I have some friends and even family who work in forensics labs for drug testing. In some labs there are two shifts, where the machines run almost day and night. Both local, county, and state police are under financial pressure to deliver, so there are shortcuts.
Ad to that the "new" requirement where the lab tech gets called into the court, instead of just the manager, and there is a nightmare of backlogs.
With equipment failures, backlogs, high turnover, the error rates are starting to creep into the unacceptable range.
With several high profile DNA, drug, finger print test based over-turned cases, lab failures, spoilage, and malfeasance by labs, "forensics" is no longer the "absolute truth".
I think the perception is in one facet, there is the CSI effect - "why cannot be this done in five minutes?" - the other facet, "forensics is a bunch of charlatans, and is more of a guessing game than real science"…
Defense attorneys are waking up to this starting to challenge everything.
I do not know how the defense attorneys work in the UK, but I venture to say
a.) the work will continue be pushed down to cops on the street to do "push button" forensics;
b.) there will be several cases where the collection is bungled;
c.) there will be more and more challenges to the collection;
d.) finally it will reach a point where the process will be deemed a failure and all or most of it reversed.
Just a thought. I could be totally wrong.
chances are they would use a point and click solution like aceso, mpe+ or cellebrite (leaning towards the cellebrite because its rugged)
and also i would imagine that even though "theyre police officers" theyve probably had to undergo some sort of training before doing the extraction
I do not know how the defense attorneys work in the UK, but I venture to say
a.) the work will continue be pushed down to cops on the street to do "push button" forensics;
Indeed there is a notion going around that the police will say they have no liability because obtaining this data is no more than picking up evidence in a house and putting it into an evidence bag. In that regard there maybe is no special requirement for competence or intelligent understanding of what is actually involved.
Indeed, speculation has it that the labs will be extend to cover other areas which police personnel will be required to undertake additional examination areas including computer forensics (HHD imaging etc), audio and video etc. Eventually building to a combi-lab where the frontline police will extend labs services (because as you all know the police want to take the Police Force err sorry Service private (now it makes sense why they didn't want to be called Police Force anymore)) by taking fingerprints then onto blood samples from people who are drug addicts, infected with STIs and other hazards illnesses and urine and stool samples. The fully rolled out service will eventually lead to mobile comb-labs where literally one can go and have a dump. It is thought the new combi-lab vehicles may be called "scratch and sniff"
The Head of Service might then report from his/her office at 10 Downing Street where s/he can announce having a good working lunch with the press today and deny rumours of frontline police dis-satisfaction about illnesses growing among the frontline personnel but things could improve if they were given extra £30 a night for a bathroom plus extra austerity cash.
ACPO might moved to the Houses of Senate errmm sorry Lords and NPIA to the Senate Commons. The Pol Fed union said they have no desires, feelings, or intentions of needing grandure and that Buckingham Palace would be acceptable based upon proportionality that it was good value for money to park their personnelised helicopters and their chelsea tractors.
Ahhh, good ol' fashioned english irony.
I'm not sure why everyone is getting worked up with this report? Thames Valley police have been using Aceso in this way for 5 years. My force Transport police have used it for 3 years. In the event of a challenge on accuracy Radio Tactics will attend court to prove forensic viability of product.
Storage of data is no different o any other case, it is jut being obtained earlier in proceedings.
From a personal perspective my htcu has a greatly reduced workload and get to deal with the more interesting handsets sing physical extraction tools.
The met are well behind most other forces as usual.
The met are well behind most other forces as usual.
D Funny!
The main story is about "unlawful" retention of data and "unlawful" conduct beyond the statutory/guidelines in the obtaining and periods allowed for data retention.
Relating to the second story that has emerged. I understood the various concerns raised were highlighted because of the way a commercial was run about a tool and what was being implied by it. I stayed away from identifying one piece of equipment, per se, as it wouldn't matter which equipment was being used, provided it was used in accordance with the law that directs the police what to do and what not to do. The relevant point I hoped would come across for this secondary story is "Who proves (in)accuracy?" One point made in defence of equipment-X "to date it has never been challenged at court." is not a verification, validation or approval of accuracy for this tool.
