More use of encryption and specifically on the chip in mobile devices is making forensic analysis even harder.
Speaking at the (ISC)2 EMEA Congress in London, Mark Stokes, head of digital and electronic forensic services at the Metropolitan Police, said that there is a need for “good intuitive tools that are easy to learn” and while some investigators can learn in the morning and investigate in the afternoon to make a decision on to charge or release, often there is only 24-36 hour period in policing to do a forensic investigation, and he said that “encrypted passwords is a concern”.
Stokes said: “There is a balance of the right to protect and the need for policing to proportionately gather evidence to take them through the judicial process.
“The decline in computers will mean a decline in hard drives and traditional foreniscs, and also the decline in mother boards and a move to printed circuit boards with chips on it, which is not good for forensics.”
Stokes admitted that phones are not so difficult to access, but if the password encrypts data on the chip, they may even have to get into the silicon, otherwise it is “chip on chip off” scenario, but this depends on the operating system and the phone.
Stokes said that with 17,000 forensic submissions in 2012/2013, the police were stretched, and dismissed claims that all data is collected for evidence and analysed. Saying that data is distributed across London while suspects are around the world is proving to be challenging, and this is one of the “things we will have to unpick over the next ten years” he said.
“There has been a 60 per cent increase in mobile devices over the past few years and most people have one or two, while most criminals have on average three to six mobile devices per person.” Asked if the the current policing model is fit for 21st century crime, Stokes said he was not sure that it is.
He said that with nine million people expected to live in London by 2020, often it is under pressure to identify and charge suspects in a 24 hour period. “What we currently do is probably the only part of the public sector who are expanding in digital forensics, and we will go to digital hubs in London where we can recover forensic data and we need to keep up with the ability to do that,” he said.
