The Nexus ‘indexer’ creates a searchable database of call detail records (CDR), automatic number plate recognition (ANPR), RF Survey data, message content, cell addresses and handset download data, to facilitate force-wide or national searches of the data, for common identifiers and attributions.
CDAN Nexus wraps data cleansing and normalisation functions in a set of fully automated processes that ingest, process and output source data without the need for an operator.
CDAN Nexus’s Analytical Summary Report provides critical intelligence, that can be used immediately by front-line investigators without needing to wait for an analyst to be assigned to their case.
CDAN Nexus is installed on-premise and therefore no force’s data is held by us (unless supplied explicitly e.g. for Support enquiries).
CDAN Nexus has been developed from a new codebase and has used best practice processes and tools that you would expect from a modern application. Specifically, the code has been developed in line with recommendations from the Open Web Application Security Project (OWASP). The application is regularly penetration tested (most recently June 2020). In addition, as new features are developed, the code undergoes daily static analysis to prevent against vulnerabilities being introduced, and identify any known vulnerabilities from third party components.
We use a tool called Veracode to do this and have been approved for Veracode Verified Standard status.
The application interfaces with Active Directory (AD) which is used to manage users, password policies and security processes related to authentication. It is recommended that the application and database are deployed on separate servers.
All communication with the web application is encrypted using https and communication with the database is encrypted with SSL. Forensic Analytics will require AD credentials for installation (e.g. IT Support user). Once installation is complete this user can be deactivated. Full installation will require certificates to be purchased.
The data on the platform is segregated using teams and security levels. All data is allocated to a team when uploaded and allocated a security level. Users on the platform are allocated to one or more teams and assigned a security level. These two measures ensure that data is only visible to those users with the permissions to view it.
The application keeps a full audit log so that administrators can view the activity on the platform and identify any security concerns.