By Tim Rollins
Back in May, when Exterro announced the deployment of FTK Central® by the West Midlands Police Force, we were pretty excited. It was a pioneering project, paving the way for a UK-spanning, national digital forensics service, enabling cases to be worked on remotely, officers to collaborate, and cases to be resolved at speed.
Today, we’re thrilled that the UK IT Industry Awards have recognized the hard work and technology innovation that Exterro, Microsoft, and the West Midlands Police Force have achieved together, selecting us as the Best Security, Defense or Law Enforcement IT Project of the Year for 2022! Being chosen for the award from among several worthy finalists is an outstanding honor, but it pales in comparison to what the project achieves for dedicated law enforcement professionals and the communities they serve.
“Exterro’s FTK has massively reduced processing times and improved forensic readiness with processes that previously took days to complete now almost instantaneous. We anticipate that we will see continued improvements over the coming months, including vastly reduced data backlogs, minimised detention times for suspects and expedited cases, resulting in faster speed to justice which will see the innocent released, the guilty convicted, and a sense of closure for victims and their families. This is going to be game-changing for our force and all those that follow”, said John Price, Detective Sergeant, West Midlands Police.
Traditionally, police forces are hamstrung by digital forensics that are slow, fractured and piecemeal creating a mountain of data that delays processing—and that’s true not just in the UK, but broadly across Europe and the United States, as well. Device types and data formats are constantly proliferating, and 90% of crime now has some digital element. Investigators working the cases are typically siloed, and police forces end up collating, submitting and reviewing evidential data separately, using their own regional Digital Forensics Units (DFUs). The process is hampered by an inability to integrate all data sources into an investigation, technology that doesn’t scale, and slow processing rates. These issues lead to evidential data being overlooked, higher manpower costs, and case backlogs that delay the criminal justice process.
The issue was so pressing that the UK’s National Police Chiefs’ Council, in association with partnering organizations, recognized the need to transform the process in its recent Digital Forensic Science Strategy—but they admitted that the project would not be technically possible until 2025. Why? Because they needed “a flexible platform and toolset to scale up capability quickly” that could “take advantage of cloud technologies” to create “a shared infrastructure, removing barriers to collaboration and enabling flexible resource deployment to meet demand”.
Enter FTK Central.
Exterro and Microsoft pooled their respective resources and expertise to develop an industry first: a cloud-based digital forensics and incident response (DFIR) solution. With Exterro’s FTK Central platform housed in Microsoft Azure, West Midlands could collect, process and review very large volumes of data at speed, while also centralising access so officers and investigators could work collaboratively.
West Midlands Police (WMP), one of the largest forces in the country with 52 police stations and 6,846 officers responsible for 2.93 million civilians, wanted its digital forensic investigators and its officers on the ground to work on evidential data simultaneously, without the need to be physically in the DFU. The upload of sensitive forensic data into the cloud marks an industry first and has proven the viability of the solution, effectively paving the way for the creation of a cohesive national forensics ecosystem, as envisaged by the Digital Forensic Science Strategy—three years ahead of schedule!
Previously, WMP officers would need to be allocated disk robots, burners, and laptops to download evidence from a server and physically burn it to disk for review, a laborious process which could take 8-16 hours. Now officers can upload data for review via a web browser over any device from anywhere, and can then be made immediately available to the officer in charge for review. In addition to forensic images, loose files, and other difficult-to-handle information, the solution can pull evidence from cloud data sources such as G Suite, Office 365, Slack, and structured repositories on or off the network.
The cloud-based platform has massively reduced processing times and improved forensic readiness. Collaboration with outside reviewers and team members in real time means links can be made and evidence uncovered faster. Whereas before a disk would have existed as a separate, isolated body of evidence within the review platform, now, as data in the cloud, it can be cross-referenced and made available to cross-border investigations, meaning other forces across the UK and internationally can use the same intelligence. Defensibility is a priority, so each case file is configured so reviewers only see data that is relevant for their assigned cases.
The WMP force project has demonstrated the speed, scalability and flexibility conferred by a cloud based DFIR platform. Where it has led, others will follow. This pioneering project will provide other police forces with a blueprint on how to move from a hardware-based evidential process to one located in the cloud. In doing so, these forces stand to gain the same benefits as experienced by the WMP, whose officers and investigators can now work flexibly and collaboratively, freeing up resource and eliminating the delays that have allowed caseloads to accumulate. The force is also much better placed to deal with future change, with the ability to access data over a variety of endpoints.
We’re thrilled to have been recognised for the project by the UK IT Industry Awards, the largest and most well-known event in the UK’s technology industry calendar. But the greatest rewards are being achieved by WMP and other forces that follow in adoption of cloud based DFIR platforms. The project has effectively made manifest the centralised scalable digital forensics service envisioned in the Digital Forensic Science Strategy and has paved the way for a nation digital forensics service. The Strategy’s ambitions for 2025 included the centralisation of data management, officer collaboration, a move to the cloud to ensure processes can be automated and streamlined, and the rationalisation of data and coordination of police force efforts – all of which the solution makes achievable today, three years earlier than anticipated.
Learn more about Exterro FTK digital forensic solutions here!