As criminal activity spreads from the real world to cyberspace and now to virtual worlds, protecting the integrity of digital evidence has become even more crucial. For example, child pornography prosecutions used to be based on the possession of videos, recordings, and photographs. Today, the body of evidence in such cases is almost always entirely digital. Even where physical evidence such as a murder weapon is central to an investigation, factors such as digital communications, online activity, and location intelligence are likely to play key roles as well.
The enormous breadth of this evidence creates new challenges in collecting and drawing value from it. Moreover, lawful intelligence measures to ingest and analyze digital evidence must also be able to validate its integrity. With transparent access history and audit capabilities, law enforcement agencies (LEAs) can present a strong case against offenders in court and government agencies can authenticate the intelligence that is critical to national security. As electronic evidence continues to evolve and grow even more essential to public safety, the tools used to collect, analyze, and store it must evolve as well.
Improving on Legacy Chains of Custody
As digital evidence became more prevalent in the 1990s, analysts naturally adapted existing processes to preserve and protect it. For example, an authorized individual might burn lawfully intercepted data to non-rewritable media such as a DVD. The optical disk could be handled just as magnetic tape recordings had been previously – sealed in an evidence envelope and stored in a secured facility until being presented to a judge.
Tracking who accessed such evidence, and when, was also accomplished as it had been for generations: with notations on evidence envelopes or nearby clipboards. The chain of custody was limited by physical boundaries, but the process and accuracy of the logs was subject to human error or even falsification. As the volume and scope of electronic evidence continued to grow and storage moved online, more digitally native measures were required to make it more tamper-proof. Such measures better protect the evidence itself as well as provide tools that support non-repudiation of the data.
Storing evidence in electronic form on fully encrypted disks provides a controlled environment where data protection measures can be applied. Role-based security enforces access more definitively than human evidence officers, with assured and auditable access and change history. Strengthening the chain of custody for evidence makes it inherently more valuable, whether in a court case or for investigative or intelligence activities.
While the protection requirements for digital evidence vary by jurisdiction, the data should ideally be traceable back to the point of reception. Proving the security of the data can be as important as the quality of the evidence itself, and SS8 is committed to strengthening controls that authenticate the chain of custody in the context of lawful intelligence operations.
Hardening Evidence with a Full Digital Fingerprint
As more and more crimes occur on the internet and dark web, any resulting evidence collected requires strict integrity protections if it is to stand up in a court of law. The defining feature of such a framework is an ability to compare evidentiary data to the raw files originally ingested into the lawful intelligence platform, such as at the point of handover of network data from a communication service provider (CSP) or when device data extracted from a mobile phone during forensic analysis is imported.
A digital fingerprint of the dataset is taken as it enters the system using an MD5 hash function that generates a checksum value. Future hashes of the dataset should generate an identical checksum; any other outcome indicates that the evidence has been tampered with. For example, if a portion of a message is deleted or a detail from a call data record (CDR) is changed, the hashes will not match. Conversely, the correct hash value verifies that the evidence remains unaltered.
SS8’s end-to-end platform provides robust digital evidence integrity checks, including MD5 digest algorithms applied at both ingress and egress. By applying a digital signature at the point of ingress and preserving it throughout the lifecycle of the digital evidence, SS8 ensures the chain of custody. When presenting digital evidence in court, matching the hash verifies that the analytics and arguments being presented by the prosecution are based on the same, original source data collected from the CSP or mobile device.
Clarity and accuracy in the presentation of evidentiary or intelligence data – and the ability to prove its authenticity – better deliver the promise of lawful intelligence, and SS8 is committed to building advanced, transparent solutions that help LEAs and government agencies protect society.
About Kevin McTiernan
Kevin has over 20 years of extensive experience in the telecommunications and network security industries. At SS8, Kevin is the VP of Government Solutions and is responsible for leading the vision, design, and delivery of SS8’s government solutions, including the Xcipio® compliance portfolio. You can learn more about Kevin on his LinkedIn profile by clicking here.
About Rory Quann
Rory Quann is Head of International Sales at SS8 Networks and brings with him over 10 years of experience in the Lawful Interception and Data Analysis industry. Prior to joining SS8 in 2013, Rory worked for BAE System Applied Intelligence where he was focused on large scale Government deployments of Intelligence Solutions. Rory has held multiple positions in the Lawful Intelligence space ranging from Deployment Engineer, System Consultant, and Sales Engineer with focus being on Country-wide Passive deployments. Rory is a Certified Microsoft MCSA Engineer and EMC Certified deployment Engineer. You can learn more about Rory on his LinkedIn profile by clicking here.
About SS8 Networks
As a leader in Lawful and Location Intelligence, SS8 helps make societies safer. Our commitment is to extract, analyze, and visualize the critical intelligence that gives law enforcement, intelligence agencies, and emergency services the real-time insights that help save lives. Our high performance, flexible, and future-proof solutions also enable mobile network operators to achieve regulatory compliance with minimum disruption, time, and cost. SS8 is trusted by the largest government agencies, communications providers, and systems integrators globally.
Intellego® XT monitoring and data analytics portfolio is optimized for Law Enforcement Agencies to capture, analyze, and visualize complex data sets for real-time investigative intelligence.
LocationWise delivers the highest audited network location accuracy worldwide, providing active and passive location intelligence for emergency services, law enforcement, and mobile network operators.
Xcipio® mediation platform meets the demands of lawful intercept in any network type and provides the ability to transcode (convert) between lawful intercept handover versions and standard families.
To learn more, contact us at info@ss8.com.