Investigators must deal with large and growing volumes of digital evidence across an increasing number and variety of sources.
Criminals and wrongdoers have grown skilled at using technology to conceal their activities. We would argue that some are more effective at covering their tracks than investigators are at applying technology to uncover them.
Nuix has advocated for many years that investigators need to evolve beyond traditional forensic tools and workflows, so they can efficiently examine the contents of multiple evidence sources at once.
But just as the key facts may not be located within a single evidence source or connected to just one person, they may not even be in the same investigation, or the same agency, or the same country. As a result, efficient investigation must enable people to share intelligence, to collaborate across geographic and jurisdictional boundaries, and to find seemingly hidden connections across very large numbers of evidence sources.
Technology has stood in the way of these vital abilities. Digital forensic tools have burrowed further and further down the rabbit hole of deeply examining single evidence sources. They can tell you everything you need to know about the binary structure of data on a hard drive, but nothing about how the instant message history stored in that data connects with a mobile phone seized in another investigation on the other side of the country.
This paper will examine technology-enabled processes for making those connections. It will discuss:
- Automatically extracting intelligence items such as email addresses and credit card numbers, correlating them across all available evidence sources and sharing this information efficiently with other investigators
- Providing a way for multiple investigators, subject matter experts, and external agencies to review and collaborate on the evidence you have collected
- Applying data analytics to progress rapidly from a bewildering array of information to highly relevant details.
In this way, investigators can apply technology where it is most suited, free themselves from tiresome menial work and make best use of their brainpower and intuition.