A shift in focus: From computers to mobile devices and online data
Mark Cameron’s extensive background in digital forensics began in the mid-1990s when he started working exclusively with digital data. Over the years, the nature of digital evidence has shifted dramatically. “We’ve seen a significant move from traditional computer forensics to mobile device forensics, and to various online data sources” Mark explains. “Taking hard drives out is not something we work with as much anymore. Devices have built in storage or are Cloud based. The capacities in today’s digital forensic environments are enormous, making it more challenging to go through all the data.”
This shift is not just about the hardware. Mark highlights the growing complexity introduced by encryption technologies, which became mainstream for many around in 2004 with Microsoft BitLocker. “Encryption is continually getting more difficult. Even though there are vendors with tools to attack these encryptions, it can take days or even years to get into them. This is a reality we must accept.”
The impact of limited resources
One of the most pressing issues facing law enforcement agencies, according to Mark, is the finite resources available to tackle digital crime. “Resources are usually allocated when the stakes are high, for crimes like terrorism, murder, or pedophile cases. But for other cases, the importance drops, and so do the resources.” Mark underscores the financial strain this places on agencies, particularly when the costs of essential forensic software licenses can reach up to £40,000 to £50,000.
“We could easily double or triple the number of people working in digital forensics and online investigations, but that comes with the challenge of paying staff and providing the right equipment,” Mark notes.
The challenges of online investigations
As crime, and its evidence increasingly moves online, Mark emphasizes the need for robust online investigation capabilities. “We’re seeing a trend of organized crime on social media platforms like Telegram,” he says. However, the resources dedicated to online investigations in the UK are still relatively small compared to those working in digital forensics.
Mark advocates for basic training in open-source intelligence (OSINT) for all police officers and investigators.
“Every investigator should know how to capture online evidence effectively and lawfully. In our trainings, we always cover that area. Online evidence is growing, and we must attack it properly.”
However, legal boundaries in the UK limit the extent to which law enforcement can proactively investigate online. “We can’t have officers just wandering into chat groups without proper authorization. There’s a lot stopping us from being as proactive as we’d like.”
Challenges with digital evidence in the legal arena
The scrutiny of digital evidence has intensified in recent years. “Defendants are now employing legal advisors who meticulously examine the evidence to ensure it has been collected lawfully and will stand up to scrutiny,” Mark says. This has led to a heightened focus on training law enforcement officers to document evidence properly, ensuring it meets legal standards.
“This is part of the training I’m involved in, along with the Council of Europe, which has put guidelines in place to ensure proper evidence collection,” Mark explains. He mentions a recent request to assist in Kiev with the documentation of war-related evidence for the European Court of Human Rights, highlighting the global importance of these skills.
Legal and technological developments on the horizon in EU
The UK often finds itself at the forefront of legal and technological challenges in digital forensics and online investigations, along with countries like Germany, Holland, and Sweden. “It’s not that we’re more advanced; it’s just that we’ve been working on these issues for a long time,” Mark says. He points out that newer EU countries are now beginning to align with current guidelines, pulled by initiatives like the EU Electronic Evidence Guide and the Budapest Convention on Cybercrime.
However, Mark is realistic about the challenges ahead. “We’re always chasing the criminals, but they’re often one step ahead. We simply can’t catch them all, but we can do a lot to close the gap.”
The need for investment
Mark Cameron’s message is clear: more resources are needed. “We – and this applies to every country – need investment from our governments and organizations to continue doing the work we do, whether it’s online investigations or digital forensic reactive investigations.” The reality is that while the demand for digital forensics and online investigations is growing, the resources to support this critical work are lagging.
“Until we close this gap, we’re going to stay behind,” Mark concludes. “But with the right investment in people, tools, and training, we can significantly enhance our capabilities and make strides in this challenging field.”
Final thoughts
Mark Cameron’s insights offer a humbling view of the current state of digital forensics and online investigations. His experience underscores the need for continuous learning, adaptation, and investment in a field that is constantly evolving. For law enforcement agencies, staying ahead of the curve is not just about having the latest technology but also about having the right people, properly trained, and adequately resourced to face the challenges of the digital age.