Fifteen years ago, I retired from law enforcement and joined the private sector like many other ex-officers with some expertise in digital forensics investigations. I certainly felt some anxiety for leaving a prestigious organization like the Royal Canadian Mounted Police (RCMP), having spent the last five years doing numerous forensic investigations ranging from intellectual property (IP) thefts to child exploitation investigations.
Working under this government platform, it became quite evident that working with various rules, regulations and laws required different approaches and a broad range of technical knowledge not internally available at the time.
Ultimately, the different investigative bodies at the various Government levels adopted a collaboration model which meant that we needed to reach out to capable experts outside of the organization.
This approach did not please most law enforcement agencies, however. It was abundantly clear that officers were overworked, with caseloads growing exponentially by the day for most, especially for investigators collecting digital evidence for serious crimes. Still, the value of the electronic evidence collected and produced kept on surpassing expectations compared to more traditional evidence collections.
As expected, the Courts and Judges demanded that the crown and defense counsels use electronic evidence when necessary to avoid positioning the justice system in disrepute. As such, the use of external resources and more so for industry experts increased in a fast and furious rate, so much so that it created a disturbing state of affairs where everyone and anyone with a little bit of IT knowledge became an industry “expert.”
This label meant quick and easy money for the unscrupulous entrepreneur for the reason that a fairly new skill in great demand did not yet have proper labels and designations, such as those like an accountant or lawyer. Consequently, a would-be client did not have the opportunity to verify the experts’ skills and credentials, as one would have today.
Unfortunately, it is still too common today for some clients to be misled and duped by deceitful entrepreneurs knowing enough IT forensic jargon to make a sale.
The entrepreneurs and law enforcement communities are two very different cultures, but somewhere in the middle, there is a group of folks who have common ethical goals to keep the Internet and cyber space as safe as possible with smart tools and services for people managing sound businesses and enjoying safe and social environments offered by the World Wide Web. A good analogy can be represented by a social program like “Neighbourhood Watch,” where people and law enforcement work together to keep their streets and homes safe.
In general, there is a positive cooperation between law enforcement officers working closely with the general public to monitor the Internet for child exploitation, bullying and online stalking incidents. These are serious crimes, situations which if not dealt with properly could leave a vast pool of victims helpless and unable to find proper support because of a general ignorance on how to report an incident to the right agency.
In these particular cases, a strong collaboration is imperative and necessary between law enforcement officers, lawyers, forensic experts and internet service providers (ISP) to work together efficiently and swiftly for the purpose of identifying/locating the perpetrators.
This much needed collaboration has some challenges coming in the near future with the Internet of Things (IOT).
An IOT environment consists of various types of devices communicating with each other to make our business and personal lives better. These devices includes wearables like Fitbits, iWatches, various health monitors, smart refrigerators and baby monitors, to name a few.
More complex IoT environments would include Smart Houses managing their own environment with smart thermostats, energy efficient windows, smart light controls and remote devices to manage your house while you are on holidays.Furthermore, do not forget about the new self-driving vehicles coming on the market now.
Why is this so important to law enforcement and corporate security investigators?
Ultimately, investigators attempt to identify a certain action/behavior within a specific environment and to accomplish this, the investigators will use available records to perform this task. A good example of this can be a hacking investigation where ultimately the investigator will attempt to locate and place someone behind a keyboard to prove a breach.
IoT devices or systems produce records in various computer languages and quantity. The challenge for investigators is to collect the data promptly before it gets overwritten or deleted and also use the right tools to do so. Most IoT devices have very small digital memory containers, however. The interface application managing the device might contain much more historical data useful for the investigation.
This is a very new area for law enforcement and corporate investigators hence the need for a sustain and deep collaboration between all parties affected by this new investigative process. The security community is working at establishing proper standards and processes for a proper digital collection and preservation of IoT records.
Nonetheless, its somewhat complex and fragile environment is increasing the challenges at hand for the security community tasked to help secure our cyber world. Hackers taking control of a vehicle remotely or using a fridge to spam the world is just the beginning of this challenging environment.
About the Author: René Hamel (@hamel_rene) is a forensic technology investigator. His cyber security and forensic technology career spans over seventeen years. His broad spectrum of working experience includes Government, corporate and financial services. He has a strong investigative background having been a member of the Royal Canadian Mounted Police “RCMP” for sixteen years. He is a well recognized and respected leader in his field having work in North and South America, Europe and Asia. René has also been appointed as an expert witness in both criminal and civil courts in Canada and Ireland. His evidence and testimony has often been instrumental in the recovery of large financial assets.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Title image courtesy of ShutterStock