A quick comparison of reports generated by other pieces of forensic software would show that this device produces results inconsistent with others.
This alone to me would put in doubt its integrity and it's ability to produce forensically sound reports.
A quick comparison of reports generated by other pieces of forensic software would show that this device produces results inconsistent with others.
This alone to me would put in doubt its integrity and it's ability to produce forensically sound reports.
Fair point to raise, as you also gave a more detailed answer in your earlier post in this thread.
Here is another. Examiner should know exactly what commands are being sent to the target handset because there are numerous ways to write a command and how it is executed, hence the need for a trace log generator as mentioned here - http//www.forensicfocus.com/Forums/viewtopic/t=9170/ - but that doesn't seem to have found favour at the moment.
Perhaps, identifying anomalies between commands that action the same request for data from a target handset may illustrate that as examiners you have the right to know what the tool is doing to an exhibit entrusted to your care for examination purposes.
LE agencies are under a lot of pressure to deal with phones, computers etc and senior managers in these agencies are under even greater pressure to keep cost's down and KPI's up.
The problem we face is the age old issue whereby the advice from the technical experts is not compatable or too complex for the 'leaders' to facilitate effectively.
Let me offer an alternative view. Advice from "technical experts" is often given from the limited perspective of their role, the technical expert works in a bubble and does not have to consider the wider perspectives that someone responsible for managing an investigation does. In the context of the whole view, where there are limited resources that are diminishing, the investigator has to use resources as effectively as possible. This means that it is not possible to take a purely scientific view whereby every line of enquiry is followed and every digital device is examined to the maximum. Every police enquiry, no matter how serious is subject to a limitation in resources, not every item seized in a homicide is sent for forensic examination, house to house enquiries have parameters set, etc. A large proportion of digital forensic practitioners have struggled with this concept and have held the view that everything has to be examined in detail otherwise something will be missed. The bottom line is that this is not tenable and digital forensic investigations have to be managed according to the resources available, one good way to do this is to devolve digital investigations in lower level investigations to the investigating officer. This needs to be carefully managed and supervised, preferably by those technical experts, and done in the correct way this is a good way to use resources effectively.
Police officers do a great job but asking them to do digital forensics is simply appealing to their ego's & in my opinion and could be a disaster!
I think you will find that without police officers digital forensics would be much worse off, just consider that the most respected software for analysis of internet history was developed by a police officer Craig W, one of the standard text books on digital forensics was co-authored by a police officer Brian J, one of the best digital forensic blogs was set up by a police officer Richard D, and so on.
H
This means that it is not possible to take a purely scientific view whereby every line of enquiry is followed and every digital device is examined to the maximum.
Useful insight Harry given your previous LE role.
There are though other observations which tend to militate against your observation, above, which might just suggest it is not as realistic a statement of affairs as it could be. It has taken Government exploration into LE activity regarding past and current purchasing eg forensic computer equipment and programme (visa-a-visa purchase costs, training, maintenance fees, etc etc), the increase in back office staff, specialist units, etc etc to maybe find it a little hard to reconcile certain facts against current news. For instance, as ex-LE you'll remember the CF backlogs in the LE back office that occurred and still occur today because it was/is said that days were/are needed spent imaging and analysing the MFT and boot records etc etc for one HDD - code by code, line by line, bit by bit analysis - turning the wheels of industry in the back office of LE. How did/do senior or junior enquiry officers cope then and now? Can you refer to any 'overhelmed' statements from these public servants? Did you read any of these officers speaking 'publicly' demanding for instance LE back office computer forensic departments dumb down evidence and examination methodology?
From my own perspective, I am pleased that there are some in the LE back office who were and are, still today, endeavouring to be as thorough as possible (code by code, line by line, bit by bit analysis) and working to high standards. I have equal admiration, and naturally expect, the private sector to work to high standards.