CASE STUDY

A Change in Toolset Saved Merseyside Police £36,000

BlackLight was a Winner in a Cost-Benefit Analysis of Digital Forensic Tools

Detective Sergeant James Milligan, a laboratory manager for Merseyside Police, recognized his department was facing the same issue as every digital forensic lab in the world; his budget is finite.  With this finite amount of money, the laboratory must remain operational.  Amounts must be allocated for personnel, training, infrastructure, and forensic tools.  Having the infrastructure in place, the digitals tools necessary, and the appropriately trained staff ensures a laboratory is ready and able to complete cases.

Adding to the challenges faced today is the perpetual evolution of digital artifacts and the tools used for acquisition and analysis.  A decade ago, there were far fewer challenges.  Encryption, mobile devices, larger quantities of data, multiple devices for each exam, and various new operating system artifacts all combine to make digital examinations more complex.  At the same time, laboratories face contiguous pressure to produce results at the same rate or even faster than before.

Digital examination tools have also evolved.  The price of individual tools increased as the variety of available tools multiplied.  Looking back ten years ago, all UK Law Enforcement Agencies were basically using only two main tools.  Today, laboratory managers have a much broader choice and must find the tools that can produce results accurately and efficiently. Historically, year after year greater portions of the budget are spent on tools.  Tools that are more advanced, tools that contend with a broader range of devices, tools that cost more money.   Each time money is spent purchasing a tool, the benefits of that investment must be weighed against the overall cost.

Detective Sergeant James Milligan began a cost-benefit analysis to determine which forensic tools were capable of handling the work performed in the Merseyside Laboratory.  He was looking for a way to move away from their current ‘artifact based’ forensic tool.  First, a profile of the cases being submitted to the laboratory was created.  The cost of the tools able to handle these cases was considered as well as whether the tools enabled examiners to work accurately and efficiently.

Merseyside Police then implemented a thorough process of testing and benchmarking the available options while exploring all the impacts a change in toolset would have on laboratory operation.  The tools that became clear options were further tested and compared to the current toolset.  Surprisingly the new toolset outperformed the incumbent in certain areas, particularly when it came to stability.  The impacts of changing to the new toolset were found to be minimal.

The results were clear, for the cost of the incumbent tool, Merseyside Police was able to fully equip their laboratory with X-Ways and BlackLight, enroll all examiners in training courses, and save $25,000 over a five-year period.   Without training, $45,000 would be saved.

The results of Merseyside’s review prompted other organization to try BlackLight and preform a review of their own tools and practices.

If you are interested in trialing BlackLight, or would like some further information please contact Tom at BlackBag (tomo@blackbagtech.com)

If you’d like assistance in carrying out a review or evaluation of your own forensic tools, please contact Avatu on 01296 621121 or info@avatu.co.uk for help or advice.

BlackLight is massively under-rated when it comes to examining Windows devices. This is particularly true for the way BlackLight handles and presents the content of Volume Shadow Copies.

Detective Sergeant James Milligan

Main Takeaways:

  • The laboratory manager at Merseyside Police evaluated BlackLight during a budget forecasting and review.
  • The result of the review revealed BlackLight was not only a viable option monetarily, but it outperformed the incumbent in other areas as well.
  • BlackLight is often pigeonholed as a tool to be used only for Mac devices. However, it has for a long time been accurate and reliable for examination of Windows based devices.
  • The change in toolset resulted in minimal impact on laboratory operations, achieved the desired cost saving, and enables examiners to work accurately and efficiently.

Quick Facts

Features: 

BlackLight enables examiners to work accurately and efficiently while achieving cost-savings

Problem Solved:

BlackLight provides analysis capabilities to handle current cases while saving money

Solution Provided:

Merseyside Police purchased BlackLight as part of their new digital toolset for an overall cost savings

Overall Results:

Merseyside Police, through a process of testing and benchmarking, discovered that BlackLight outperformed the incumbent in cost as well as stability

Add BlackBag To Your Toolkit

See how easy it is to make BlackBag part of your everyday carry with a free trial or quote.