As law enforcement faces limited resources to investigate growing levels of cybercrime, the Metropolitan Police has brought in specialist technology to support its digital investigations.
The UK has 12 regional units which tackle organised cybercrime and many forces have their own trained specialists but cybercriminal activity is so common it is challenging to investigate before the offenders get away.
“Like biological evidence, cyber evidence degrades over time – websites are taken down and the trail goes cold,” said Detective Superintendent Neil Ballard from the cybercrime unit.
To address this issue, the Met’s cybercrime unit, Falcon, has started using technology first developed at the University of Cambridge and now developed by a company called Bromium.
Speaking to Sky News, Bromium’s co-founder and president, Ian Pratt, said: “Our approach to cybersecurity is quite different from all the other companies that are out there.
“For every task that you’re performing on a machine, for every document you open, every website you go to, we’re actually going to create a virtual machine to run that particular task so that if anything bad happens, it’s contained within that virtual machine.”
As an academic, Mr Pratt led the systems research group at Cambridge for the best part of a decade and started the group’s work on the Xen hypervisor, a technology which allows the hardware of a computer to support several operating systems at the same time.
Xen, which Bromium is based on, is used to virtualise computing environments so that if the user accidentally lets any malicious processes execute they can’t spread and infect other parts of their machine.
Analysing malware can take months in a computer laboratory but, by using Bromium, the police specialists are able to let it execute in an isolated environment and follow how it behaves in real-time.
The Office for National Statistics estimates more than 3.7 million instances of cybercrime occurred in the UK in 2016, and 46% of British companies admitted they had been attacked by hackers that year.
A technical demonstration of Bromium shows how police can use its real-time forensics capabilities to identify key information about the criminal software infecting victims.