Simon Crawley, a former law enforcement leader and now Global Project Manager with MSAB, was recently interviewed by Forensic Focus. Simon explained how using an MSAB Ecosystem solution helped his agency speed up the extraction and analysis of mobile data at a busy international airport and port of entry.
What is your background and how did you first come into contact with MSAB?
I was a Police Sergeant with the Met Police, deployed in Counter Terrorism Intelligence gathering, based at a major airport, with a Masters in Forensic Computing and CyberCrime Investigations. We first started looking into digital forensics in 2009. Due to the power used – Sch7 TACT 2000 — we could not afford any delay in getting the data out of any device Sch7 of TACT only allowed us to have the device for 9 hours (now only 6 hours), after which we had to return the device.
In 2009, we tested and trialed the available products, which included MSAB, and matched them to our test criteria:
• Number of devices supported
• Ease of use
• Completeness of the extraction
• Support, from the supplier
We would review our choice every 3 years – and each time MSAB was a clear winner.
We trained all our frontline officers in mobile phone extraction, which meant that there was no need to seize the device – we could complete the download, and review the data extracted during the Sch7 stop.
This was an improvement, but not efficient enough, so we built our own encrypted network, so the data was being sent directly to a central server – thus eliminating the delays.
Initially, some of the frontline users were reluctant to perform these downloads, however, the big step forward came with the introduction of the Kiosks. Having remote Kiosks means it is wise to set up a tool to manage them – and MSAB have a great tool, XEC Director, to do this. It shows which Kiosks are being used, which are being under used, how many devices your system has downloaded, which devices you are doing most of, and how much data is being grabbed.
With the implementation of the Ecosystem, we reduced the time taken to get data from download, to central analysis from 4 weeks to a few hours, we improved the security of this data in transit and we saved CT Policing approximately £80K over 3 years.
Tell us a little about your current role at MSAB.
My first year with MSAB has been as a passionate advocate of the Ecosystem, and how it can transform digital forensics by empowering the frontline user and so reducing backlogs and the time taken to actually get at vital evidence / intelligence. By enabling small changes in the way an agency works, it can have a big impact. I have been fortunate enough to travel the world presenting my message – and have seen the numbers of enquiries into setting up an Ecosystem increase. We now have quite a number of trials going on – from small-scale lab type trials, to nation state trials.
This is very satisfying, as I can see the message being adopted, and so assisting law enforcement agencies worldwide to combat their backlogs and improve efficiency. Following on from this year, I am now moving over to a new department and I am going to be taking on the project management for these trials and large-scale deployments.
What has been the most challenging aspect of your transition from law enforcement to a mobile forensic technology supporting law enforcement?
This is a tough one — because I loved my old role, and I loved being part of CT, but I felt I couldn’t develop any further, as policing has strict rules regarding promotion and development. So I left policing to help develop myself further – and in that respect the move has been great. I now speak on a global scale, and have an opportunity to make a much larger impact and help develop agencies across the world. I do miss the camaraderie and close bonds formed within policing.
What was the biggest impact that mobile forensics had on your agency’s mission?
Your phone – especially smartphones – gather all sorts of data about you and your life, whether you like it or not; and being able to gather this data, in a forensically sound way, quickly and efficiently, and being able to pass this intelligence on to those that need it, has been the biggest impact. This need for evidence / intel is not going to stop, and virtually every case has a mobile phone that needs extracting.
I know the data we collected has had a positive impact in counter terrorism – whether it was in gathering evidence used in trials, or helping remove vulnerable people out of potentially radicalising environments, or referring subjects into the Prevent program and allow others to deter them from the path of becoming a terrorist. In all cases, our data formed part of the massive jigsaw puzzle, and allowed others to see a bigger picture.
What do you see as the key success factors for law enforcement agencies and other organizations using mobile forensics successfully?
In my opinion there are two main areas that stand out:
Firstly – the strength of character to take a long hard look at their policies, procedures and practices to work out where efficiency can be improved – and it always can. Policing has very little money to be able to carry out what it is expected to do, and examining mobile devices is just one area that can be improved – if you have a backlog in getting vital evidence out of phones – have a look at why – is it because your agency is sending all phones to a central lab – as is often the case? If so, empower frontline officers to conduct the volume work. Is it because you struggle to get the data from the lab to those that need it? If so enable the data to flow. This sounds expensive in the first instance, but in the longer term you will save so much money and time, it has to be worth it.
Secondly – training, training and training. Mobile devices and their apps are changing every week, if not every day, and everyone has to keep on top of these changes. The software used to extract and present the data, is also constantly evolving to keep pace, and so users of the software must keep abreast of these developments.
How is MSAB working to address these trends and support customers?
XRY has always been the leading tool for extracting data – especially app data. Over the past few years we have been developing the way in which the data is analysed – if you haven’t seen or used our XAMN suite, please do take a look at them. The depth and range of tools available is, in my opinion, the best in class, and of course we have developed our Ecosystem – something no other digital forensics firm can do. But our main focus now is in encryption. We recently launched our Access Services and we plan to extend this service in the near future, with some exciting new developments.
This interview was previously featured in Forensic Focus.