digital-forensics
Statistical Data Analysis

Forensics expert fights crime with digital weapons

Paul Slater manages the EMEA region for Nuix, the e-discovery company that recently made the news for its role in exposing the Panama Papers affair. But Slater is also Nuix’s director for forensic solutions and spent over 20 years in investigations, digital forensics and e-discovery as a police officer and consultant. His roles have included being interim head of the UK’s Serious Fraud Office’s digital forensics unit. Slater was also involved in reviewing the update for UK Association of Chief Police Officers’ Good Practice Guide for Digital Evidence 2012.

I recently spoke to Slater by phone, battling to be heard over the blaring noise and ridiculously frequent Tannoy updates of King’s Cross railway station in London.

He tells me that he is a “geek at heart” and that his high-tech crime investigatory work in the late 1990s mostly involved computer breaches and insider threats. But today, digital crime is a broader spectrum. “Over the years, crime has effectively gone digital and all those things have a digital slant,” he says.

I suggest that digital forensics gained a big PR win in the UK with the Dr. Harold Shipman case. Shipman, a general practitioner, was found guilty in 2000 of a series of murders of his patients and a key piece of evidence was that he had falsified information on his PC, changing data after the fact to support his stated causes of death while in fact he had been administering lethal doses of drugs. Slater tells me he was involved in the very same case and says it was a memorable moment when Shipman’s deception was discovered via digital tools.

“The technology did what it was supposed to do, keeping an accurate record of what the doctor was doing,” he says. “It was an amazing moment, overwhelming.”

Today, he says he is optimistic that modern analytics will help investigators revisit old cases, thanks to the ability to identify documents with similar content and themes and by spotting the relationships between objects, locations and events.

“Something held five years ago might aid investigation today, such as a car registration number, bank account or telephone number. It’s finding the needle in a haystack: things this person did when they went to this place…”

Finally, I ask him for a personal perspective on the FBI-Apple standoff. Should Apple have rolled over when the Feds asked it to?

“I can see both sides of the fence,” he says. “My personal view is that if information can assist an investigation it would seem to be the right thing to do but we have to be very measured and it’s been shown subsequently that there are technologies that can circumvent this.”

Finally, I have to run for a train but promise to follow up with email questions. The following is a lightly edited draft of those questions and the answers Slater kindly provided.

 

What other digital investigations stand out for you from your career?

I have been involved in quite a few standout investigations over the years. Some that hit the press — including Shipman, the Wonderland Paedophile Ring or the investigation into the loss of Child Benefits data sent through the post —and many others which never made the news. 

Over the past few years my role has changed to be more of an advisor - especially at Nuix where we have a fantastic team of subject matter experts made up from Law Enforcement, Corporate and Big 4 advisories. We now work with our customers to ensure that they get the best from our software so that they can implement efficient and evidentially robust workflows. We also use their experiences and requirements (what is happening in the real world) to feed back into our product development, and ensure that our technology is future-proofed. For example, the Child Abuse Image Database (CAID) recently launched by the UK government is supported by Nuix in this way.

 

What are the next frontiers in digital forensics?

As the volume of electronic data grows exponentially and the number and type of devices "owned" by people — such as smartphones and tablets — increases, the need to be able to identify, collect, consolidate, filter and analyse relevant data, compounded by "peripheral data" such as CCTV, physical access control logs, satnav or computer log files, becomes even more important.

Historically, during an investigation numerous techniques and tools would be used to attempt to piece together the various pieces of the puzzle, especially around chronology. For example, when trying to link a call on a mobile phone with a person having just entered a secure office, against an unauthorised log onto a computer and the copying of files to a remote device.    

Now, with technologies such as Nuix, all these sources of evidence can be dropped into the "hopper" and processed simultaneously. The results are shown graphically, and highlight connections between people, objects, locations and events. Especially in the case of counter-terrorism investigations, where suspects can be in different cities or countries, this federation across multiple evidence sources empowers investigators to "join the dots" and almost instantly see connections that previously would have taken weeks or even months to find.  

