After realising that its previous IT system was inefficient for processing the 100-150 cases a year it deals with, the Royal Military Police (RMP) turned to software solutions provider AccessData for help.
The RMP Service Police Crime Bureau (SPCB) is the Army’s technical investigative organisation, with 15 high tech crime personnel with its Cyber Crime Centre (3C).
The SPCB is often asked to assist with digital investigations undertaken by both civilian police and the armed forces.
Major Keith Miller, Officer Formerly Commanding SPCB, explained that for the 100-150 cases it processes each year, up to 15 devices are seized for every individual investigated.
The personal digital footprint of each case is around two to three terabytes of data, as a single arrest can involve the seizure and investigation of smartphone, laptops, USB drives, TVs, tablets and gaming devices, with gigabytes of data stored on each.
Prior to working with AccessData, RMP approached such cases with a dedicated tower computer for each case, which led to individual workstations being tired up for weeks at a time for a single case.
Collaboration was ultimately difficult, slowing down the analysis and presentation of digital forensic evidence.
“This method is very inefficient because a single person is working on that case and they can’t share the workload,” claimed Major Miller.
“If a machine crashes, or there is a power cut, the investigating officer may have to start the whole process again,” he added.
Major Miller also explained that this approach could have a mental impact of investigators as well because it often meant one officer had to single-handedly sift through hundreds of thousands of indecent images to compile evidence.
“Why put an individual through that mental strain when there are smarter, digital ways of completing this task,” he questioned.
RMP SPCB and Major Miller while he was still Commanding Officer set out to develop a global centre of cyber-crime expertise, using a collection of high powered servers and digital forensics software, allowing it to ingest, process, analyse and archive data from suspects’ devices.
“ARES” is a combination of leading edge hardware and software used by all forces to process digital evidence for Early Case Assessment and prosecution.
According to Major Miller, ARES has refined the digital forensic investigation process within 3C, as well as revolutionising collaborative working.
The AccessData Forensic Toolkit (FTK) was also brought in as a Graphical User Interface for all 3C staff to use when assessing potential evidence, while AccessData LAB allows multiple investigators to collaborate on Early Case Assessment.
By introducing AccessData to ARES, RMP was provided with distributed processing, a new way of working.
“FTK and AccessData LAB enable us to use ARES to its full capability, by allowing us to quickly train investigators to use the interface and collaborate on Early Case Assessment, freeing up highly qualified digital forensic analysts to focus on analysis,” claimed Major Miller.
ARES has been able to drive the fiscal cost of an indicative case from £9500 to just £3200.
Since the implementation of AccessData LAB, 3C has now reduced its caseload of historical jobs by 42% in the first fourth months of use and ingest all jobs at point of receipt and allocate collaboratively.
3C has also been able to apply the expensive analyst resource at the right point of the investigation, thereby increasing productivity.
It has also enabled the exploration of numerous additional lines of enquiry that are only possible due to the new collaborative nature of the system.