Browse Content by Topic:
Data Forensics - Criminal Investigations Often Begin with the 9-1-1 Call for Help
Author: Buddy Tidwell, Vice President of Global Forensic Training, Cellebrite
Copyright: 9-1-1 Magazine, Feature Content
The catalyst to a criminal case often begins with a call to 9-1-1. It’s the first potential evidence investigators have to determine the initial facts of a case. If that call was placed via a mobile device, it often provides a gateway into more powerful data evidence. Today, mobile device evidence is the new “smoking gun” and is redefining criminal investigations.
When a tip comes in via 9-1-1 from a concerned neighbor about potential drug activity, a telecommunicator immediately dispatches the police. With an active undercover investigation already underway and a warrant in hand, police make a drug bust and seize all potential evidence including several mobile phones. Performing a quick on-scene extraction and analysis, investigators are able to establish connections between two suspects. Pictures and texts on the phones help investigators identify a larger community drug ring – and additional suspects -- immediately producing actionable leads.
The catalyst to a criminal case often begins with a call to 9-1-1. It’s the first potential evidence investigators have to determine the initial facts of a case. If that call was placed via a mobile device, it often provides a gateway into more powerful data evidence. Today, mobile device evidence is the new “smoking gun” and is redefining criminal investigations. With warehouses of it being collected and generated daily, managing the complexity of this reality requires new thinking and powerful new law enforcement tools. Solutions must help forensics professionals and investigators work smarter and support multi-tier workflows that can act as a force multiplier both in the forensics lab and in the field.
Accelerating the Investigative Process
With the growing importance of mobile device data to investigations, processing delays of any duration – even days or weeks – can jeopardize the length and outcome of criminal cases. Rapid access to this data allows police officers and investigators in the field to make rescues, prevent attacks or catch criminals in the act. Having the right solution components in place can effectively and securely distribute mobile forensics workloads from the lab to the field.
Platform agnostic, frontline solutions should be designed with field personnel in mind, delivering an intuitive user interface that makes extracting live data simple while ensuring strict access control and data management. A fully integrated solution should unify workflows and make it possible to access, view, and share mobile data in a variety of ways – via in-car workstations, laptops, tablets, or a secure, self-service kiosk – to preserve its integrity and make that data immediately actionable.
How Distributed Workflows Help Achieve Operational Goals Increase Mobile Forensics Data Access
The growing influx of mobile data has left agencies with little choice but to evaluate current processes. By empowering officers and investigators in the field to initially collect, analyze and share incident and mobile device data findings, examiners can focus efforts on deeper data analysis. Imagine the impact of a simplified extraction process that presents critical data in an intuitive timeline view and allows users to apply individual or watch list filters to identify and qualify evidence quickly for better decision making. Extraction findings can be sent to remote forensics locations or back to police headquarters via a network connection, making it seamless to share data.
Fast-Track Evidence Collection
To keep officers and investigators focused on the mission at hand, technology needs to enhance, not disrupt, their operations. When an officer catches a suspect in the act of committing a crime, prompt access to mobile device data may provide the details to prove it, as well as help identify accomplices or locate and preserve evidence that might otherwise be lost or destroyed. By connecting a mobile device to an officer’s mobile data terminal, tablet or via a standalone kiosk, he can conduct a forensically sound, logical extraction of device texts, call logs, emails, etc. and quickly view and act on potential evidence.
Ensure Evidentiary Integrity
In a criminal investigation, not everyone needs the same level of access to case evidence. Despite the inherent efficiency gains, distributing mobile forensic capabilities to the field creates new privacy and due process concerns for public safety officials. A comprehensive permission management system ensures complete accountability for every action and every user. This allows agencies to assign extraction privileges – not only for extraction itself, but also for the data available to be extracted – based on user roles and or level of training and certification. Granular administrative controls at any extraction level – logical, file system or physical – makes it easy to create user profiles and assign data extraction permissions based on a “right to know, need to know” basis. This reduces the risk of users accessing private data beyond the scope of their legal authority. Administrators can also pre-define crime types, phone owner (suspect, victim, witness) and watch lists with key words, names, phrases or numbers, helping field personnel easily and quickly narrow and qualify extracted data.
Training for Ongoing Proficiency
As the challenges and complexity of mobile data forensics continue to grow, so too does the imperative for the training required to prepare field personnel for this rapidly evolving aspect of forensic science. Legal access, chain of custody, and privacy issues are ongoing concerns for law enforcement agencies nationwide, as well as globally, as legal precedents and policies change. The importance of frequent training for front-line investigators to stay up-to-date cannot be underestimated, or put off, in this environment. The cost of training should always be weighed against the risks, and potential costs of not training.
Empowering the Front Line with Actionable Intelligence
Investigating crime is a tough job. From effectively fielding and responding to that first emergency call, to finding the mobile data evidence that vindicates or corroborates other key evidence can mean the difference between solving cases – and not. To keep pace with growing demands for mobile data evidence, agencies must redefine the status quo. New tools and operating models are required that enable collaboration, information sharing and improved decision making via an integrated platform that supports a distributed workflow. By enabling simplified data extraction and analysis capabilities in the field, public safety agencies can deliver new and improved workflows and the actionable intelligence necessary to qualify evidence more quickly, improve operational efficiencies and shorten case cycle times to solve crime faster and improve public safety.
Buddy Tidwell serves as the Director of Global Training for Cellebrite, the world’s leading Mobile Forensic Company. Formerly a Master Forensic Instructor for a major forensic software company, Buddy has served as trainer program manager, Lab Manager and Senior Computer Forensic Examiner at the Joint Computer Forensics Lab for Law Enforcement in Middle Tennessee, as well as an investigator for the District Attorney General’s Office and Dickson County Tennessee Sheriff’s Department where he was the lead investigator in hundreds of Cyber Crime incidents and complex felony investigations. Buddy's 24 years of law enforcement experience includes service as an undercover narcotics agent, vice division manager, and much more. He served as a member and leader of a specialized team of crisis negotiators for more than a decade and has regularly provided training to law enforcement agencies in the investigation of computer-related offenses, and the recovery of digital evidence.
For more information on Cellebrite’s mobile forensics solutions, see www.cellebrite.com/Mobile-Forensics