessarily a showstopper, it does not provide a pathway for investigators to scale out as the needs of the case evolve.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


Climbing over the Forensic Walled Garden

As a practitioner, you want access to the best tools from any vendor but also need the flexibility to step outside their ecosystem when necessary. Investigators often collaborate with digital forensic specialists and internal stakeholders on cases, making it essential to adopt a many-to-one model where multiple users can access the same case simultaneously. The next logical step for many organizations is to adopt one-to-many and many-to-many models, enabling cross-case analytics to detect patterns and trends across multiple cases. Expanding that thinking to a methodology whereby organisations are not tied into a single vendor’s ecosystem – able to use any best of breed point solutions to capture and/or interpret, and then decant that data into a platform that allows access all case evidence; irrespective of where it came from or what forensic tool what used. That is surely the Nirvana of digital investigations?

Introducing Nuix Neo Investigations

With Nuix Neo Investigations, teams can utilise subject matter expert derived workflows to maintain a 24×7 processing queue via use-case specific data collection, processing, normalisation, and deduplication workflows. Built to scale, Nuix Neo Investigations can easily handle vast amounts of unstructured data, such as emails, documents, and mobile device data taken from original source data and forensic vendor exports.

Nuix Neo Investigations’ proprietary AI technology automatically enriches processed data via its Natural Language Processing (NLP) technology to significantly enhance the efficiency and effectiveness of investigating larger and ever more complex cases. Nuix Neo Investigations will automatically extract potentially relevant information, highlight hidden patterns, and surface critical insights and connections.

Built around a use-case specific methodology, Nuix Neo Investigations employs custom models designed to identify risks within the data (for example, for fraud cases it will analyse contextual patterns using the internationally recognised Fraud Triangle Framework (opportunity, motivation, and pressure) and can be further tuned via Nuix Neo Investigations’ intuitive no-code interface that allows non-technical experts to easily build and modify models.

The Nuix Neo platform adds a new dimension to digital investigations – automatically mapping relationships and interactions among individuals, data points and forensic artifacts via its SME tuned smart link analysis.

Nuix Neo Investigations enhances the traditional investigation workflows by providing an intuitive interface for exploring these connections, allowing analysts to visualize complex networks and quickly identify patterns, anomalies, and significant links between entities – something which historically required the use of additional third-party solutions.

Incorporating Single-Sign-On and item level security, Nuix Neo Investigations enables a deeper understanding of how data interrelates, facilitating the discovery of critical insights that can drive the investigation forward. By reducing the noise, Nuix Neo Investigations accelerates the investigative process, improves accuracy, and enables investigators to work together to focus on solving the case. Nuix Neo Investigations stands out as a powerful technology for forensic investigations, enabling teams to handle complex cases with greater accuracy and speed, driving investigations forward with actionable insights.

For more information visit: Fraud & Investigations | Digital Investigation Software | Nuix Solution

Leave a Comment