The digital forensics process needs to rapidly and accurately extract data from a wide range of digital devices and sources in order to facilitate the investigative process. There are a number of well established products in the marketplace, each of which allows experienced users to search content gathered from any device. However, there are limitations to this approach, and these limitations grow with the increasing use of digital data and information storage.
- The process of indexing and searching is time-consuming and needs the active involvement of forensics experts.
- The current investigative approach relies on search and thus directs any query
towards what is known, rather than what is unknown. As well as being hypothesis
driven, a search based approach is also impacted by issues of mis-spelling, multiple spelling, punctuation and semantics.
- Existing forensics search techniques result in only a small fraction of the total content being investigated, bookmarked, copied and saved. The rest of the potentially valuable intelligence is either discarded or archived, requiring the whole process to start again if further investigation is required.
- Each device or source is analysed in isolation, with little or no capability to compare content across sources, or reveal associations or links, however weak, that may be significant to a current, past or future investigation.
The specific system takes a radically different approach to the modern day forensics challenge. It automatically identifies the major themes and sub-themes of content in any language, and extracts categorised entities which can greatly improve the speed with which information of relevance can be highlighted and investigated further. These can be anything that the user chooses to defined, for example:
- People - Places
- Organisations - Dates
- Telephone Numbers - Emails
- Credit Card Number - IBAN
- Car Registrations - Drugs & Chemicals
- Postcodes - Passports
- Driving Licences - User Defined
Once information is captured and indexed, all potential intelligence is then retained for current and future investigations. The software also provides automated comparison between device images and digital content, immediately identifying associations between entities, such as email relationships, phone records, location of phones, activities and people, the timing of key events, etc.
Innovative Aspects:
- Scalable, extensible and powerful software enviroment for digital forensics that rapidly gathers and indexes all content available from a wide range of devices and sources. As well as providing a range or advanced discovery tools,
this easy-to-use software focuses on helping the user understand the actual content that is present.
- Seamlessly integrates digital content from any device or source, as well as allowing the user to link in other structured and un-structured data from enterprise databases, files, 3rd party organisations, the web and other agencies.
- Allows sharing of intelligence and evidence between different agencies, automatically revealing commonality and associations.
