Police aim to develop 'computer breathalyser'

Efficiency gains could result from a digital forensic tool capable of instantly flagging up illegal activity on any PC it's attached to

UK police are hoping to one day develop a breathalyser-style tool for computers that could instantly flag up illegal activity on any PC it's attached to.

Detective superintendent Charlie McMurdie, joint architect of the UK's Police Central e-Crime Unit (PCeU), said front-line police ideally need a digital forensic tool as easy to use as the breathalyser, to help them deal with growing numbers of computers being seized during raids on suspects' homes.

McMurdie said such a tool could run on suspects' machines, identify illegal activity — such as credit-card fraud or selling stolen goods online — and retrieve relevant evidence.

McMurdie told ZDNet UK sister site silicon.com: "Do we need to seize five computers in a suspect's house, or could we use a simple tool to preview on-site and identify there's that one email we are looking for? We can then use that and interview the person now, rather then waiting six to 12 months for the evidence to come back to us."

"For example, look at breathalysers. I am not a scientist; I could not do a chemical test on somebody when they are arrested for drink-driving, but I have a tool that tells me when to bring somebody in," she said.

The eventual development of a breathalyser-style tool for computers could help ease a backlog of digital forensic work that has officers waiting up to a year for evidence to be recovered from seized machines.

The tool is part of a package of measures envisaged by McMurdie as one day coming out of the £7m PCeU, which, from spring next year, will co-ordinate law-enforcement action against all online offences and lead national investigations into the most serious e-crime cases.

McMurdie also discussed the possibility of setting up a "central forensic server", where digital forensic experts from across the UK could log in and analyse whatever systems were plugged into it.

She described how it could help tackle corporate e-crime, saying: "Say one of the banks is attacked and we need to have a look at one of their hard drives; that bank would have something that they can plug their system in to and that connects to this central forensic server."

"Say there is a copper who is a forensic expert in Devon and Cornwall; he could hook into the central server and deal with it from Devon and Cornwall, rather than travelling up to London," she said.

McMurdie said UK police have also been talking to the FBI and US Computer Emergency Readiness Team about their use of remote searches of hard drives over the internet.

PCeU leaders are also in talks with the Association of Chief Police Officers about setting up regional centres for e-crime training.