LGE speaks to Keith Foggon, head of the Serious Fraud Office’s Digital Forensics Unit, about his team and its high-tech work.

The Digital Forensic Unit of the Serious Fraud Office (SFO) is one of the most advanced and largest computer forensic labs in Europe. The unit provides support to the divisions of the SFO in attending searches, providing IT expertise, and preparing data from devices collected on searches for review by the investigation teams.

The unit deals with large or complex fraud, quite often with an international element, and works with all types of computer media including PCs, servers, laptops, tapes and mobile devices. In fact, according to its head Keith Foggon, the unit has yet to come across a device that it cannot process in some way. Typically the data it presents to the investigation teams comprise emails, documents, spreadsheets and so on, and it can easily consist of hundreds of millions of items.

With around 20 full-time staff, the SFO unit is one of the largest in the UK dealing with computer forensics, and Foggon says: “We typically get involved right at the start of an investigation, attending the search site and providing advice to the search team. We tend to bring a lot of the seized items from searches back to our lab to make sure the investigators have what they need to carry out the investigation.”

The frauds Foggons unit deals with go far beyond the range of credit card fraud and the like that many may associate with online fraud. The unit only involves itself with frauds over £1M in value (it is currently working on an £800M case!), and would also only become involved with a case where there is a clear public interest in it doing so.

Foggon says: “We’re obviously usually dealing with very rich, powerful people who have a lot of technical facilities and expertise at their disposal and our job is to try and make sense of that. If we’re dealing with an organisation rather than an individual, on the other hand, we could easily be dealing with hundreds of thousands of emails, so you can see the scale of the operations we deal with. There isn’t another organisation in the world that deals with the amount of material and data we do.”

The unit operates a dedicated forensic network with 170 terabytes of online storage, and investigators use a combination of 64-bit and 32-bit machines for their work. The majority of the units investigators come from an IT background, and with technology developing apace there are always new techniques to be learnt. Mobile phones, for example, are becoming an increasingly significant part of the unit’s investigations, and Foggon is confident that his unit is able to garner evidence from whatever piece of electrical equipment may be thrown at them, from the highest spec PC to the most lo-fi reelto- reel tape.

Foggon’s team does not actually carry out investigative work itself, but rather prepares the data for the investigating officers to access as simply as possible. PCs, for example, would be stripped of viruses, pornography and unnecessary Microsoft or programme files, leaving a ‘blank canvas’ of relevant information for the investigative team to work with.

The unit also operates a mobile lab for instances where a search needs to take place on site, usually in instances where to remove equipment would cause undue disruption to business, and, on equally mobile front, as leaders in the field, Foggon and his team have worked all over the world assisting their counterparts in other countries to provide the same quality of service to their local investigative teams. As long experience has proved to the unit, in the modern world national boundaries are no barrier to e-fraud, and the team’s international links mean fraudsters can expect to be hunted down to the four corners of the earth.