Simply put, criminals do not use telco voice and messaging networks anymore, and over 90% of internet traffic is encrypted. The valuable metadata of “who called who” and ”who messaged who” has been lost in the flood of over-the-top (OTT) applications offering free voice and messaging services, some of who even can’t be subpoenaed to get the information because of their messaging architecture. Existing data like IPDR flow records or tools like Wireshark simply cannot deliver value to a forensics analyst, and many agencies have stopped trying to use data warrants at all. With trained forensics analysts being in short supply and the criticality of time-to-solve cases always being a problem for LEAs, better solutions are needed to protect citizens.
Criminal activity leaves traces. There are clues in law enforcement data wiretaps that are being missed every day. With the right tool, crucial network forensics metadata can be extracted from the packet captures (PCAPs) that you already have and get as part of a warrant today, while maintaining privacy for people only suspected of crimes. When investigating a suspect, the applications that are being used by suspects, what devices should be searched for under warrants, and whom a suspect is communicating with are all critical leads that can determine the likely guilt or innocence of a suspect before arrest and the seizure of their devices. In cases where the interaction of suspects (kidnapping, child exploitation, drug rings, or criminal syndicates), visibility into the interactions of multiple suspects is critically important and completely opaque in the current law enforcement solutions. The transition of data to evidence needs to be very short, and a system that can report on fine-grained details from network forensics is crucial as more communication uses encryption and OTT apps.
Digital Witness is a revolutionary solution designed to help investigatory agencies extract leads from network data. We target the most challenging problem for law enforcement and national security agencies dealing with network forensics by classifying and correlating encrypted traffic with patented accuracy. Our technology can be applied to warranted lawful intercepts of mobile or any type of broadband traffic (PCAPs, Live Feeds, etc) to provide application forensics analysis on VoIP, Video, File Transfer, Messaging, VPNs, and Cryptocurrency activity by criminals or bad actors. The evidence is presented in a summary view that can be used to generate reports for officials to request arrest warrants as well as in a detailed format for forensic agents to do their own analysis. One of our value propositions is to keep the time-to-evidence for network forensics to as near real-time as possible once the data is acquired and to immediately present the critical information to the agent for use in an active investigation.