Intelligence Network and Secure Platform for Evidence Correlation and Transfer (INSPECTr)

The principal objective of INSPECTr is to develop a shared intelligent platform and a novel process for gathering, analysing, prioritising and presenting evidential data to help in the prediction and detection of crime and the management of criminal investigations.
At its most fundamental level, the platform is capable of processing forensic artifacts, standardising the outputs from external sources and tools and provide intuitive interfaces for analysing big data from these disparate sources.
However INSPECTr is more than a stand-alone platform. Each node will also participate in a secure network of nodes, facilitating both the discovery of linked cases and the exchange of evidence.

The discovery of linked cases in multiple EU jurisdictions will offer increased security for member states by enhancing the capacity of law enforcement agencies (LEAs) for conducting multi-jurisdictional investigations, which are an increasing requirement due to organised criminal networks and their related supply chains.
Where there are concerns for the immediate safety of citizens, for example during a terrorist threat, real time discovery of accomplices or linked criminal networks, across police jurisdictions, could prove to be vital.

All of the technical developments, particularly those related to the discovery of evidence, follow ethical, legal and operational security guidance.
Our approach will only allow a query to be launched from an ongoing investigation and it may only be sent to agencies with existing legal agreements.
The response will be limited to a positive or negative indication, which will prompt the use of existing legal instruments to fully exchange information; e.g. a European Investigation Order.
Once these are in place, the platform will provide a mechanism for the exchange of evidence packets.

Implementation is also guided by our LEA partners through a network of LEA Living Labs, the driving engine for the project’s research and innovation activities.
In addition to strategic direction, LEA will iteratively test the platform and discuss plans with the development team.
Along with this approach, the project hopes to support the adoption and sustainability of the platform by creating a LEA capacity building programme, adoption actions, an impact assessment and policy recommendations.
Furthermore the final platform, and the related training courses, will be completely free for LEAs.

The primary work achieved to date:

- The creation of the LEA steering group, Ethics Advisory Board and Security Advisory Board
- Set up and operationalised the network of LEA Living Labs
- 3 complex use cases created from fictitious crimes with mocked evidence
- Creation of a reference digital forensics domain model
- A study of the EU and regional laws and regulations for Living Lab data exchange
- An open source prototype platform that is ready for iterative testing and refinement.
- Processes for parsing, homogenising and ingesting the outputs from commercial tools
- A mechanism and process for upgrading or deploying new open source tools to the platform
- Combining new Blockchain services with CASE ontology support for maintaining chain of custody and chain of evidence
- Advanced analytic tools, such as
• natural language processing for named entity recognition and topic modelling on text content
• computer vision tools for identifying objects in media files.
• machine learning techniques for cross-case correlation
- Privacy and ethical requirements for project developments
- A model for electronic evidence visualisation

We are currently researching and enhancing a “standardised approach required for both analysis and evidence provenance”.
The expected progress beyond the state of the art is related with the widespread usage of the Cyber-investigation Analysis Standard Expression (CASE) format by the platform, which is directly related with all data-related components.
This format will facilitate the provenance and exchange of evidence and may also be used for tool validation in future.

The manner in which we map the CASE data format to INSPECTr storage is not only innovative but necessary for data analysis and discovery of linked data.
We map the unwieldy format into data structures that are more suited for fast queries and link analysis; i.e. a combination of scalable storage for binary files, graph databases and indexed documents.

The consortium also expects to progresses various tasks linked with the Natural Language Programming technology, beyond state of the art, which include:
i. Data independence: We are trying to create methods to treat and correlate data that are independent of the input format.
ii. Seriality detection (cross correlation and investigations profiling): Our cross correlation method is original and specialised to find series (patterns/clusters) over LEA data.
iii. Data extraction wrapper for OSINT: We have created a semi-automatic wrapper that can identify the parts of a webpage that are interesting and may be of interest for investigative purposes. It will greatly simplify and speedup the creation of parsers for specific sites.

The development of highly complex use-case and related datasets, similar to real LEA investigations, go beyond the existing “single purpose” available datasets outside this project.
The role and tasks of the criminal analyst, as support for complex investigation, is facilitated by the integration of all potential types of sources of evidence, as by the ingestion and standardisation of the existing commercial and free specialised tools.

Progress beyond the state of the art in terms of ethics in the INSPECTr project exists in three ways.
First, is the application of ethics and privacy-by-design into the law enforcement and digital forensics domain. Much of the current work on principles of ethics and privacy-by-design has focussed on design of commercial technologies, so INSPECTr is applying these theoretical concepts in a new domain.
Secondly, ethical and privacy concerns with respect to LEAs have mostly focussed on how police interact with the public, about surveillance practices, and whether forensic activities are reliably accurate. However, in INSPECTr, ethical concepts about law enforcement are being combined with ethical considerations about technology in a further granular development of principles that leads to concrete design solutions.
Thirdly, as the INSPECTr project is developing beyond-state-of-the-art technologies, this necessarily raises novel ethical concerns. For example, during the Gender and AI workshop, state-of-the-art ethical concerns were discussed in terms of state-of-the-art technologies to develop beyond-state-of-the-art design solutions, this process simultaneously identifies and mitigates discrimination and algorithmic bias issues in the law enforcement/digital forensics domain which has not traditionally been an area of focus for such topics.
At the conclusion of the INSPECTr project, we expect that there will be a more refined methodology for applying ethics and privacy-by-design principles to the law enforcement and digital forensics domains that is sensitive to the needs of end-users of the INSPECTr technologies. Further, a more detailed understanding of the legal frameworks that can be used to adequately regulate the use of LEA closed case file data in research will be reached, and this could be used in future research projects.