SPECIALIST SERVICES .
|
INTERNET ENABLED INVESTIGATIONS (IEI) .
The way in which people communicate has changed…
Person-to-Person (P2P) telephony and SMS messaging has been replaced with feature rich and (often) cheaper Internet enabled communication such as WhatsApp, Facebook et-al.
Law enforcement uses Communications Data to prosecute, detect and prevent crime and due to the mass migration towards Internet enabled communications, this pool of data which was derived from what are now legacy communications mechanisms is dwindling and becoming less and less useful and relevant. Whilst it used to be the case that a suspect with a phone to their head would be producing an easily available record of that communication, this is no longer the case and a disclosure request would reveal nothing.
Additionally, young people no longer telephone their friends and seldom use SMS. Instead, the young communicate on social media, through OTT services such as WhatsApp, Instagram and KIK. Through these services they are exposed to not only their friends and known associates, but to a world of unknown people and influences that poses a significant threat to their safety and national security.
The requirement, therefore, is to replace, as much as is feasible, this loss of Communications Data with sources of data that can be used by law enforcement in the execution of their duties.
GioSec’s solution is focussed on delivering the following:
Person-to-Person (P2P) telephony and SMS messaging has been replaced with feature rich and (often) cheaper Internet enabled communication such as WhatsApp, Facebook et-al.
Law enforcement uses Communications Data to prosecute, detect and prevent crime and due to the mass migration towards Internet enabled communications, this pool of data which was derived from what are now legacy communications mechanisms is dwindling and becoming less and less useful and relevant. Whilst it used to be the case that a suspect with a phone to their head would be producing an easily available record of that communication, this is no longer the case and a disclosure request would reveal nothing.
Additionally, young people no longer telephone their friends and seldom use SMS. Instead, the young communicate on social media, through OTT services such as WhatsApp, Instagram and KIK. Through these services they are exposed to not only their friends and known associates, but to a world of unknown people and influences that poses a significant threat to their safety and national security.
The requirement, therefore, is to replace, as much as is feasible, this loss of Communications Data with sources of data that can be used by law enforcement in the execution of their duties.
GioSec’s solution is focussed on delivering the following:
- Acquire by whatever means are appropriate a record of Internet communications originating from an identifiable device/subscriber. These records are called Internet Connection Records (ICRs).
- Store these records securely in a cost-effective, extensible and scalable retention store.
- Query this retention store with query terms such as date/time, device/target identifiers, geographical locations, ICR field details (hostnames, etc) or any combination of these.
- Accurately disclose this queried information in accordance with evidentiary standards.
- Integrate ICR data with existing data such as CDR records, geo-location data and to be able to do so across multiple data stores which could originate from multiple TOs.
- Use other forms of ICR data for example from OTT providers, existing network elements etc.
- DNS queries
- HTTP Get requests to the first ‘/’ in the URL
- SSL certificate exchange data (Common Name, Issuer, etc)
- IP flows with start/stop times, byte transfer counts and protocol detail (i.e. TCP/UDP etc)
- Detail of other OSI layer information such as application hints (i.e. is this a VPN, SSH, etc)
- Target/device identifying data such as IMEI/IMSI/MSISDN/MAC
- Device/OS type hints derived from network behaviour
- Geolocation data if available (i.e. Cell site, Wi-Fi AP name)
- Network traffic behaviour where this is able to provide insight into behaviour (i.e. VoIP traffic, Video call, etc)
- Time relative data such as IP Address “whois” data (to show ownership of an IP address used for the communication.