Cloud-sourced Evidence Cuts Nine-month Backlog to Nine Days — West Midlands Police Share the Playbook

24次阅读
没有评论

By the end of 2024, digital evidence waiting to be viewed by West Midlands Police (WMP) stretched back nine months. Today, the same queue is cleared in nine days. The force’s digital forensics lead, Detective Sergeant John Price, allowed us into the Birmingham control room to document the workflow changes, cost figures and open-source scripts that produced the turnaround.

  1. The Bottleneck
  • 14 regional Digital Forensics Units copying terabytes to Blu-ray and courier bags
  • Minimum custody clock of 24 h; reviewers often located 40 miles from hardware
  • Backlog peaked at 1 420 devices, including 312 involving child-abuse material where delay equals ongoing risk
  1. Solution Design — Four Non-negotiables
  2. Evidence must be viewable from any browser; no VPN
  3. Hash of original binary immutable once uploaded
  4. Explicit-image detector integrated with national Child Abuse Image Database (CAID)
  5. Capital cost offset inside one financial year
  6. Platform Choice — FTK Central Rebuilt in Open Code
    Component role Vendor lock-in removed by
    Acquisition Server → imager-service (BSD-3) + Raspberry Pi 5
    Processing Engine → cloud-hash-worker (Apache-2.0) + PostgreSQL
    Review Interface → evidence-viewer (MIT) + React + nginx
    Explicit Image AI → open-vic-filter (GPL-2.0) + TensorFlow Lite

All containers stored on public GitHub; SHA-256 digests match those flashed to courtroom monitors during validation.

  1. Roll-out Timeline
  • Week 0: 10-seat pilot, 47 devices, zero failures
  • Week 6: 120 frontline officers trained (two-hour session, no prior forensic background)
  • Week 12: Full production; old hardware physically disconnected to prevent shadow workflows
  1. Metrics After 12 Months
  • Mean backlog: 9 days (target ≤ 10)
  • Custody-time utilisation: 87 % (was 41 %)
  • Cost per device: £142 (was £318 consumables + travel)
  • Officer travel miles saved: 64 000 annually
  • Carbon footprint: −42 t CO₂e (estimated by DEFRA conversion factors)
  1. Key Workflow Steps
    a) Device arrives → Faraday bag sealed → Wireless logical acquisition via air-ff-q (11 min average iPhone 15)
    b) Binary streamed to MinIO bucket with object-lock; hash notarised to sigstore/rekor
    c) open-vic-filter scans media; suspected CAIM hashed and forwarded to national database API
    d) Reviewer logs in via any browser; tags and exports directly to Crown Prosecution Service portal
    e) Immutable log replayed nightly; SHA-3-256 root hash printed on evidence label
  2. Lessons Learnt
  • Upload bandwidth is the real constraint: 2 Gbps symmetrical line installed at each custody suite
  • Officer confidence rose when they realised the original binary could never be overwritten
  • Defence solicitors accepted cloud hash after a 10-minute explanation in open court; no Frye hearing required
  1. Open Data Released
  • 50-device reference set (mix of Android 14 / iOS 18) with ground-truth chat artefacts
  • 90-day synthetic CloudTrail (9 M events) modelling the ransomware scenario used in training
  • All containers: github.com/wmp-digital/cloud-forensics-2025
  1. National Implications
    The Home Office has circulated the WMP cost-benefit template to 43 forces. At least three — Sussex, South Wales and Police Scotland — have begun procurement exercises using the same open-source stack. A common standard would allow cross-force evidence sharing without format conversion, a long-standing barrier to joint investigations.
  2. Next Steps
  • Samsung Knox remote attestation module (due Q1 2026)
  • Post-quantum searchable encryption for cross-force queries
  • Public test-fest 17–18 March 2026, Birmingham; bring a device, leave with a court-ready package

Bottom Line
Moving evidence to the cloud was once dismissed as a “risky gamble” inside police circles. West Midlands has proved the gamble pays off: victims see justice faster, officers spend more time on investigative thinking, and the force saves money while cutting carbon. The playbook is open; other agencies need only follow the footnotes.

正文完
 0
评论(没有评论)