This intelligence sharing can also help investigators across the world to quickly filter huge volumes of data and instantly remove irrelevant information or highlight items of potential interest that require immediate review.

 

What is best-practice in terms of how the state needs to balance privacy and investigatory powers?

Having worked within law enforcement, and given the phenomenal growth in the use of technology, I am in no doubt that new, up-to-date legislation is needed to regulate some of the things we see happening today. However, any legislation needs to be balanced and fit for purpose.

Yesterday, (14 April) the European Parliament voted in favour of major reforms to data protection in the EU which were first proposed in 2012. These changes are meant to replace the current and outdated rules, which go back to the mid-Nineties.  

Part of the Data Protection Directive relates to police and criminal justice systems and has been designed to protect individual’s fundamental right to data protection in circumstances where their personal information will be used for criminal law enforcement purposes, irrespective of them being a criminal, victim or witness.

The Directive will "enable law enforcement and judicial authorities to cooperate more effectively and more rapidly with each other by facilitating the exchange of personal data necessary to prevent crime under conditions of legal certainty, fully in line with the Charter of Fundamental Rights.”

 

What do you think of the latest RIP Bill in the UK?

The draft Investigatory Powers Bill, otherwise known as the “Snoopers' Charter”, is another piece of legislation trying to play catch up with how people use and interact with technology today. There is obviously a need to keep people safe. However, I personally think that any new legislation - especially one with such potentially wide sweeping powers - needs to be measured, balanced, have clear unambiguous language and include sufficient safeguards to prevent abuse.

 

How can policing and other investigatory bodies be best equipped to capitalise in today’s discovery tools?

We are starting to see a shift in how law enforcement and other investigatory bodies tackle investigations.  A recent Home Office Publication titled "eDiscovery in Digital Forensic Investigations", which looked at a number of eDiscovery and Investigation tools including Nuix, was a significant step towards changing ways of thinking, and gave credibility to what I and my colleagues have been saying for years: against the backdrop of ever increasing corporate governance, insider threats, and cyber-attacks, as well as ever shrinking budgets and available trained staff, many of today’s law enforcement investigators will become the corporate investigator of tomorrow. In fact, over the years we have seen a significant convergence between the two disciplines, driven by the need to find the key evidence as quickly as possible and get the right information into the hands of those who need to see and review it as quickly as possible.

 

How much of Nuix’s business is crime-related and how much of it is focused on business due diligence?

Within the UK (and EMEA) a significant number of our customers are using our technology to support investigations, including law enforcement, government and regulatory. We work across all crime types involving digital media -- such as fraud, paedophilia, and murder. We also conduct corporate investigations looking into fraud, bribery, corruption and insider threats.

Many corporations also use our technology to undertake eDiscovery. In fact, we often say that every eDiscovery case starts with an investigation.  

One of the powerful things about Nuix is that our technology can be used across the entire information lifecycle - and many customers buy Nuix to solve one problem, not really realising it can be used to solve something completely different!

 

Is all crime fighting now linked to digital tools?

Our whole lives have become digital - almost everything we do today will leave some kind of digital footprint. Be it our online activity, our supermarket buying habits, the route we follow on our drive to work or even our walk down the High Street… everything is being captured electronically. 

Perhaps a question for you - can you think of any (criminal) offence where there is no possibility of digital evidence being able to help support the investigation?   

 

Related reading:

Inside the tech behind the Panama Papers

Nuix CEO seeks needles from digital haystacks

PREVIOUS ARTICLE

« Typical 24: Dr. Marc Rössel, Paessler AG

NEXT ARTICLE

Crowdsourcing Innovation: Bojan Smiljanic, Kodama Inc. »
author_image
Martin Veitch

Martin Veitch is Contributing Editor for IDG Connect

  • twt
  • twt
  • Mail

Poll

Do you think your smartphone is making you a workaholic?