{"id":1413,"date":"2020-11-26T14:00:16","date_gmt":"2020-11-26T14:00:16","guid":{"rendered":"https:\/\/thenextweb.com\/?p=1328377"},"modified":"2020-11-26T14:00:16","modified_gmt":"2020-11-26T14:00:16","slug":"how-to-build-a-search-engine-for-criminal-data","status":"publish","type":"post","link":"https:\/\/www.londonchiropracter.com\/?p=1413","title":{"rendered":"How to build a search engine for criminal data"},"content":{"rendered":"\n

Whether it\u2019s a WhatsApp message arranging the distribution of cocaine from S\u00e3o Paulo to Amsterdam or other encrypted conversations to lure the enemy into a deadly ambush; criminals have long tried to keep their digital footprints hidden.<\/span><\/p>\n

The evidence of crime is all stored in the digital archive: emails, photos, and cloud storage data. Law enforcement agencies can use these digital clues to find out where criminals have been, and what they\u2019re currently doing.<\/span><\/p>\n

Data analysis platforms are becoming increasingly crucial in the fight against crime. We spoke with two forensic software experts from Hansken about how they support law enforcement agencies, like the Dutch National Police and the Dutch Fiscal Information and Investigation Service. <\/span><\/p>\n

Digital digging<\/b><\/h2>\n

No lone detective can efficiently search the vast pool of data stored on confiscated data carriers.<\/span><\/p>\n

Since 2012, The Netherlands Forensic Institute (NFI) has <\/span>focused on<\/span><\/a> Digital Forensics as a Service (DFaaS) with the aim to provide a service that can process huge amounts of digital forensic material with accessible and secure access to analyzed data.<\/span><\/p>\n

In 2015, the NFI launched the platform Hansken \u2013 named after the famous<\/span> 17th-century elephant<\/span><\/a> immortalized \u2013 as a valuable tool in digital forensic analysis.<\/span><\/p>\n

Hansken processes chat conversations, photos, emails, audio, and more. It makes the data transparent and searchable, like a search engine. The goal is that detectives and experts can use standard search queries, and will be able to access the data 48 hours after a crime. The platform<\/span> minimizes<\/span><\/a> the case lead time, ensures maximal coverage, and users can easily search through it.<\/span><\/p>\n

The ins and outs<\/b><\/h2>\n

Hansken can be divided into three levels: the back-end which holds the forensic knowledge, the centralized DFaaS platform, and the front-end which can be used in criminal investigations, research, and development.<\/span><\/p>\n

\u201cThe core platform of Hansken and its extraction tools are coded in Java,\u201d notes Hansken forensic software developer Christophe Creeten. Creeten works in the back-end team that\u2019s responsible for collaboration with third parties. By enabling them to add their own digital forensic knowledge and tools, which can then be shared with even more people, the platform can be developed further.<\/span><\/p>\n

NFI\u2019s forensic software developers use existing and self-developed tools, from open-source software Hadoop for distributed processing to Elasticsearch for making the information searchable. \u201cWe also use Cassandra for storing large blocks of data, Kafka, for sending messages between services, and Zookeeper for naming, storing information and synchronization of services,\u201d says Creeten.<\/span><\/p>\n

When law enforcement agencies legally confiscate a data carrier, it\u2019s sent to Hansken to process its data, pull it apart, and then describe where the information came from.<\/span><\/p>\n

\u201cEverything is stored. In Elasticsearch, we store traces as well information <\/span>on how we derived those traces<\/span>, so we can trace back,\u201d Creeten tells TNW. \u201cSo if a detective types something into Hansken, it becomes a search query that is thrown over the Elasticsearch database and searches for the traces that match it and gives it back as a result.\u201d<\/span><\/p>\n

Whether it\u2019s drugs, fraud, money laundering, or another form of organized crime, more and more data is encrypted. It\u2019s an arduous task to access the data when the key is no longer available.\u201cBut it\u2019s a fun challenge to dive deeper into various data structures,\u201d says Carly Bakker, a forensic software developer for Hansken\u2019s back-end libraries team.<\/span><\/p>\n

