Cellebrite published its third annual Digital Intelligence Benchmark Report 2021. The current trends involve rapidly evolving technology advancements rendering a set of challenges faced by law enforcement, military and intelligence agencies worldwide.
The PDF copy of Report can be downloaded. As per details of the report 2021 was important due to COVID 19 lockdown which created a unique and unexpected impact, working remotely and ‘not being able to access labs or collaborate face-to-face with colleagues made it particularly challenging for forensic lab examiners, investigators, and agency managers everywhere.’
To keep the community safe from crime, the report is an attempt to realise certain gaps and facilitate a stronger infrastructure for investigating agencies across the world. Cellebrite draws out several investigation-related questions to its more than 2,000 respondents from 117 countries.
More than 50 per cent of respondents are from the North American region while 25 per cent are from Europe, the Middle East, and Africa; 17 per cent are Latin American and 7 per cent are from Asia Pacific. Among the respondents, 36 per cent belongs to local/regional law Enforcement Agencies, 22% were from state law enforcement agencies and 27% are from federal law enforcement and military/intelligence agencies.
Report Findings
As technology becomes more part of general life, it has found its place in the investigation process as well. Our increasing reliance on technology makes it easier to leave a digital footprint on every little activity one conducts. This data can provide valuable insight in form of evidence for the investigators as per the Report.
The growing digital sources like phones, computers, tablets, CCTV, wearables, cryptocurrency, etc lead to the amount of data that can be processed into digital evidence that law enforcement agencies surface on daily basis.
As per the report, 63% of cases include digital evidence as part of the investigation. Out of that 96% of examiners state that smartphones appeared frequently or very frequently in their investigation in the past year followed by Windows computers (52%), feature phones (45%), and tablets (39%). While examining the devices, the investigators increasingly prioritize and only examine time-sensitive data or only devices from certain cases.
The report gives a year-on-year comparison of how, examiners experiencing backlogs of evidence, handle them. Since 2019 the trend has been shifting from examiners working overtime to complete the exam (50% in 2019; 31% in 2020 and 28% in 2021) to prioritise and only examine time-sensitive data, or only devices from certain kinds of cases (25% in 2019; 40% in 2020 and 37% in 2021). Also, the global average of 57% which is 6 out of 10 devices that reach the lab for examinations was locked. Furthermore, the report also accounted that 56% of encrypted apps and 54% of the amount of data that needs to be extracted add additional challenges that slow the investigative process.’ Other challenges include not getting enough data from the device (47%); the volume of phone (36%); devices that have been damaged (36%); inability to decode artefacts (32%); extractions crashing in the middle (20%); creating an extraction report with the relevant data (14%); inability to correlate extracted data from multiple phones (10%); and retrieve date from previous extractions for cross analysis (9%).
Reading through the high-profile cases, which typically get prioritised, still can take several days or even weeks to provide the data and report to investigators. It takes 5-7 days on average to process a device which also 11% of respondents agreed to. While 35% of respondents state that it takes 1-2 days to receive the analysis report after a digital device is submitted for extraction for high-priority cases.
Even receiving the evidence or the sources to extract the data, as per the report findings, 47% of examiners feel that a significant amount of data is still missing from device examinations, which could have implications in solving cases efficiently.
In the case of physical/full-file-system extractions, the examiners noted that only 45% of extractions were conducted in the past three months. The report also gives a YoY average comparison of the same with 52% in 2019, 41% in 2020 and 45% in 2021. The challenge ascertained is the clock ticking against them when they have little time to get deep into the data, including deleted data.
As per the report, ‘some 97% of investigators state feeling that key evidence is missing and/or lost when reviewing digital data. And over half believe this happens most of the time.’ Moreover, once investigators have the data and the report from the lab, the investigation process gets complicated and 60% of investigators feel that. Also, 73% of investigators believe that data review takes too long. It takes as much as 48 hours per week on average to review photos, videos, text messages, and CCTV footage, and create reports.
Furthermore, this evidence gets stored on DVDs, flash drives and other removable media, making it even more difficult for the easy and secure flow of clues between the teams. This focuses on the organisations’ effective and effective collaborations as a major challenge. A staggering 36% of investigators and agency managers reported being unsatisfied with the process. Moreover, 96% of investigators miss more effective tools to accelerate time-to-evidence.
As per the report, 33% of investigators are dissatisfied with their agency’s strategy for collecting and preserving digital evidence from devices; 35% are dissatisfied with the processing; and analysing strategy and 35% are dissatisfied with the managing and safeguarding strategy.
Given that, the report also ascertained that some 44% of agency managers stated that they have a mediocre or poor digital transforming strategy and 9% have no strategy at all. Since the covid-19, the world went through an accelerated digital transformation and as the report suggests that agencies that do not reinvent themselves risk being left behind.
Therefore, 95% of agency managers agree that a partner is key to successful transformation and technology can increase efficiency and time-to-justice.
Here come the Digital Intelligence (DI) solutions that make digital data accessible and accelerate time-to-evidence. This could only be possible if agencies also ‘upskill their personnel to expertly handle digital evidence and find crucial evidence in any scenario, ultimately resolving to build a stronger case.’ The suggestion was given in the face of a report that estimated that half of the agency managers believe their staff is insufficiently trained for the age of digital investigation.
Key Takeaways
The report suggests some important next steps in the light to meet the demands of the future, agencies need the right strategy, tools, and training to begin transforming today.
1. Assess the Gap: The agencies need to seriously evaluate themselves in terms of their skill level, understanding of the digital investigation process, infrastructure in place that can be leveraged and built upon, practises of the investigation teams and more importantly the future plans of the agency to be in next five to 10 years.
2. Establish a DI Strategy: A ready investigative workflow is the demand of the day. It can include operations, infrastructure, human capital, to the day-to-day processes that require skill, knowledge and foresight. All this can be made possible with a solid DI strategy that can prepare the agency for anything while bringing the vision of digital policing within reach.
3. Tool Up for Success: As cases are becoming more complicated and time-consuming to solve with the number of devices and data associated with each case, the right tools and training can help streamline the workflow to expedite time-to-evidence and run the operations more efficiently.
4. Train for Tomorrow: Investing in DI training for personnel at all levels becomes essential when criminals and crime syndicates are becoming increasingly more digitally savvy.
5. Create a Culture of Collaboration: ‘Damaging information silos that exist within agencies and between them must be broken down by building a first-class investigative workflow – operations, infrastructure, personnel, and processes – that is fit for the Digital Age.’
Conclusion
The Cellebrite report highlights that public safety is an essential element of any society, Digital Intelligence can contribute to the infrastructure and institutions to reach the next level by gaining the knowledge, expertise and solutions built for the world that lives in the transforming digital age.
[Compilation by Harshita Singh Panwar]