CYFOR Blog

Q&A with Vicky Saunders, Criminal Team Lead

As Criminal Team Lead, Vicky has a pivotal role in maintaining quick turnaround times and the high quality of work produced by CYFOR’s Digital Forensics team. Vicky has over six years of experience working in both the police force and in the corporate arena. During her time at CYFOR, she has progressed from a Senior Digital Forensic Investigator to Criminal Team Lead, with significant involvement in the quest for ISO17025 accreditation.

We asked Vicky for a run-down of her role at CYFOR and what she expects from the future of the digital forensics industry.

When and how is digital forensics used in criminal cases?

The use of digital forensics in criminal investigations is more prevalent than it has ever been. Now that people essentially walk around with mini-computers in their pockets, there is a wealth of data available that can be used in court.

The information gained from digital forensics in criminal investigations can pinpoint people’s locations, see their communications, and allow searches of their images and videos. This can provide vital evidence in murder cases or be used to prove that someone has been sending indecent imagery. With more IoT (Internet of Things) devices connected around the home, like video doorbells, and wearable technology (e.g. FitBits) data is being collected everywhere. Even a digital fridge could provide investigators with information about a suspect’s movements!

Which types of cases are becoming more frequent, and what is driving this change?

On the criminal side, we have seen a sharp rise in cases involving indecent imagery. We expect this is because of greater access to technology and people being more “tech-savvy”; it is easier to find illegal material online and these files can be downloaded and carried on personal devices. Long periods of isolation during Covid lockdowns may have also played a part in exacerbating certain types of behaviour.

CYFOR has strong relationships with family law solicitors and local authorities. For this reason, we see a lot of family law cases, commonly involving protecting children from harm. CYFOR is often instructed by local authorities to investigate the devices and internet histories of parents and guardians.

Can you give us examples of how you have supported your clients during criminal and family law cases?

We recently had a criminal investigation referred to us where the Police had not involved their own digital unit. We delivered our own investigation for the client and found that the Police had confused the download history of two different people’s devices, evidence which was very favourable to our client!

With regard to family law, in one case where a child’s safety was concerned, we investigated communications from all family members’ mobile phones to help the local authority determine who knew about the incident that occurred and who was responsible.

How accurate are digital forensics findings? Can they be disputed in court?

CYFOR’s tools are tested and validated to ensure they do exactly what they say they do; this is assured by our ISO17025 accreditation. However, what we find can be entirely dependent on the make or model of the device. For example, new models of phones are designed with greater security, so they may not give you the full picture.

In court, our experts can attend to advise legal teams and help them understand the technical side of our investigations and what the findings mean for the client. We can also take the stand as an expert witness when an investigation’s findings need to be examined, or cross-examined.

Can you tell us more about ISO 17025? Why is it an important accreditation for laboratories handling digital evidence?

ISO 17025 provides our clients with assurance in the transparency of our investigations. It ensures the ongoing competency of our digital forensics lab to achieve reliable and accurate results.

In doing this, we can create a better product for the Criminal Justice System. This promotes CYFOR as a business the customer can trust. It also encourages us all to stay on top of training, so we are alert to everything that’s thrown our way. There are new apps and devices released every day so there is always something new to learn.

Which other accreditations should clients look for when instructing a digital forensic expert?

It’s really important to understand the portfolio of accreditations that your investigators have achieved so that you know what to expect from their service. Outside of ISO 17025, look for ISO 27001 for competent information security management systems and ISO 9001 for functioning quality management. 

CYFOR holds all these accreditations and certifications, which means clients can trust us with their data and can rely on us to produce a product that they can use.

How do you see the role of digital forensics in criminal investigations evolving in the near future?

People are not going to spontaneously put their phones down, so the available technology and systems in place will only get more complex as everything becomes connected to some effect. One example would be that cars now contain hard drives that digitally record your speed, or even know if you were wearing a seatbelt or not. This level of detail in data is becoming more and more available to digital forensics teams.

We will also find that the sheer size of the data within investigations will become difficult to manage now that there is technology to store terabytes worth of data in small physical spaces. For investigators, AI (Artificial Intelligence) is already used to sift through mountains of data to identify text and objects/files of interest, but this will still need an analyst to review to determine whether its findings are valuable and rationalise this to the client.

The growing volume of digital evidence could lead to longer investigation times. How can digital forensics experts help address backlogs and bottlenecks?

There is a risk that the amount of digital evidence produced for a case could be overwhelming for the Police. Police teams that have many devices to look at will need to prioritise some, risking that other pieces of digital evidence will not get identified and analysed in a reasonable time.

The Police can lean on external companies like CYFOR to take on the extraction of data and the reporting of findings, removing items from their workload before they start to become unmanageable. For a productive relationship with external providers, it’s important to understand what skills and specialisms Police teams have in-house and what would be better outsourced, in order to receive quick and accurate reports on devices that they may not be familiar with.