StAG S.r.l.

Toute action de l’homme, et a fortiori, l’action violent qu’est un crime, ne peut pas se dérouler sans laisser quelque marque.” – Edmond Locard, La Police et Les Méthodes Scientifiques.

Following Locard’s exchange principle, our project tries to automate the collection and documentation of every digital evidence. More precisely, the goal of LOCARD is to address the aforementioned issues by providing a holistic approach for both Law Enforcement Agencies (LEAs), Digital Forensic laboratories, and also information security consultants and providers engaged in incident prevention and response enabling them to seamlessly handle potential digital evidence to be able to present them in a court of law, alleviating many issues that current state of the art and practice face. LOCARD increases the trust in the handling and processing of digital evidence, the management of chain of custody by providing transparency, using immutable storage to store the chain of custody and using end-to-end security through Trusted Environment Execution.

LOCARD AT THE 2019 ANNUAL EEMA CONFERENCE

OVERVIEW

What the LOCARD platform will achieve:

1. Manage an immutable chain of custody of the digital evidence for every crime under investigation.

2. Create the proper commitments per involved entity to handle the digital evidence accordingly.

3. Allow for usage of live-streaming data as evidence.

4. Allow victim organisations to monitor the progress of digital investigations concerning them in real-time.

5. Allow investigators to publish anonymised data that can be used to find correlations and identify campaigns.

6. Provide investigators with online crawlers that will effectively detect deviant behaviour in online content.

7. Provide investigators with offline tools that will assist them to collect evidence from media.

8. Provide an infrastructure that could be used to store all digital evidence and handle their use in a court.

9. Allow the cross-border usage of digital evidence through ease to export and re-use of digital evidence in the corresponding format and automated filling of the forms/documents.

10. Allow execution of modules in a Trusted Execution Environment.

11. Allow citizens to report malicious online events.

12. Allow investigators to tag suspected malicious activities or transactions in data streams and receive notifications once alert criteria are met in processed data streams.