The time has come to empower frontline law enforcement officers to make better decisions when seizing digital evidence, says forensic analyst Andrew Sheldon.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The number of computer forensic specialists is growing, but there will never be enough to cope with the demand, he told the SANS European Digital Forensics and Incident Response Summit in London.
The proliferation of digital devices, combined with growing storage capacities on those devices, is increasing the number of potential crime scenes at an exponential rate each year, he said.
The backlog of cases requiring forensic analysis is currently around 46 weeks.
The problem, said Sheldon, is that there are many more people seizing evidence and referring it for forensic investigation than there are people to do the analysis.
This is exacerbated by the fact that there is a high proportion of unnecessary examinations because frontline officers do not have the skills or knowledge to be more selective.
One way of improving the situation, he said, is to give frontline officers the tools and support they need to make better decisions about forensic evidence.
The way law enforcement deals with forensic evidence needs to go down the same road as dealing with drink-driving by introducing the equivalent of the breathalyser.
Breathalysers empowered police officers to make better decisions and eliminated the time-consuming and labour-intensive process of taking and testing blood samples.
"Today, police officers can use breathalysers without understanding the science behind it," he said.
According to Sheldon, a formal, controlled structure should be introduced to enable frontline officers to assess risk, identify targets, collect data and filter information to guide their actions.
If frontline officers were able to assess risk, they would call in forensic analysts only in high-risk situations, seek advice by phone in medium-risk situations and be able to act independently in low-risk situations.
Sheldon demonstrated two tools he said could be provided to frontline officers to enable them to collect forensic evidence with remote assistance by forensic experts.
Such tools, he said, would eliminate unnecessary travel by specialists, but at the same time would ensure the right data was collected in a forensically acceptable way.