Accelerating forensics investigations by leveraging AWS GovCloud

A former FBI investigator’s perspective on how AWS is helping federal agencies solve four chronic challenges in managing forensic evidence.
cloud
(Getty Images)

Christine Halvorsen has spent more than 20 years working in various law enforcement, intelligence and IT roles for the Department of Justice and the FBI before joining AWS in 2019. She currently serves as senior technical business development manager on AWS’s Mission Acceleration Team.

The explosive growth of digital forensics information over the past two decades has transformed the way federal law enforcement and regulatory agencies deliver their missions. But it has also put new pressures on many federal agencies to develop more scalable and advanced solutions.

Christine Halvorsen, Sr. Technical Business Development Manager, AWS’s Mission Acceleration Team

When I started out as an FBI agent in 1996, we were still getting used to the forensic tools and principles for collecting, extracting, storing and safeguarding digital evidence. By 2010, the FBI’s Regional Computer Forensic Laboratory reported the average case by sifting through and managing four terabytes of data.

That was modest compared to the FBI’s 2013 Boston Marathon bombing investigation, which collected more than 50 terabytes of information. By the time I was called in as senior investigator in the 2017 Las Vegas Mandalay Bay shooting, the FBI was faced with collecting and analyzing a petabyte of data for that single case.

Were it not for the built-in capabilities of the cloud — to upload and analyze all of that unstructured, circumstantial evidence quickly, and in ways that were both secure and auditable — it would have been impossible to manage a case of that size, involving 13 responding agencies and so many tragic deaths and injuries.

Meeting mission needs at scale

Finding proverbial needles of evidence in today’s massive digital haystacks has never been more challenging. The volume of data from personal computers, smartphones, social media, emails, and e-commerce, as well as surveillance cameras, sensors and countless other devices continues to grow exponentially. By 2025, the amount of data generated each day is expected to reach 463 exabytes globally.

And it’s not just a challenge for law enforcement. There’s a wide range of government agencies, overseeing financial, health, consumer protection and many other sectors, that are similarly responsible for properly handling, analyzing, preserving and storing evidential information from the point of ingest and throughout its lifecycle.

Leveraging the cloud can help agencies scale IT resources up and down, as well as save IT costs. But perhaps more importantly in government, the cloud offers agencies on-demand compute power and modern applications to process workloads at a pace that agencies require to meet their missions.

The cloud can help address four recurring challenges we hear from our customers, particular those whose missions depend on managing digital evidence:

  • Reducing the processing backlog — When it comes to managing digital evidence, there are five critical stages that must be handled properly: collection, extraction, storage and chain of custody, analysis, and dissemination. As digital case workloads grow larger and more complex, fixed IT resources make it harder to complete the front-end tasks. That cascades into costly delays in completing analytic work. At AWS, we’ve been helping customers use the scale of the cloud to provide a dynamic and cost-effective way to accelerate workloads in those first three stages — helping in turn to analyze and disseminate evidence faster.
  • Optimizing familiar forensics tools to work in the cloud – Customers tell us they want the ability to use the secured forensic tools they are familiar with on-premises turbo-charge them using the cloud’s high-performance compute environment. Together with our partners, we’re helping them make that transition while reducing their software licensing costs. Instead of agencies, for instance, having 10 licenses sitting on one workstation, which limits how many people can process evidence, AWS and its partners are developing new licensing models in the cloud to support the customer’s needs and application of the tools, allowing more examiners and analysts to work simultaneously with agility and speed, given the cloud’s processing power.
  • Automating digital extraction and analytics processes – Our customers also tell us that many of their processes are still manual, cumbersome and repetitive. We’ve been able to automate significant portions of that work. For instance, examiners using AWS’s GovCloud can extract digital evidence from bundles of data and then immediately apply analytics. That helps narrow their searches for needles in the digital haystacks and quickly gain insights from what’s in the data.
  • Managing evidence storage more effectively – The unique statutory requirements for storing evidence — in some cases for 25 years — presents a special challenge for agencies. It’s no longer practical or economical to keep buying more and more storage infrastructure. With AWS infrastructure, agencies can choose a range of storage models, including our deep archive option, which allows agencies to store data for pennies on the dollar compared to on-prem storage. AWS also makes it easier to automate the movement of evidential data from one stage to the next and into final storage after cases are closed, freeing up forensic examiners and analysts to concentrate on delivering their missions.

AWS has been working with multiple federal agencies from federal law enforcement to federal financial institutions to establish working models that address all four of these challenges. These models have reduced the time to process digital evidence from weeks to minutes. The cloud’s elasticity has spurred innovative approaches to analyzing forensic data and given investigators greater analytical, entity extraction, and translation capabilities. But most of all, the cloud is giving agencies the ability to manage their digital evidence workloads at a pace that’s more commensurate with their needs of their missions.

Learn more how AWS is helping federal agencies manage their escalating digital workloads.

This story was featured in FedScoop Special Report: How AWS Helps Government Innovate - Presented by AWS

Latest Podcasts