27 Sep Partnering Technology to Protect Children
An investigator gets a lead about a potential online predator in her area. She learns from the Child Rescue Coalition’s Child Protection System (CPS) database a number of usernames and file identifiers associated with the illicit online activity, and a search is made of the suspect’s home, where police seize several digital devices.
The digital forensics examiner discovers tens of thousands of files between the devices, and wants to know if, somewhere within the countless bytes of information, the identifiers from the CPS database match what is on the suspect’s machines.
With digital devices now holding more data than ever before, these searches have become much more complex, and take up more time that could be spent protecting and rescuing more children.
A new partnership between the nonprofit Child Rescue Coalition (CRC) and digital forensics company Magnet Forensics seeks to make this type of investigation more efficient, with CPS and Magnet’s AXIOM forensic tool coming together to automatically compare the suspect’s data with the CPS report of online activity.
“What I’m hoping is that by us partnering together and increasing that efficiency, that it’s going to give back to law enforcement some of the time that they’ve lost because of this explosion in storage capacity,” said William Wiltse, president of CRC.
A natural partnership
CRC’s CPS is free for law enforcement to use, and compiles millions of records about child sexual abuse material and the perpetrators who distribute it. It provides investigators with leads about potential offenders in their jurisdiction.
Magnet’s AXIOM tool helps examiners extract, analyze and visualize forensic data from a wide variety of sources including computers, phones, IoT devices and cloud services. In addition to helping integrate AXIOM with CPS, Magnet will be making a multi-year donation to the Florida-based nonprofit, the two organizations announced in April.
Although the CRC-Magnet partnership was officiated this year, following recommendations from national police in the United Kingdom and Canada, the two organizations have long been connected by the shared goal of targeting perpetrators through technology. Wiltse and Magnet founder and CTO Jad Saliba have similar backgrounds, both having served as police officers and digital evidence examiners. Each said they were familiar with the other’s organization prior to their meeting, even having used each other’s technology for their own investigations.
“It’s been a really natural thing, and a really complementary partnership, and certainly a cause we are very proud to be supporting and working closer with the folks at CRC,” said Saliba.
Wiltse described CRC and Magnet as being on “opposite end(s) of the investigative spectrum,” with CRC often starting off an investigation by identifying a potential perpetrator, and Magnet coming into play once a search warrant has already been served and devices seized. A central goal of the partnership, he said, is tightening up the “back and forth between two systems,” integrating them so that the evidence found on the devices can be easily tied back to the CPS leads.
“It really is all about helping law enforcement become more efficient, because digital devices are just getting bigger, and it’s becoming a much more complex landscape for them,” Wiltse said. “Anything we can do to help them become more efficient, they’re going to be very eager for that to happen.”
Taming the data
In June, the two organizations announced the integration of their AXIOM and CPS technologies, and presented at the National Law Enforcement Training on Child Exploitation conference in Atlanta, Georgia to demonstrate how the two technologies work together. With this update, which will be available to AXIOM users in Fall 2018, CPS records can be easily imported into AXIOM and compared to the data found on the devices being analyzed. Digital identifiers such as file names and usernames, as well as download activity, chat activity and more, can be automatically corroborated, tying the searched device with the illegal activity identified in the CPS database.
“In this industry, everyone is drowning in data. We’re drowning in data on the front end, so by logging into CPS oftentimes there are tens of thousands, some cases hundreds of thousands of records related to the illegal activity of one computer,” Wiltse explained.
“By automating between CPS and AXIOM, we’re taking the human beings out of it,” he said. “So it isn’t ‘I need this’ and ‘I need that,’ or the investigator may not have even had time to go through the full CPS report because there’s so much data. (It) really allows computers to do what computers do well, and that’s churn through tons and tons of data.”
Saliba said the CPS import will be incorporated as a part of the step-by-step process users are guided through when they use AXIOM. He said it will be “straightforward,” without the need for any additional training. In addition to being able to easily match evidence in AXIOM to CPS reports, users will also be able to upload new information from their investigations into CPS, sharing that data on new suspects or victims with other agencies. The technology received positive feedback at the presentation.
“You could tell that certainly the investigators were excited about the opportunity to be able to share that information between the two systems, and empower their forensic examiners, and improve the efficiency of their investigation,” Saliba said.
Bridging the gaps
In addition to filtering down enormous volumes of data in an automatic way, the new integration will also increase efficiency by removing the need to switch between AXIOM and CPS to reference database records while performing an examination, Wiltse said.
“They have the ability to cross-reference things that they find using Magnet tools with the data we’ve provided on the front end, but it requires them to go back and forth between two systems,” he explained. “We’re trying to eliminate that gap.”
Another divide they are hoping to close is that between the investigators who use CPS to track leads and the examiners who use AXIOM to process devices, with Wiltse noting it is rare nowadays for one officer to serve both roles. Saliba and Wiltse both say they believe the integration will improve communication between the two roles and reduce any “disconnect” that occurs when the investigator and examiner may be working in different units.
“Sometimes there’s a gap of knowledge of the case between the forensic examiner and the investigator on the case, who’s started the case in CPS and is kind of moving through the investigation there,” Saliba said. “This is a great way to bridge that gap between the police investigator and the person that’s tasked with doing the forensics on the systems.”
CRC and Magnet already have plans to continue advancing their partnership with a “phase two” integration of CPS and AXIOM that will allow data from cases not initiated through CPS to be searched in CPS databases, potentially identifying new connections. Wiltse says the work should result in a “seamless” tying together of the two systems.