The Royal Military Police (RMP) Service Police Crime Bureau (SPCB) has cut its case backlog by 42% and reduced...
costs per initial case by nearly one-third to £3,200 using distributed processing technology.
The RMP is the Army’s technical investigative organisation and has 15 high tech crime personnel within its Cyber Crime Centre.The body assists with digital investigations by the civilian police because of its advanced digital forensics technology, and handles between 100 to 150 cases a year.
Each case uses up to 3Tb of data, with a single arrest involving the seizure and investigation of smartphones, laptops, USB drives, TVs, tablets and gaming devices, with gigabytes of data stored on each.
Previously, RMP officers used a dedicated tower computer for each case, with individual workstations tied up for weeks by a single case. But the body implemented the AccessData LAB 18 months ago to allows multiple investigators to collaborate on early case assessment.
RMP SPCB has developed a global centre of cyber crime expertise, which uses a collection of high-powered servers and leading digital forensics software to ingest, process, analyse and archive data from suspects’ devices.
‘ARES’ is a combination of leading edge hardware and software used by all of the forces to process digital evidence for Early Case Assessment and prosecution.
The AccessData Forensic Toolkit (FTK) is the graphical user interface (GUI) used by all staff at the centre when assessing potential evidence on the ARES system, with the AccessData LAB distributed processing technology most recently added.
The business case for adding the tool was built on increasing resilience – as previously if a machine crashed or there was a power cut the whole process would have to start again.
But the collaboration piece became a huge unintended benefit, said major Keith Miller, officer commanding SPCB. Under the AccessData LAB technology means civilian investigators can now work on the early stage of cases, with forensics analysts brought in later if necessary.
Miller said: “Previously one officer had to single-handedly sift through 850,000 indecent images to compile evidence to bring a case. Why put an individual through that mental strain when there are smarter, digital ways of completing this task?”
He said: “The collaborative functionality meant investigators could be quickly trained to use the interface and collaborate on Early Case Assessment, freeing up highly qualified digital forensics analysts to focus on analysis”
Since it has been implemented, the storage capacity has been extended from 600TB to 1PB of storage, with the mobile version’s storage capacity has increased from 12TB to 950TB.
“The majority of other cyber crime teams want to move the way we have. And to be frank that is the only solution for collaborative working [in this area of digital forensics] on the market at the moment,” said Miller.