Frontline forensic is a term often used for the decentralization of mobile forensics outside digital forensic laboratories. Since 2014 we at MSAB have, together with our customers, implemented solutions for frontline forensics from small stand-alone implementations to nationwide centrally managed mobile forensic networks. No other company in the industry has such long and in-depth experience of organization-wide implementations.
One of the things we have learned is that there is no one solution that fits all customers. The organizational and technical premises are different from one organization to another, and the legal framework can differ from country to country or even between authorities in a single country.
Our modular Eco System Solution makes it possible for each customer to tailor the solution to their specific needs and prerequisites. In order to successfully decentralize mobile forensics in an organization it is essential to take into consideration three aspects: people, processes and technology.
People – Who will do the extractions? Who will need to have access to the extracted data?
Mobile forensics is often one of the tasks for the frontline forensic users. It is important to consider whether the intended users have the necessary competence, time and motivation for the new task. Appropriate training based on the users’ pre-skills level is important to increase the understanding of digital forensics aspects and to make the users fit to handle the new technology as well as the technical challenges they may encounter when extracting data from mobile devices.
Processes – The importance of a proper well documented process for mobile forensic examination cannot be stressed enough for the successful implementation of frontline forensics. Surprisingly often customers lack a well-defined process or, even if they have it, the process is not documented.
Workflow technology incorporated in our frontline forensic platforms (MSAB Kiosk, Tablet and XRY Express) provides the means to enforce organizational processes and secure unified ways of working across the organization. Our Professional Services team helps customers to translate their standard operational procedures (SOP) into a workflow on the frontline forensic platform. In many cases this work also means that the customer themselves, or with our assistance, refine and document the process which in its-self provides added value for the organization.
The differentiated handling of sized devices depending on the crime case and its classification is an important part of the process. Many customers classify devices in three levels.
- Level 1 devices (petty crime, etc.) are always extracted by the frontline officers at the local site only.
- Level 2 devices may be escalated to regional or central laboratories in the event of the local frontline forensic officer having problems extracting the device or if a more advanced extraction method than what is available at the local site is needed.
- Level 3 cases, devices from serious crime cases, are always directly forwarded to forensic experts. MSAB’s workflow technology makes it possible to adapt the workflow for different user groups, different types of extractions and different types of crime cases.
Technology — The organizational objectives with frontline forensics as well as the economic and technical prerequisites may differ greatly for different customers. Therefore, a modular and scalable solution is essential.
The strength of MSAB’s solution is its modularity. The customer can choose the modules and technical solutions that meet their needs. Take the extraction platforms as an example: each of them – MSAB Office, Kiosk, Tablet and XRY Express – contains the same XRY software functionality but each platform is optimized for different users and use cases. Scalability is another important aspect.
Even if the vision is to have a centrally managed networked solution it is seldom possible to reach that directly. Most of our customers begin on a small scale and grow as they go. The Kiosk and Tablet platforms allow for both local and central management. For the customers who can connect their extraction platforms in a network XEC Director provides enormous efficiency benefits through central management whilst still allowing regional/local differences in configuration. For customers who cannot connect their extraction platforms to a network a cloud-based management solution, or data storage, could be an alternative. Virtualization and concurrent user license models of analyst tools are other examples of technology that makes it possible to implement an organizational-wide eco system for mobile forensics.
Don’t hesitate to contact us if you would like to know more.