The Little Geeni

Law enforcement recently has been following the general tide of government and public service groundswell by seeking computing solutions in the Linux direction. Particularly in law enforcement, their needs match well with open source software. They have to work lean on a taxpayer’s budget, and open source is free or low cost. They need top security, and Linux is still the highest-scoring operating software in official government assessments. They need mission-critical reliability, and Linux is so stable, it doesn’t just outrank the competition in stability – it makes the competition disappear!

Some recent examples of law enforcement agencies finding a solution in open source:

* Kent Police have lowered the cost of running their major criminal investigations system by a factor of 90% using Novell Linux Open Enterprise Server. The migration to Novell enabled Kent to scale up their Holmes II investigation system to work on larger projects with a broader scope – something they’d never been able to do before. They were also able to run it on their cheapest hardware they could find, thanks to Linux’s light requirements. A new policing operating system, named Genesis, is now being tested for scalability on Linux servers.

* Delivery of the first Linux systems to the West Yorkshire police force could see police forces throughout England and Wales unanimously switching to Linux desktops in a new pilot scheme. The deployment is taking place under a contract awarded by the UK Police IT Organization. If successful, it will lead to over 60,000 desktops deployed. In West Yorkshire alone, the installed base is around 3,500, and a spokesman reckoned that the savings from this would be around one million pounds per year!

* The New South Wales Police department is currently undertaking a major upgrade to its information infrastructure, made necessary due to the increasing volume of data handled by the force, and they’re switching to Linux systems to handle the load. Because the Linux systems are proving so reliable, they are looking forward to the higher capacity network more efficiently archiving and transmitting data stored as evidence, such as surveillance videos and audio material.

* Scottish police forces have also developed a Linux-based system for ensuring that they comply with the Freedom of Information Act legislation, an act which is intended to facilitate ‘open government’ by allowing the public to request access to government data. Since open source and open information go hand in hand, the system has scaled easily and saved tons of labor. The force doesn’t have to worry about proprietary media formats interfering with the public’s ability to access the data, and the efficiency of the Linux system allows a lot of manual tasks to be automated where they couldn’t before. The system is literally returning officers to the streets because it has saved everyone so much work.

* Police in the city of Munich have switched 14,000 of their department computers from Microsoft’s Windows operating system to Linux. The motivation for the decision was to make the government less dependent on one information technology supplier, and to save money while increasing capabilities. One technology analyst even compared the break-through migration to the fall of the Berlin wall, referring to the oppressive requirements of dealing with a proprietary software company’s agenda.

That government feels friendly with open source should come as no surprise. Traditionally, the Internet has been 80% Linux and Unix-based systems since its creation. The first Internet services were started and maintained by government providers, who used Unix system’s built-in multitasking features and excellent speed to create a fast, reliable network. Linux, a modern version of that Unix ideal, has already established itself as the leading system for server-room deployment, but now the effects are beginning to trickle down to the desktop user level and workstation deployments, where they are discovering that Linux systems have workspace-ready features built in which other commercial operating systems are just now beginning to discover and implement.

Furthermore, Linux systems come with the guarantee that because they are open source, no commercial company can restrict their usage in the future. A platform ported to Linux can stay on Linux, without support dying out and constant upgrades creating problems down the road.

Finally, the inherent security of the Unix computing model guarantees the effectiveness of Linux without the worries over security problems. Because there are in effect no viruses which can infect a Linux system known, and no critical security exploits found in the systems even by government security standards, departments are also considering Linux as a measure to protect our national data under concerns over national security and the terrorist threat in our modern times.

Linux Career, Computer, Enforcement, Linux, Police, Systems

Copyright (c) 2008 Steve Burgess

Computer forensics practices and procedures can diverge significantly depending upon whether the investigation is criminal or civil litigation. Standards for data collection evidence can be different, as can the process of data collection and imaging. Furthermore, the consequences of the case may have dramatically different impacts.

A couple of quick definitions may be in order. Criminal law deals with offenses against the state – the prosecution of a person accused of breaking a law. These offenses may include crimes perpetrated against an individual. “The People”, in the form of a state representative (for instance, the District Attorney) makes formal charges and the accused must then face the government’s full resources. Guilty outcomes can result in fines, probation, incarceration, or even death.

Civil law covers everything else, such as violations of contracts and lawsuits between two or more parties. The prevailing party often is entitled to payment, property or services from the loser. Imprisonment is not at issue in civil cases. As a result, the standard for evidence is not as high in civil cases as in criminal cases.

For the law enforcement computer forensics specialist, a certain amount of extra care should be taken in collecting data and producing results, for the standard of proof is higher. There are advantages on the data collection end, however. For once a court has authorized a search warrant, an officer (and possibly several) with badge and gun can go seize the defendant’s computer by surprise and by force. Once the computer has been seized and imaged, all data is accessible and may result in additional charges being brought against the defendant.

By contrast, in a civil case, there tends to be a lot of negotiation over what computers and what data can be inspected, as well as where and when. There is not likely to be any seizing of computers, and quite a long time may take place between the time the request to inspect a computer is made and the time the computer is made available to be inspected. It is common for one party to have access to a very limited area of data from the other party’s computer. During this time, a defendant may take the opportunity to attempt to hide or destroy data. The author has had several cases wherein the computer needed for analysis was destroyed before the plaintiff had the opportunity to inspect. Such attempts at hiding data are often discovered by the digital forensic sleuth, who may in turn present evidence of such further wrongdoing in expert witness testimony.

Opportunities for learning techniques and interacting with other professionals may differ as well. While some computer forensic software suites and training, such as Access FTK, EnCase, or SMART Forensics are available to most who can pay, others, such as iLook are available only to law enforcement and military personnel. While many support and professional organizations and groups are available to all, some, such as the High Technology Crime Investigation Association (HTCIA) are not open to professionals who provide for criminal defense (with a few minor exceptions).

Police, Homeland Security, and other law enforcement personnel’s goal is to generate a body of evidence significant enough (presuming such evidence exists) to find the criminal defendant guilty. The standard for information presented to the court and jury in such a case is fairly high. From the time digital data or hardware is seized and acquired, Rules of Evidence must be kept in mind (Cornell University has the complete and voluminous code on its website). Law enforcement personnel must follow accepted procedures or evidence could be thrown out. Acquisition of data and discovery in criminal cases often must follow sometimes strict and differing procedures depending upon whether the jurisdiction is federal, state, or municipality and at times depending upon a judge’s preferences.

The expert in a civil case may not analyze all of the data on a computer at a very deep level Initial efforts may rather be a kind of fact-finding mission, intended to determine the value of digging deeper and at greater expense. As such, the initial presentation of data may be fairly informal, and be just enough to induce the parties to settle the case. On the other hand, the data found may be so minimal the line of inquiry into electronic evidence is dropped.

Although we use many of the same tools, computer forensic professionals in private practice and those in law enforcement are held to different standards, have access to different resources, and their work results in substantially different outcomes between the criminal and civil cases to which they contribute.

Computer Forensics Computer, Different, Enforcement, Forensics, Police