UK businesses could play an important role in gathering
digital evidence to help combat cybercrime, a security roundtable
heard in London yesterday.
Police and crime researchers said businesses could help
investigations enormously if they gathered and preserved digital
evidence, which would give police a headstart.
Gathering digital evidence can take several months in some cases
before investigations can even begin, the roundtable at security
supplier Unisys was told.
But few organisations outside the financial and public sectors
have any kind of forensic readiness programme in place, said Peter
Sommer, a professor at the London School of Economics.
That is despite the fact that an increasing number of
organisations are being hit by cybercrime, he said, and that such
programmes can be set up with little effort and cost.
Forensic readiness is also not difficult, according to
Sommer.
"It is similar to disaster recover programmes where
organisations would identify what incidents are likely to happen,
what evidence they will need and what procedures should be followed
to ensure that evidence is preserved," he said.
John Vine, chief inspector at the UK Border Agency, said record
keeping and data management is central to the role of business in
helping to fight crime.
"The collection and preservation of digital evidence needs to be
prioritised by business organisations and should be considered a
legal obligation," he said.
Vine said the collection of passenger information by airlines is
an example of how some private organisations are helping
authorities with data for border control programmes.
Sharing information between banks and police works well in
countering crime such as fraud, said David Wall, professor of
criminal justice and information technology at Leeds
University.
But he said experience has shown that information gathering and
sharing processes soon collapse if sustainability has not been
considered from the outset.
John Mooney, detective superintendent at the National Police
Improvement Agency, said forensic readiness should be part of
standard business processes.
This is the best way to ensure such programmes continues long
after the individuals that have initiated them have left an
organisation, he said.