By Tim Rollins
The plaudits keep on coming for the deployment of FTK Central® by the West Midlands Police Force, a project in which we partnered with WMP and Microsoft on a pioneering effort that lays the foundation for a UK-spanning, national digital forensics service, enabling cases to be worked on remotely, officers to collaborate, and cases to be resolved at speed.
On November 16th, at the British Legal Technology Awards 2022, Exterro was awarded the prize for Innovation in Legal Services, which recognizes us for “driving the future of technology in legal services.” We are thrilled that yet another organization (after winning at the UK IT Industry Awards just over a week ago) has recognized the hard work and technology innovation that Exterro, Microsoft, and the West Midlands Police Force have achieved together. Being chosen for the award from among several worthy finalists is an outstanding honor, but truly the greatest reward is what the project achieves for dedicated law enforcement professionals and the communities they serve.
“Exterro’s FTK has massively reduced processing times and improved forensic readiness with processes that previously took days to complete now almost instantaneous. We anticipate that we will see continued improvements over the coming months, including vastly reduced data backlogs, minimised detention times for suspects and expedited cases, resulting in faster speed to justice which will see the innocent released, the guilty convicted, and a sense of closure for victims and their families. This is going to be game-changing for our force and all those that follow”, said John Price, Detective Sergeant, West Midlands Police.
Traditional forensics processes at law enforcement agencies are slow, fractured and piecemeal, creating data backlogs that delay processing—not just in the UK, but broadly across Europe and the United States, as well. Device types and data formats are constantly proliferating, and 90% of crime now has some digital element, so the need for skilled forensic investigators and efficient technology is growing.
Investigators working the cases are often siloed from each other and their departments. Police forces end up collating, submitting and reviewing evidential data separately, using their own regional Digital Forensics Units (DFUs), rather than relying on a center of excellence with the best investigators and technology. The process is hampered by an inability to integrate all data sources into an investigation, technology that doesn’t scale, and slow processing rates. These issues lead to evidential data being overlooked, higher manpower costs, and case backlogs that delay the promise of justice for all.
The issue was so pressing that the UK’s National Police Chiefs’ Council, in association with partnering organizations, recognized the need to transform the process in its recent Digital Forensic Science Strategy—but they admitted that the project would not be technically possible until 2025. Why? Because they needed “a flexible platform and toolset to scale up capability quickly” that could “take advantage of cloud technologies” to create “a shared infrastructure, removing barriers to collaboration and enabling flexible resource deployment to meet demand”.
They hadn’t considered the potential of FTK Central.
Exterro and Microsoft pooled their respective resources and expertise to develop an industry first: a cloud-based digital forensics and incident response (DFIR) solution. With Exterro’s FTK Central platform housed in Microsoft Azure, West Midlands could collect, process and review very large volumes of data at speed, while also centralising access so officers and investigators could work collaboratively.
West Midlands Police (WMP), one of the largest forces in the country with 52 police stations and 6,846 officers responsible for 2.93 million civilians, wanted its digital forensic investigators and its officers on the ground to work on evidential data simultaneously, without the need to be physically in the DFU. The upload of sensitive forensic data into the cloud marks an industry first and has proven the viability of the solution, effectively paving the way for the creation of a cohesive national forensics ecosystem, as envisaged by the Digital Forensic Science Strategy—three years ahead of schedule!
Previously, WMP officers needed to use disk robots, burners, and laptops to download evidence from a server and physically burn it to disks for review, a slow-moving, labor-intensive process that took up to 16 hours. Now, they can upload data for review via a web browser over any device from anywhere--and the files are immediately available to the officer in charge for review. In addition to forensic images, loose files, and other difficult-to-handle information, the solution can pull evidence from cloud data sources such as G Suite, Office 365, Slack, and structured repositories on or off the network. The applications of the solution extend beyond law enforcement activities; they can also be used in enterprises investigating cyber-incidents, potential human resources violations, or other forms of employee wrongdoing.
The cloud-based platform has massively reduced processing times and improved forensic readiness. Collaboration with outside reviewers and team members in real time means evidence can be uncovered faster and links between cases made more quickly. Before, a disk would have existed as a separate, isolated body of evidence within the review platform. Now, as data in the cloud, it can be cross-referenced and made available to cross-border investigations, so investigators across the UK and internationally can use the same intelligence. Defensibility is a priority, so each case file is configured so reviewers only see data that is relevant for their assigned cases.
The WMP force project has demonstrated the speed, scalability and flexibility conferred by a cloud based DFIR platform. Where it has led, others will follow. This pioneering project will provide other police forces with a blueprint on how to move from a hardware-based evidential process to one located in the cloud. In doing so, these forces stand to gain the same benefits as experienced by the WMP, whose officers and investigators can now work flexibly and collaboratively, freeing up resource and eliminating the delays that have allowed caseloads to accumulate. The force is also much better placed to deal with future change, with the ability to access data over a variety of endpoints.
We’re thrilled to have been recognised for the project by the British Legal Technology Awards for the project’s innovative solution to digital forensic workflows. But the greatest rewards are being achieved by WMP and other forces that follow in adoption of cloud based DFIR platforms. The project has effectively made manifest the centralised scalable digital forensics service envisioned in the Digital Forensic Science Strategy and has paved the way for a nation digital forensics service. The Strategy’s ambitions for 2025 included the centralisation of data management, officer collaboration, a move to the cloud to ensure processes can be automated and streamlined, and the rationalisation of data and coordination of police force efforts – all of which the solution makes achievable today, three years earlier than anticipated.