Digital forensic science is the process of obtaining, analysing and using digital evidence in investigations or criminal proceedings. Digital evidence ranges from images of child sexual exploitation to the location of a mobile phone. This note looks at the use of digital forensics by UK law enforcement agencies. It covers how evidence is obtained, the legislation and regulation in this area, and the efforts being made to address the challenges faced by practitioners.Jump to full report >>
Digital evidence may be present in almost every crime, offering new opportunities to support the police in their investigations. Evidence can come from smart phones, WIFI routers, CCTV, wearable devices such as fitness watches and other devices. Digital forensic analysis can be used to extract information from these data sources, helping to provide evidence of criminality, exonerate suspects or aid an investigation more generally.
The powers available to law enforcement and security agencies to intercept the content of communications, and to acquire information about communications from communications service providers, are governed by a number of pieces of legislation. These include the Regulation of Investigatory Powers Act 2000 and the Data Retention and Investigatory Powers Act 2014. Parliament is currently considering the Investigatory Powers Bill, which the Government intends to consolidate and update these powers.
Challenges for digital forensics investigators can include difficulties with accessing data, for instance if it encrypted or stored in the cloud, and the rapid pace of technological change. New hardware, operating systems and applications must be studied to discover how to reliably find information of forensic value, which requires the development and testing of new techniques. The proliferation of devices and the increasing amount of data being stored on them, is adding to digital forensic workloads. Some police forces have delays of up to 12 months for the analysis of devices, and policing organisations have identified a need to develop their digital investigation capabilities.
Approaches being taken to address the disparity between demand for services and available resources include triaging, for example determining which devices should be prioritised for further investigation, and Streamlined Forensic Reporting (SFR). SFR is currently being used to deliver DNA and fingerprint evidence to UK courts, to reduce the time and cost of gathering forensic evidence, and may also be appropriate for digital evidence.
Authors: Lydia Harriss; Kathryn Boast
Topics: Crime, Industry, Information technology, Intelligence services, Internet and cybercrime, Privacy, Regulation, Research and innovation, Security industry, Standards, Telecommunications, Terrorism
The Parliamentary Office of Science and Technology produces independent, balanced and accessible briefings on public policy issues related to science and technology.