Information Assurance in a Distributed Forensic Cluster

Horizon 2020 – One Page Proposal

Topic/Grant: FCT-2-2015 - In situ forensic tools at the crime scene

Title: DEADs - Re-establishing the Golden Hour for Digital Evidence Investigators

Acronym: DEADs

Objective: This project will develop a new generation of on-site Digital Evidence Acquisition Devices (DEADs) for Digital Evidence First Responders (DEFR). The intention is to re-establish on-site, immediate information gathering while maintaining the standards of acquisition required for forensic purposes. The design will use the latest generation of Systems-On-a-Chip processors to provide portable distributed processing power to the DEFR. The research will focus on prioritising data acquisition so the most important data is processed first, establishing and maintaining the integrity of data throughout ‘chain-of-evidence’ in a way that is acceptable to local and higher requirements, displaying data in a palatable form to draw attention to valuable evidence and making us of the elastic cloud for greater processing power if needed.

Background: 15 years ago, investigating digital crime was relatively simple. A case was usually just one suspect with one computer. A single DEFR could isolate the hard disk, image it and start extracting useful intelligence and evidence within the mythological Law-Enforcement “Golden Hour”. This is now no longer possible; as there has been an exponential rise in the number of criminals, data, devices and applications. Cybercrime is now multi-national and the lack of portable tools to provide high power processing on-site that delivers evidence where and when it is needed, means that law enforcers throughout the world are gradually losing the battle to protect the citizen. Current equipment often leaves the DEFR no alternative other than to simply collect and secure devices on-site and conduct analysis later, back in the forensic laboratory. The hope is that everything was collected at the scene and that whatever is found during the analysis is still relevant after the passing of time. Law enforcers desperately need a technical advantage to prevent avoid criminals further gaining ground at the expense of the wellbeing and security of the citizen. What is needed is a truly innovative approach to processing on-site. This builds on the PhD research of the project co-ordinator over the last three years, which was funded by the European Social fund. We already enter this domain with a specific knowledge in the problem area.

Results/Impact: The research proposal includes exploration of novel approaches to imaging, prioritisation and distributed processing in a portable package while maintaining chain-of-evidence that conforms to applicable jurisdictional requirements throughout the process. The result will be a portable, battery-powered device that provides local data triage and storage with a link to higher processing power in the cloud. The resulting digital acquisition device is urgently needed by Law Enforcers throughout the world. This is evident by the representation of law-enforcement within the team.

Tasks

  • 1 - Visualisation, 
  • 2 - Distributed Processing Scheduling, 
  • 3 - Hardware, 
  • 4 – User Interface/Ergonometrics, 
  • 5 – Cloud Interface, 
  • 6 – Digital Evidence Container Structure and Chain of Evidence, 
  • 7 –External Sources Interface, 
  • 8 – Crime Activity Profiling

Consortium Vision: I current see this as a consortium with three centres, each with 5 full time staff. As this is a 4-year project, I see opportunities for postgraduate studies within this project. It would be good if we could see several PhDs to come from this project. Project members will be paid a realistic salary, typical for their country. In fact, most countries within Europe are roughly equitable.

Management, Cost and Duration: 3 centres with one “two-pizza” “Agile” development teams” in each centre and 5 people in each team. 15 people in total. Individuals will share jobs, swap teams and centres as much as is possible during the project, in line with “Agile” Principles. We could have two physical centres and one virtual centre. We should be able to accommodate part-time participation. For 15 staff, that is 3,000,000 over 4 years.