PS: I would say the main advantage is collaboration – sharing evidence and intelligence online. Nuix Web Review and Analytics doesn't require any third-party plugins, which means it can be used on almost any web-enabled device. This allows the right person to see the right data, wherever they are.
We take security very seriously, at both platform and access control levels. We built the platform using Java SSL, so it's not vulnerable to Heartbleed, and the Nuix Engine and RESTful API have passed third-party static code evaluation.
We've built in the ability for administrators to assign individual or group-level access to entire cases, folders of items within cases and even features of the application such as downloading files or using visualisations.
TRP: What are the benefits for teams in dividing up and collaborating on large data sets, and how can teams ensure that no crucial evidence is overlooked?
PS: We advocate an investigative lab workflow which is a way for investigators to combine the efficiencies of the eDiscovery process with the forensic rigour of investigation methodologies.
It ensures digital forensic investigators handle each piece of evidence using an agreed set of repeatable processes and makes it possible to spread work between digital and non-digital investigators and subject matter experts.
By using a tiered review system, investigators can quickly discount irrelevant items and pass potentially relevant material to those who need to see it. They can employ a tagging system as well as human and machine quality control processes at each stage of the process to ensure they don't miss any data. And of course the Nuix Engine has fault tolerance and reporting built in to ensure it never misses a file.
We also provide ways to locate items that keyword searches might have missed, such as near-duplicate functionality that can identify documents with similar content and gauge how similar they are. This can help investigators identify who created, received or sent key emails, documents or attachments, or analyse how documents have changed over time, or indeed find related documents that use similar language.
TRP: How can network maps and visualisations help users find crucial and relevant information in large data sets?
PS: Network maps allow investigators to quickly see connections between people, objects, locations and events based on email, social media and mobile communications. The commonality visualisation in Nuix Web Review and Analytics extracts names, email addresses, IP addresses and metadata, including geospatial information, from hundreds of file formats to show the hidden connections within the evidence. It's a powerful way to correlate intelligence, relationships and modus operandi.
TRP: Where do you see the future of digital investigations going from here?
PS: Data is only going to get bigger and more complex with the growth of technologies including virtualisation, cloud and the Bring Your Own Device trend. The only way to respond is by building your capabilities around three major themes I've already discussed: collaboration, intelligence and analytics. And tools that rely on workflows and processes that were designed before this mass explosion of data and devices will no longer be relevant.
Many see the explosion of big data as a bad thing. I disagree. Big data allows investigators to gain intelligence and evidence faster than ever before.
Our personal devices are now capable of pinpointing our every movement: our phones store where we've been, who we talked to and when, our pictures contain geotagging information. Our fridges can record when we've been inside our houses – although they can also be hacked to send out phishing emails and who knows what else.
Social media sites can provide valuable intelligence about what happened surrounding an incident – who was nearby, what they were talking about and what they took pictures of. All these things can be forensically examined.