Bakker and her colleagues work hard to aptly interpret data from confiscated carriers. \u201cMetal is a Java library developed by the NFI to really read data at byte-level. So we often use it to read file formats and to extract bytes. Then we can parse a file and split it into small chunks where we purposefully can extract the information,\u201d says Bakker. \u201c So you don\u2019t have to go through a laborious process in Java to extract all those bytes one by one from that stream which often makes the code unreadable.\u201d<\/span><\/p>\n

Want to work at Rijksoverheid? <\/span>They\u2019re hiring<\/a>.<\/em><\/p>\n

Smooth user experience<\/b><\/h2>\n

The user-friendliness of the platform ensures that detectives, both with and without IT-knowledge, can use the search engine to extract evidence from the available data. <\/span><\/p>\n

The user experience of detectives and digital experts<\/span> improves automated testing and integration for continuous deployment. One adjustment was a visual timeline, says Bakker: \u201cWhat we have worked on is that we can display everything in a timeframe. There\u2019s a timeline where users can see when certain data has been changed. The detective or expert then immediately sees what happened during a certain period of time. It often comes in handy for email traffic or chats.\u201d<\/span><\/p>\n

The NFI developers ensure that Hansken is able to expose (deleted) emails, recognize patterns, categorize images, and map the locations of data with coordinates, but it\u2019s up to the detectives and digital experts to interpret and assess the presented data.<\/span><\/p>\n

High profile cases<\/b><\/h2>\n

Hansken\u2019s platform is designed <\/span>to handle<\/span><\/a> privacy, transparency, and security in criminal investigations, and has now been used in<\/span> more than<\/span><\/a> 700 criminal cases.<\/span><\/p>\n

In 2016, the Dutch Prosecution Office seized mail servers in Canada which <\/span>were used <\/span><\/a>for secure (PGP) communication with adapted Blackberry phones. In 2018, The Court of Amsterdam<\/span> ruled<\/span><\/a> that Hansken could lawfully be used to search through and provide insight into already available evidence \u2014 3.6 million encrypted messages from Canadian mail servers were lawfully searched.<\/span><\/p>\n

It was a bitter pill to swallow for the Dutch criminal Naoufal F., nicknamed Noffel, when he was<\/span> sentenced<\/span><\/a> in 2018 to 18 years in prison for a failed liquidation. A year later, six men<\/span> were convicted<\/span><\/a>, with sentences ranging from seven years to life imprisonment for their extremely violent wave of preparation and (attempted) liquidations. The Dutch Prosecution Office, with the help of Hansken, used the evidence found in encrypted messages to convict them.<\/span><\/p>\n

The smart assistant<\/b><\/h2>\n

Hansken challenges forensic software developers to keep evaluating and developing methods to efficiently analyze large data collections. Bakker: \u201cThe work encapsulates our love for puzzles, problem-solving, and passion for programming.\u201d<\/span><\/p>\n

The NFI ensures that law enforcement agencies receive sufficient aid during digital forensic investigations. Hansken saves time with problem-solving, quickly analyzing data, ensuring forensic knowledge is safeguarded, and providing valuable leads in criminal casework. Digital forensic investigation will play an increasingly important role in criminal justice. \u201cWe continue to develop the platform and expand its forensic capabilities. There\u2019s always room for improvement,\u201d adds Creeten.<\/span><\/p>\n

<\/a> <\/p>\n

This article is brought to you by Rijksoverheid.<\/a> <\/span><\/p>\n<\/p><\/div>\n

Published November 26, 2020 \u2014 14:00 UTC <\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Whether it\u2019s a WhatsApp message arranging the distribution of cocaine from S\u00e3o Paulo to Amsterdam or other encrypted conversations to lure the enemy into a deadly ambush; criminals have long tried to…<\/p>\n","protected":false},"author":1,"featured_media":1414,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/1413"}],"collection":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1413"}],"version-history":[{"count":0,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/1413\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/media\/1414"}],"wp:attachment":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}