Spotlight on: Forensic Analytics

12/07/2018

Analytical and data processing software firm Forensic Analytics has developed a collaboration with The Police ICT Company, having recently been recognised on its Vendor Management Programme. Forensic Analytics Managing Director and co-founder Joe Hoy (left) gives his insight into the challenges facing policing in this space and how the collaboration with The Police ICT Company has simplified the procurement process.

Q. What does Forensic Analytics do?

A. We create analytical and data processing tools for digital forensics users. Our software applications – Cell Site Analysis Suite (CSAS) and Communications Data Automated Normalisation (CDAN) – speed up the process of processing communications data and other forms of digital evidence to help analysts, Digital Media Investigators (DMIs) and investigators spend less time formatting the data and more time understanding it. Our products make granular analytics accessible to users so that data may be explored in detail, at speed and at scale and, crucially, evidentially.

Q. What was the impetus behind the formation of Forensic Analytics in 2013?

A. At the time, communications data analysis and cell site analysis were relatively new disciplines. As my fellow founder, Martin Griffiths, and I had worked for several years as cell site expert witnesses, we could see the challenge that handling comms data evidence presented – both to police forces and to other comms data users. We initially created a tool for our own use, to make our handling of comms data more efficient, but then discovered that we weren’t alone, that there were others struggling with the same issues.

Q. What are the biggest challenges facing policing in your area of forensics?

A. We see many challenges – some human, some technology-based – but if I had to pick three:

Training – The training support that forces receive is changing. Centrally-funded and directed training programmes for comms data analysis are either being cut or have failed to stay up to date. This means that many of our users learn their trade from peers, by rote or through their own research. One issue we see is the training and skills deficit, which we have addressed through our portfolio of comms data, cell site and Radio Frequency Propagation Surveying (RFPS) training courses, which are designed to up-skill our users and give them the knowledge they need to confidently work in this area.  

Diversity – Comms and associated data is finding its way into an increasing range of cases and investigations and is being used by a wider variety of police roles – not only analysts, but DMIs, detectives and other front-line officers – and so the requirements for the ways in which comms data is processed and presented are becoming more diverse and the starting knowledge very varied. As a software vendor, we work to produce affordable, flexible analysis tools that are appropriate for this diverse range of users with varying levels of understanding of comms and different requirements for the depth of analysis that they undertake.  

Managing Big Data – The final issue is the ability for a force to manage big data and I would define this as new data entering a force and the huge data volumes that already exist in storage silos. From this, our challenge is to extract accurate, actionable intelligence almost instantly. A big ask – but this feeds in to the notion of large scale automation and exploiting the power of the cloud that we’ve explored with our CDAN, Indexer and Decypher product ranges. Big data on creaking IT infrastructures doesn’t work and when one considers the rate of increase in data volumes against the capacity within a police force to prioritise their resources and manage an investigation – it’s really difficult. They need help and we have solutions that deliver.

Q. Who are the main users of your products in police forces?

A. Frankly, anyone who has a need to work with communications data; whether to process complex comms data files quickly to produce a basic map or to undertake in-depth analytics on comms data aligned with other data sets such as handset downloads, ANPR and whatever else our users wish us to integrate. We have achieved great success by empowering manhunt and locate teams, Serious and Organised Crime Groups (SOCG), CT (Counter Terrorism) teams and Professional Standards to process and investigate comms data for themselves, especially at times when analysts are not available. 

Q. Have you got some specific examples of where your software has helped directly with investigations?

A. Yes – we recently helped a force with the biggest comms data-related investigation they have ever launched, which resulted in 19 convictions and the disruption of a major regional drug supply operation. There were over 1.5 million rows of data in the aggregated set of comms data files, which would have been a monstrous task to cleanse manually, week and weeks of effort, whereas CSAS Desktop was able to cleanse that data in just a few minutes, allowing the investigation team to claw back weeks of time that could be used more productively. 

As we are cell site practitioners ourselves, with a growing cell site practice and a steady stream of cases, we also have a number of investigations in which we use our solutions to create and deliver evidence. We have found that taking CSAS into the witness box on a laptop is exceptionally helpful during evidence-in-chief and cross examinations, as you can answer pretty much any question about the comms data immediately and accurately – it’s that flexible.

It is difficult to provide detail in respect of specific examples as we/ the forces would not want to divulge information relating to investigation tactics. However, our solutions are currently being used by a large percentage of forces across the country in a variety of different scenarios. 

Q. What are the greatest challenges of doing business in this market and how can the relationship with The Police ICT Company help?

A. We face two major challenges: procurement and IT integration.

Both these issues are addressable but have previously caused delays in the purchasing and deployment of our software. The first challenge, procurement, is massively helped by the relationship with the Company. The ‘direct award’ facility via the ComIT purchasing framework combined with the close collaboration we have developed with the Company in being recognised on the Company’s Vendor Management programme can shorten the procurement cycle significantly. Given that every business is a cash flow business, for us, the simplification of the procurement process and associated support that The Company offers is critical. 

IT integration will always be challenging. Quite rightly, IT teams don’t want to deploy new solutions within their estate until they’re confident that they won’t disrupt the network or existing services, but this leads to inevitable delays in deploying solutions that our users are desperate to start using. We believe that this situation will be eased as use of ‘the cloud’ by police forces is embraced more. This is why we and one of our partners, Blue Lights Digital, have invested heavily in developing our secure cloud-based solution, Decypher. This is deployed physically within the UK with a Home Office approved cloud service provider and offers simple, affordable browser-based access to comms data cleansing services on both an account and a ‘pay as you go’ basis.  

Q. What do you see as the greatest challenges facing the police with respect to digital forensics in the next few years?

A. Well, having discussed “Big Data” in an earlier question, I’d like to explore an aspect of this which is often neglected – management of the huge volumes of digital data that already exists within each force and agency, and is continuing to grow exponentially. This would include handset and Call Data Records (CDR) data, but other databases storing rich (and potentially untapped) stores of intelligence can be included.

Federated Search of comms data, handset download data and other databases enables forces to de-silo the comms data they already hold, cleansing it into an indexed database and getting it to the fingertips of every officer, researcher and analyst who needs access to the investigative insights the data contains. A Federated Search is really important as it helps users tremendously to move an investigation forward if they know that information about a name or identity already exists in a force or a region. This exploits the notion that we are all linked by fewer and fewer degrees of separation and in principle we all know each other.