Food for Thought – An Inter-Agency Digital Investigations Hub

7 May, 2020

...
Photo: Unsplash/Silas

Joint UN system and service for digital investigative support for the UN family

UNICC has been supporting Clients and Partner Organizations in the fulfillment of their mandate for nearly 50 years. This support has included diverse workloads across the enterprise ICT landscape from client consulting services, data and analytics and information security to platform, infrastructure and software services and cloud support.

UNICC’s experience and expertise in these areas means that over the years and through the changes in digital technologies, UNICC has accumulated unique knowledge of the challenges that our Clients are facing in their delivery of ICT solutions. This includes experience and expertise in the collection of Clients’ raw data and information, its processing, safe storing, availability and presentation. And even more important is the analysis, knowledge and understanding that we can share with Clients to help them make meaningful decisions.

Digital environments, tools and solutions are ever more present and central to business and daily life. The digital transformations taking place around us today means moving away from traditional ways of working, migrating the core processes into the digital sphere (just think of teleworking today and the paperless, digital office).

UNICC’s business model includes strong partnerships, dedicated operations, experience, expertise, best practices and industry certifications.

This transformation applies to evidence and evidence-gathering in various investigative work areas, whether it is incident response related to information security incidents, investigations in relation to HR information and the financial resources of UN Agencies, the investigation of war crimes or the protection of human rights.

UNICC is aware and working on many of the challenges our Clients’ investigations face, according to mission, available budget, amount of digital evidence that needs to be processed, the number of available and trained staff, geographical dispersion, etc.

Typical eDiscovery and Investigations Process (http://www.quivxca.com/ediscovery/)

UNICC believes that a single, modular system and service for digital investigative support, comprised of different sets of products and professional services, would be of a great value to our Clients and Partner Organizations, since it would empower them in performing modern-day end-to-end investigations, involving digital evidence and digital representation of traditional evidence.

Such a system and service would need a robust ICT infrastructure at its core, where scalability plays a significant role. It could be modular, allowing for diverse and customized functionalities in particular areas of work.

Subscribers would greatly benefit from UNICC’s economy of scale, since such a system would greatly reduce the costs of procurement and maintenance of specialized hardware and software for digitally-driven investigations, where the associated costs would be a function of actual use.

Challenges with evidence acquisition and collection would be greatly lowered with professionally trained staff available and ready to support each investigation individually, either through advisories or by performing operations on a Client’s behalf on-site, lab-based or in the field – or even remotely (where applicable).

When evidence is collected in a forensically-sound manner and registered as such, it can be safely stored in a dedicated and secured evidence vault for future processing. Evidence delivery to the evidence vault can be done in different ways: by courier services, by safe file upload to designated collection points or brought personally to the physical location of a vault.

Long lapse times between investigations and case resolutions in courts or tribunals greatly increases the risk of evidence being irreversibly lost, damaged or simply misplaced. A United Nations professional service for evidence custodianship would mitigate these risks, as the evidence custodian’s duty would include migration of convenience copies of evidence files to forensic and data processing labs, making them available either for processing or for web review in a safe and reliable manner.

Forensic and data processing labs can be remotely accessible in a secured manner, where evidence owners can do their own processing. In case of scaling for increased need, evidence owners could rely on UNICC professional services support in digital forensics, empowered by enabled remote web review, direct querying, investigative coordination and orchestration, tagging and reporting for future use. Web-oriented review components can tremendously increase the efficiency of investigations in numerous ways.

Forensic and data processing output can be used directly in less demanding or intermediary cases and with an eDiscovery platform procured and managed by UNICC and securely shared for more complicated cases, where a big investigation-relevant and user defined data pool can be effectively searched and analyzed.

Forensics services would furthermore remove evidentiary information from forensic and data processing or the eDiscovery platform and dispose of evidence or archive in the evidence vault.

Another valuable add-on for subscribers would be leveraging cognitive services like speech-to-text, facial recognition, voice identification, machine translation, OCR and handwriting recognition. Below is a showcase of handwriting recognition on the keyword “OSWALD” obtained by search in publicly available demo datasets at https://jfk-demo.azurewebsites.net/#/.

Clients can benefit from specialized training in the areas of mobile devices forensics, computer forensics, big data processing, OSINT, digitally driven investigations, etc. Training will continue to be important as the system will grow in the future.

At UNICC we believe the UN system could greatly benefit from an inter-Agency Digital Investigations Hub. We are currently exploring with our Partners the possibility of establishing and running this service.