Data-driven investigations reveal the truth by pulling information together from fractured sources and drawing connections that generate insights. Data fusion for cohesive analysis is made difficult by data siloes; in addition to lawful interception sources, analysis may need to draw on streaming and stored payloads that are not natively compatible with each other. The data is largely unstructured, as well as generally being of uneven quality, with much of it incomplete, inconsistent, or inaccurate.
Lawful intelligence platforms must be capable of normalizing and ingesting data from all sources at scale, in real time. Pre-processing and enrichment with additional context creates an internally compatible data universe where the elements can be correlated together to reveal relationships between data points. Those relationships are then combined to establish the facts of the case with supporting evidence, which are strung together to reveal a complete story.
Investigators must create evidential narratives of people and events that are compelling and convincing enough to succeed in court. Beyond the complexity of interpreting the data to understand what happened, the investigator must deliver output in a ready-to-consume form that confirms the authenticity of the evidence and documents its chain of custody.
Multi-Source Data Ingestion and Interpretation
Data sources that are relevant to investigations continue to proliferate, and with that variety, rising transmission speeds and traffic volumes create further challenges. At the same time, factors such as encryption, false identities, and other methods of obfuscation make it even harder to transform data into evidence. The SS8 lawful intelligence platform provides tools and techniques to isolate useful information from floods of data, then string together the bits and pieces to create a 360-degree visualization of events.
Alongside intercepted communications, metadata, and location intelligence, there are analysis tools for the deep and dark web, WiFi and IMSI catchers, audio collection tools, and more, as well as many sources of open-source intelligence. Cellebrite’s UFED and Magnet Forensics are both prominent tools in the field of digital forensics, often used together to enhance investigations. Cellebrite’s UFED extracts data from a variety of devices and can perform logical, file system, and physical extractions. Magnet Forensics’ AXIOM is a comprehensive digital forensics platform that can ingest and analyze data from multiple sources, including mobile devices, computers, cloud services, and UFED. After performing an initial extraction with UFED, AXIOM can verify and analyze the data, potentially uncovering clues that were missed by other tools and provide a clearer picture of the evidence.
The SS8 Intellego XT environment provides high-speed ingest from all these sources, with robust data normalization to make unified processing and interpretation possible. After the data is parsed and prepared, SS8 MetaHub provides multi-dimensional querying and automation to reveal and visualize patterns in the integrated data.
Constructing the Evidential Narrative
The Intellego XT environment identifies the connections within data universes that help explain their significance. Equally important, it provides mechanisms to explore that significance and construct chains of evidence that advance investigations and win cases. Temporal insights that reveal the “when” in sequences of events combine with the “where” of location intelligence to build comprehensive, evidence-backed narratives that are difficult to refute.
Protecting successful investigative outcomes must include robust data governance that attests to its authenticity and provenance. The SS8 platform stamps each piece of evidence with an MD5 hash as it is ingested or egested. In addition, a robust audit management system tracks the evidence lifecycle, including each time it is accessed, by whom, and when. These measures protect integrity of investigations with tamper-resistant auditability based on checksum hashing.
Visualizations are a key means of making data insights readily consumable for courtroom participants. For example, plotting information on a map over time could show suspects communicating as they converge on a crime scene at the critical moment, then fleeing and meeting up afterward. Investigators assemble pieces of evidence together using a workflow similar to combining pieces of video, with menu-driven usability and efficiency.
Evidential Export for Use in Court
Once data has been collected, analyzed, and applied, the resulting evidentiary narrative must be exported in the form that will be used in court. That process is typically assigned to one or a limited number of individuals, controlled in Intellego XT using SS8’s role-based access. The evidential manager exports the dataset in a downloadable form and then prepares it for delivery to court.
Transport is most often accomplished with a zip file written to a DVD, or in some cases using tamper-resistant external hard drives. The export includes the MD5 hashes and other artifacts needed to verify it. The storage medium transported to court also includes SS8’s purpose-built offline evidence viewer, which is designed to help investigators make their case, clearly presenting complex bodies of evidence and the connections and significance within them.
The chain of evidence and associated outcomes have additional business value to the investigative organization. The SS8 platform’s stateful API environment supports export to third-party business intelligence tools that use metrics and key performance indicators to measure the productivity of individuals and groups. These mechanisms also integrate with other related functions such as warrant management and data retention, supporting holistic mechanisms for maximizing the value of evidence and the data that underlies it.
About Rory Quann
Rory Quann is a Senior Solutions Engineer specializing in End-to-End Government Solutions at SS8 Networks and brings with him over 14 years of experience in the Lawful Interception and Data Analysis industry. Prior to joining SS8 in 2013, Rory worked for BAE System Applied Intelligence where he was focused on large scale Government deployments of Intelligence Solutions. Rory has held multiple positions in the Lawful Intelligence space ranging from Deployment Engineer, System Consultant, and Sales Engineer focusing on Country-wide Passive deployments. Rory is a Certified Microsoft MCSA Engineer and EMC Certified deployment Engineer. Learn more about Rory on his LinkedIn profile here.
About Stef Waring
Stef Waring is a seasoned professional with over a decade in business development across cybersecurity, network operations, and intelligence sectors. Her expertise includes managing cross-functional collaborations, driving customer-focused outcomes, and achieving mission success. Known for her leadership in high-growth, dynamic environments, Stef holds degrees from Munster Technological University and Cork College of Commerce. Learn more about Stef on her LinkedIn profile here.
About SS8 Networks
As a leader in Lawful and Location Intelligence, SS8 is committed to making societies safer. Our mission is to extract, analyze, and visualize critical intelligence, providing real-time insights that help save lives. With 25 years of expertise, SS8 is a trusted partner of the world’s largest government agencies and communication providers, consistently remaining at the forefront of innovation.
Intellego® XT monitoring and data analytics portfolio is optimized for Law Enforcement Agencies to capture, analyze, and visualize complex data sets for real-time investigative intelligence.
LocationWise delivers the highest audited network location accuracy worldwide, providing active and passive location intelligence for emergency services, law enforcement, and mobile network operators.
Xcipio® mediation platform meets the demands of lawful intercept in any network type and provides the ability to transcode (convert) between lawful intercept handover versions and standard families.
To learn more, contact us at info@SS8.com.
