The need for the UK police force to conduct forensic investigations on computers is nothing new, but a rapid escalation of cyber crime has demanded a different approach
In the past, the laborious tasks associated with computer forensic investigations were undertaken by teams of high-tech units and contractors with years of experience in forensic investigation. However, with the recent rise in cyber crime, this approach began to fail.
Law enforcement increasingly found that these highly specialised units were being swamped with demands by local officers and detectives requiring both short-term and long-term support for urgent investigations.
A lack of technical on-scene training meant potentially crime-solving material lurking on devices was being lost or left behind. Evidence-laden computers were being “dead-boxed” – powered down and placed into a potentially long-winded evidence process.
Depending on the severity of the crime, devices could be dead-boxed for months before any action was taken. Often, these critical devices sat collecting dust, with very little being done to retrieve evidence from them.
For the frontline police investigating crime, knowledge of cyber security is important for gathering digital evidence fast. When arriving at a crime scene, speed is essential and every second a computer is left unattended it loses data stored in its memory cache.