This article is a recap of some of the main highlights of the Forensics Europe Expo (FEE) held in Kensington Olympia, London, on the 21st and 22nd of April 2015.
As an event that focuses on all aspects of forensics, as well as being twinned with the Counter Terror Expo, FEE provides an interesting holistic look at how a crime scene is processed and analysed. This year’s conference saw a lot of attention on fingerprint analysis, although digital forensics also played a strong role in the programme.
Brian Rankin’s discussion about the importance of innovation in forensic investigations, one of the first talks of the conference, looked at the Silverman review and its implications for innovation. Although the focus was not solely on digital forensics, there were certainly elements that could easily be applied to the digital realm. The idea of cross-disciplinary strategic research was put forward; as has been the case in several other recent conferences, the importance of academia, law enforcement and industry working together was highlighted.
Rankin also discussed a seven-point plan for integrated processes, involving an overarching UK strategy for forensic science, which will be available by the end of 2015. Clarity about funding, and the need for forensic science to be recognised as a subject in its own right in order to secure this funding, were also key points.
Ultimately, according to Rankin, a dedicated centre for innovation and research in the forensic sciences is needed. In order for this to work, forensic practitioners would need to agree priorities and be willing to coordinate research.
Later on Tuesday Roger Crowley, the Head of Forensic Investigations at Derbyshire Constabulary, discussed the challenges facing forensic investigation in the UK. Regionalisation was a big part of this, and Crowley urged forensic scientists and researchers to work together, looking outside of their counties or even countries to ensure a useful collaborative effort.
This would also prove helpful for standardisation of practices, he elaborated; most forensic practitioners follow ACPO guidelines, but each in their own way. Increased collaboration would lead to different people and companies not being isolated but having more common practices, even when they are working slightly differently on a day-to-day basis. Crowley also called for more knowledge and involvement from senior police leaders and crime scene investigation practitioners, adding that this would make processing a crime scene much smoother and again aid in ensuring useful collaboration.
Kristiina Reed’s talk about expert witnesses closed the morning session, with an overview of the qualities needed to be a good expert witness in court and a discussion of some of the training courses available. Reed gave an interesting insight into cross-examination, with a focus on how being cross-examined in court can sometimes lead to a witness feeling as if they are being personally attacked. It is important, said Reed, for expert witnesses to remain professional at all times in such situations, and this is where training can be a great help.
Throughout the day, alongside the conference talks themselves, there were workshops being run by forensics companies, researchers and institutions. The Tuesday afternoon workshop from Nuix discussed big data and device diversity, and how these present unique challenges for digital forensic practitioners. Everyone’s digital footprint is increasing, but budgets are not. Once again the importance of collaboration was put forward: there is no time for people to sit down and analyse everything themselves, so forensic analysts need to work with each other in order to achieve a lot more.
The workshop also highlighted the challenges of working in a mixed team, with both forensic practitioners and untrained investigators present. Although this is improving with time and experience, it is still often difficult for an investigator to know which items of evidence should be kept back for the digital forensics team, and indeed even which items can be forensically analysed at all.
Wednesday morning’s programme included a couple of sessions about cyber investigation, the first being a talk by James Campbell of PriceWaterhouseCoopers LLP, who discussed his personal experiences in preventing targeted network intrusions, and what happens when an attacker does break through. The issue of large backlogs was examined, particularly in comparison with the short period of time in which an attacker can damage a network. It is important for businesses to build the proper defences into their security strategy, Campbell added, before moving on to discuss the need to develop an overarching rapid response approach in which companies collaborate with law enforcement and researchers to ensure the safety of their business as much as possible.
Subsequent sessions were devoted to discussions of tracing cybercriminals, with a particular focus on people who create and distribute indecent images of children. One of the main themes that was highlighted repeatedly was the disconnect between the public’s perception of investigators’ abilities in terms of tracking cybercriminals, and the reality of the situation, which is far less straightforward.
Professor John Walker of Nottingham Trent University touched on some of the newer and more exacting features of paedophile activity online, including encryption, anonymous browsing and environments such as Second Life. Investigative agencies need a broader understanding of the modern world, he elaborated, and this will mean working closely with people who understand that world and are conducting research in it.
Jim Gamble, the former CEO of CEOP, then looked at modern trends in paedophile activity, once again considering elements such as Tor, anonymous currencies and the increasing numbers and types of devices that can access the internet. This session was followed by a talk centering around e-tracking of paedophile activity, in which David Benford of Blackstage Forensics discussed how forensic practitioners can identify people who are sharing child abuse images online.
Opening the afternoon session, the chairman mentioned the challenge of presenting digital forensic evidence in court before a non-technical jury. Much of the afternoon was devoted to discussions on this theme: how do we, as forensic practitioners, ensure that members of a jury understand the evidence we are giving and are able to make properly informed decisions when it comes to sentencing?
Mark Stokes of the Metropolitan Police discussed the difference between cybercrime and digital forensics, once again mentioning that current challenges would be better addressed if the various departments were able to work together more easily. With a lot of crime moving online, law enforcement agencies are seeing an increase in crimes such as fraud, and a decrease in more ‘traditional’ criminal activities such as domestic burglary. However, the ability of the investigators to process digital forensic evidence has not yet caught up with cybercriminals’ ability to commit crimes.
Stokes put forward the idea of a holistic approach to crime scenes, with a selective analysis of enough evidence to convict a criminal, but not so much that backlogs continue to increase. The difficulty here is triage, particularly in an age of big data – Stokes estimated that every person has at least 1TB of data surrounding them.
This was followed by a discussion of financial crime online; by 2030, it is predicted that 90% of the Western world will not use cash. This will undoubtedly mean an increase in financial crimes, and forensic investigators have to be able to keep up with the ever-evolving face of criminality.
David Wood of BPI spoke about the problems faced by the music industry due to the proliferation of internet-enabled devices, with a reported £300 million lost to music copyright theft every year. Much of this activity is conducted by organised crime gangs, whose profits range into the billions of pounds. Currently the most effective way to combat this seems to be through disruption: restricting access to sites, making members of the public aware when what they are searching for is illegal, and allowing website owners an amnesty period to turn their sites into legal ones.
The day concluded with a report into forensic analysis of VoIP communications, including how handwriting can be recovered from virtual keyboards, and then analysed by graphologists.
The key elements of discussion that were raised repeatedly over the course of the two days were the importance of collaboration, and the challenges big data brings to forensics.
The next Forensics Europe Expo will be held in Kensington Olympia, London (UK) on the 19th and 20th of April 2016. Anyone interested in attending should consult the official website for details.