- (Photo: Detego Global)

(Photo: Detego Global)

Many people, including law enforcement professionals, believe that digital forensics have made it easier to convict criminals. That's true to a great degree, but it’s just not that simple. There are many associated challenges that delay digital forensics investigations.

By channelling its extensive experience in providing highly portable, easy-to-use digital forensic solutions for elite law enforcement and military teams, my company, Detego Global, has developed a solution to help overcome the challenges investigators face when analyzing digital data. Before we discuss Detego’s Field Triage in detail, let’s explore the current context of today’s law enforcement digital investigations.

The Problem

As digital forensics expertise is scarce, the support of specialist labs and teams are often sought for the extraction, analysis, and reporting of data from devices related to investigations.

The increasing number of devices and device types, the growing masses of data that need to be analysed and the recent advances in password protection and encryption have made it all too difficult for the limited number of experienced investigators to deliver results in a timely manner.

Backlogs have become the norm, and investigations have been delayed by months, if not years, as a result.

The Solution

Reducing backlogs could be accomplished as easily as taking digital forensics to the frontlines, and that’s what Field Triage from Detego can help you do.

Field Triage is an innovative digital forensics solution that enables investigators in both lab and field-based environments to rapidly scan devices for suspicious material without running resource-intensive data extraction and analytical processes. This helps reduce the strain of specialist team members, while enabling frontline agents to gather specific data digital forensics experts need. Field Triage is trusted by police around the world and helps investigators to swiftly identify and respond to security challenges in time-critical scenarios—all while ensuring forensically sound processes are followed at each stage.

The solution’s intuitive design and Red-Amber-Green triage feature, which has secured patents in both the United States and the United Kingdom, reduces the strain on senior investigators and specialist labs by enabling team members with little-to-no technical experience to carry out procedurally sound first-level investigations on computers, laptops servers, and loose media devices. Field Triage lets teams adapt to changes in data, devices, and encryption technologies without an additional training burden and also ensures there is minimal skill fade among users. This helps bridge the gap between the rapid growth in digital devices and a much slower paced increase in digital forensic expertise. 

The Field Triage solution, which fits in USB sticks and other types of loose media, can be deployed anywhere, and it can scan an entire computer in minutes. Field Triage allows users to customize keywords based on the type of investigation, enabling the solution to be deployed across a wide range of investigations relating to terrorism, child sexual abuse material, child sexual abuse and exploitation, indecent images of children, Internet crimes against children, human trafficking, financial crime and insider threats, while supporting the Child Abuse Image Database (CAID) and Project VIC

The partnership with Project VIC has provided Detego’s Field Triage solution a vast number of unique identification numbers assigned to electronically stored information (hash values) to help rapidly locate millions of child sexual abuse material identified from around the world. The solution also supports the CAID database and is used by Internet crimes against children units across the U.S. to identify child abuse material on scene, while reducing the reliance on specialist labs and extensive data extraction and on analysis processes that require senior investigators. 

The automated Field Triage alert system helps investigators make quick decisions and determine when to escalate investigations. The Red, Amber, Green system works like this. Red indicates positive hash value matches. Amber signifies keywords and “regex” (regular expression) matches alongside dark web activity, illicit Internet searches, anti-forensics programs, software encryption, and more. And Green means the solution has found zero keyword and hash value matches.

Field Triage features were developed with police investigation teams in mind, to help them proactively identify and neutralize threats faster while reducing errors and minimising the burden on investigation teams at specialist labs/investigation units. This innovative solution requires minimal user training and has delivered improved efficiency within hours of deployment.

User Experience

Law enforcement teams across the US that have implemented Detego’s technology have already seen a significant decrease in investigation backlogs, some have even seen an increase in case processing times by 70%.

“Like any other law enforcement agency, we were falling behind and failing in overwhelming backlogs. We were able to leverage the speed, ease-of-use and capabilities that Detego has to reimagine and refine our process to become successful and increase our services,” says Sgt. Scott Haugaard, special operations, Nebraska State Patrol. “Detego increased our efficiency, provided a multiplatform solution and saved our agency tens of thousands of dollars in manpower, licenses and equipment.”  

We have also received positive comments from crimes against children investigators.

“I just wanted to pass some news on to you. I went out with a search warrant this morning and did our first deployment of Detego on our suspect’s up and running computer, [name withheld]. “Not only did I find the material needed, but it pulled the username and passwords matching the cyber tip in no time at all. Thank you again for your help throughout purchasing and training. I think we will be using this tool for quite some time.”

Interested law enforcement agencies can now get a first-hand experience of Detego’s solutions with a free, fully-functional 30-day trial at https://detegoglobal.com/request-a-trial

Andy Lister is Detego Global's managing director and a former special forces senior exploit lead.

0 Comments