Automating Cyber Investigations for UK Policing
A scalable data platform turning weeks of analysis into hours.
The Opportunity
ADSP was contracted by the Metropolitan Police Service (MPS) to address a critical capability gap in handling large-scale cyber investigation data. The existing process was manual, reliant on individual analysts to interrogate seized server data. This created a significant operational bottleneck and a single point of failure. The MPS required a proof-of-concept to demonstrate how a modern, scalable data platform could automate data ingestion and empower a much larger team of investigators to rapidly find actionable intelligence.
What we did
Our engagement began with a critical discovery phase, applying Operational Process Mapping in close collaboration with MPS cyber SMEs to document and quantify the existing 'as-is' manual workflow. We conducted workshops with both technical and non-technical investigators to understand their pain points and define the key requirements for a future system, such as the need for automated data enrichment (e.g., IP geolocation). The findings from this discovery directly informed our architectural decisions, allowing us to select the right technologies (Python, ElasticSearch) and to co-design intuitive Kibana dashboards that met specific user needs.
The Results
The discovery phase produced a clear, evidence-based roadmap and a validated technical design that was fully endorsed by MPS stakeholders before development began. This robust foundation was critical to the project's success, as it ensured the proof-of-concept was precisely targeted at automating the most significant operational bottlenecks. As a direct result of the discovery, the final PoC successfully reduced time-to-insight from weeks to hours and delivered a comprehensive benefits case for an enduring national capability.
X
Create Statistic
How we did it
We began by mapping manual workflows with MPS cyber-SMEs and gathering key requirements through workshops with both technical and non-technical investigators. As MPS was working on sensitive dataset, we started by working on a synthetic dataset mimicking the real one but with obscured data. This allowed us to quickly iterate internally and to make certain pipelines would accept data, following proper naming conventions. We developed automated Python pipelines for data extraction, transformation, and enrichment, including real-time IP geolocation, while leveraging ElasticSearch’s document structure and indexing to efficiently handle complex data without compromising evidential integrity. We co-designed user-friendly dashboards using Kibana. Throughout the project, we validated our synthetic data approach and refined each component using real case scenarios datasets and ongoing investigator feedback when visiting MPS offices. To ensure sustainability, we delivered bespoke training for technical and non-technical MPS staff and supported hiring an in-house Python expert to ensure long-term solution maintenance.
