Disclosure notice: This is a true account of a frontline investigation – written in collaboration with Semantics 21. This may contain accounts that some readers find upsetting.
This case study is based on a real experience shared by a law enforcement/investigation agency professional and written in collaboration with Semantics 21. It is presented in a first-person format to reflect the original voice and lived reality of the investigator, with all identifying information removed or adapted in accordance with UK GDPR and safeguarding standards.
Introduction
In the run-up to an ISO 17025 audit, our digital investigations unit was facing one recurring problem: consistency. Despite using the same forensic platform, team members handled evidence differently — with varied carving methods, naming conventions and artefact selections.
This made peer review painful, slowed investigations and risked audit failure. We needed repeatability, clear documentation and a way to ensure that any analyst could review or repeat another’s work — without reinventing the process each time. Server infrastructure wasn’t an option and internal development was off the table.
That’s when we deployed S21 AutomateX.
Before, everyone did things slightly differently and it caused friction. Now? Same button. Same outcome. Every time.
We built a reusable RVS workflow profile with everything our cases typically required: image carving, hash lookups, document indexing and link file detection. With S21 AutomateX, that profile became a button, usable by anyone on the team, regardless of experience.
Evidence types didn’t matter. Physical drives, Cellebrite UFDRs, forensic images — all went into S21 AutomateX, which processed them using the same consistent template.
Each step was logged, each folder followed naming rules and once the automation completed, the results appeared in S21 LASERi-X ready for visual review, with nothing lost or altered along the way
From Fragmented to Fully Repeatable
This wasn’t just a time-saver — it changed how we worked.
Analysts stopped improvising, new joiners were productive in days, not weeks and peer review became a step for verification, not a stressful audit of inconsistencies. Within one week, the team had moved to fully standardised exports. Chain-of-custody was locked down. Every folder aligned with audit expectations.
Even ISO 17025 assessors found no major issues related to repeatability.
No mismatches. No confusion. Just consistency from start to sign-off.
“We used to dread peer review. Now it’s just a second set of eyes — not an excavation. S21 AutomateX made that possible.”
What if we hadn’t acted?
Without S21 AutomateX, we’d still be patching over inconsistencies — chasing folder errors, fixing broken logs and manually rebuilding exports that didn’t align.
Peer review would continue to drain hours, new starters would flounder without clear pathways and if that audit had landed before the change? We could’ve been looking at serious observations, delays, or even non-compliance.
S21 AutomateX gave us something we hadn’t had in years — a process we could trust, repeat, and stand behind.
S21 solutions mentioned
S21 AutomateX
The complete solution for rapid automation of victim identification, CSAM categorisation and media review
Share your experience, inspire others
Have a story of your own? Whether you’d like to be credited or remain anonymous, we’d love to hear from you. Your experience could help rescue a victim, safeguard a child, or take a dangerous offender off the streets. Please get in touch — your words could make a difference.
Request a demo or sales information pack
Please complete the form with valid company or agency information, including a company or agency-issued email address. We will need to confirm your credentials before issuing a free trial licence.