CUSTOMER SUCCESS
The Metropolitan Police Service’s proliferation of electronic data has meant that workloads for forensic examiners have increased significantly during police investigations. Reviewing emails sounds simple but when there are tens of thousands of messages across multiple accounts it’s an immense, time consuming, and costly task, that’s usually time critical. Having forensic examiners wade through data rather than carry out specialist forensics is a waste of their specialist skill-set, so the
Met turned to Symantec ™ eDiscovery Platform, powered by Clearwell. The outcome is efficient and effective data review, a robust audit trail, and, crucially they can produce relevant data when required. In addition they have reduced the financial cost of getting the job done.
Almost 200 years ago, in 1829, Sir Robert Peel famously founded London’s first organised policing, and the Metropolitan Police was born. Today the Metropolitan Police Service
(MPS), known as the Met, covers an area of 620 square miles and a population of 8.3 million. It’s the largest police force in Europe and London’s biggest single employer with
50,000 officers and staff.
Within the Met, The Directorate of Professional Standards (DPS) focuses on the enforcement of standards, and this work includes dealing with complaints and anti-corruption.
We spoke to Dave Perryman who was the Detective Inspector leading the DPS’s Forensic team when they adopted eDiscovery. He’s now a senior specialist digital forensics consultant to the Met and other high profile organisations. The DPS’s remit includes standards for monitoring activity on Met technology systems, the recovery of unstructured data for investigation, and digital forensics. The team covers everything from external computers, mobile phones, Internet, and social media to internal system use, audit data and security information and event management, and internal unstructured data. It’s a busy department.
ORGANISATION PROFILE
Website: content.met.police.uk
Industry: Public Sector
Headquarters: London, UK
Employees: Over 50,000 and over 5,000 volunteers
KEY CHALLENGES
With ever more data to review, from multiple sources, Metropolitan Police Service’s
Directorate of Professional Standards needed to simplify and speed up the process of collecting and investigating unstructured data whilst also providing a robust audit trail for their work.
SOLUTION
Supporting police investigations through electronic workflow; from capture and surveillance through to eDiscovery.
BENEFITS
• Efficient and effective data review
• Data tasks take significantly less time
• Automatic and robust audit trail
• Skilled investigators freed for high value forensic work
• License model brings flexibility and value for money
• Minimal training time required for new users

CUSTOMER SUCCESS | The Metropolitan Police Service
We now have efficient and effective data review.
We can produce relevant data when required.
Dave Perryman
Digital Forensics Consultant
Metropolitan Police Service
Getting insights from unstructured data
A big and growing focus for the team is investigating unstructured data and there’s plenty of it, “It’s easy to get to it, but very hard to review. With increasing volumes, investigating multiple accounts and users, then looking at all the emails to find evidence becomes very labour intensive and time consuming,” says Perryman.
Perryman explains the force has good digital forensic capabilities but that challenges included the reviewing of data and the existing system being, “hard for untrained people and actually very inefficient in the method of search and review,” he goes on,
“there was also no history of who had viewed what, often data was reviewed multiple times. There were duplicate backups, in one case we had seven copies of the same set of emails.”
The system just wasn’t practical when dealing with so much data,
“So we looked at eDiscovery,” explains Perryman.
The path to eDiscovery
The Met needed any new technology to integrate with an existing corporate email system, rather than just collecting data and feeding it into another tool, “The Met networks are complex, so we wanted a simple solution for eDiscovery yet the ability to connect to other applications, share files, use instant messaging, and
Microsoft SharePoint.”
“Also,” continues Perryman, “the deduplication of data capability needed to be strong, to help us improve efficiency.” The solution had to be simple to use, so that data investigators could work on the discovery tasks, freeing highly skilled forensic examiners to focus on forensics. “We also needed the review functionality to be efficient so we can split big cases across reviewers, and, of course, transparency was also a must. We needed to have an accurate view of what had been done, for a robust audit trail and the ability to show our investigations.”
How the eDiscovery Platform helps
There’s now direct data collection from the Met’s corporate email system and collection from other corporate systems, including user files, shared folders, and instant messaging. Data deduplication has reduced the review effort and the team can review from anywhere on the Met’s Network. Plus, it’s far simpler for users,
“We now have efficient and effective data review, reporting and auditing, optical character recognition (OCR) and redaction capability. We can produce the relevant data when required.”
“Previously, we would have to pull live and monthly backup and recover home folders, then review it all independently, search live emails and go to our outsourcing partner for backup and folders.
We would then review it all in our digital forensic solution or in the email application. With no real check on what has been reviewed.”
Things are different now, says Perryman, “The platform collects directly from both our system and home folders and automatically pulls everything into one location. This, he explains, means that, “The platform makes any unstructured, illogically stored data accessible and usable.” Irrelevant data is eliminated immediately, and after just 30 minutes of training an investigator can review it at their own desk, mark-up the relevant items and make notes—all the time keeping a full record. “Our highly skilled forensic examiners can focus on more specialist tasks.”
• Symantec eDiscovery Platform powered by Clearwell

We needed to have an accurate view of what’s been done, for a robust audit trail and the ability to demonstrate our investigation process.
Dave Perryman
Digital Forensics Consultant
Metropolitan Police Service
The Met is now looking at using the platform in other areas of the DPS, such as legal services and Freedom of Information Act requests, explains Perryman, “It’s great for general searching of unstructured data, the capability also helps with our business continuity provision and better use of our own corporate knowledge.”
The eDiscovery Platform has improved the way staff use their time, made the whole data review process transparent, organised, more cost efficient, and has reduced reliance on the Met’s outsourced supplier. Fundamentally, Perryman concludes, “The platform means we find the right answer quicker.”
CUSTOMER SUCCESS | The Metropolitan Police Service
For more information
Contact your local Symantec Sales Representative or Business Partner, or please visit: symantec.com/ediscovery-platform/
Symantec (UK) Limited
350 Brook Drive,
Reading,
West Berkshire
RG2 6UH www.symantec.com
Tel: +44 (0)870 243 1080
Fax: +44 (0) 870 243 1081
Copyright © 2015 Symantec Corporation. All rights reserved. Veritas and the Veritas logo are all trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Other names may be trademarks of their respective owners.