Featured Police need digital forensics training to handle evolving technology

Published on November 23rd, 2021 📆 | 8037 Views ⚑

0

Police need digital forensics training to handle evolving technology

By Brendan Morgan

Law enforcement training for handling digital devices to collect and preserve evidence is slowly but surely getting better. But there’s plenty of room for improvement in terms of providing hands-on training (not just paper handouts) that will sharpen the skills needed for modern policing, and also improve community perception of law enforcement.

Compared with LE’s decades-old training curricula for handling firearms and driving police cars, training around digital evidence collection and analysis is still in its infancy. Yet given the explosion of digital devices taken in as evidence – in larger departments, that can mean thousands of phones a year – digital forensics training is critical. Just as training for firearms handling and driving are considered essential, digital forensics training needs to be obligatory, not optional.

As the number of digital devices turning up in cases grows, forward-thinking agency managers are recognizing the need to get more staff members trained to lawfully access, collect, analyze, and manage data to expedite time to evidence.

As the number of digital devices turning up in cases grows, forward-thinking agency managers are recognizing the need to get more staff members trained to lawfully access, collect, analyze, and manage data to expedite time to evidence. (Getty Images)

Training breeds confidence, and eventually, more community support

As law enforcement officers focus attention on building community support, there is recognition that better digital training can give officers greater confidence during their interactions with the public.

As mobile technology becomes easier to use and evolves almost daily, training and access to equipment are key in obtaining faster solve rates for all types of crime. From the time law enforcement arrives at a crime scene all the way through the sentencing phase, all participants involved (first responders, lab personnel, investigators and prosecutors) must have a good working knowledge of how to recognize, collect, preserve and use evidence from mobile devices. 

For example, when a first responder is working a crime scene or interviewing a witness who may have recorded the incident with their mobile device, it is critical the officer secure the cooperation of a witness and obtain consent to view the video or other information related to the crime. To be successful, the officer must be trained and have a good working knowledge of how selective extraction technology will be used to extract only the information related to the specific issue. This will reassure the witness that their personal information will not be exposed or captured during the physical examination of their device. 

Training that makes a difference

If digital training is to be a force of change, then everyone needs to be on board. Digital best practices need to be incorporated into in-service training that applies to all officers, ensuring that there are as many eyes and ears taking in the digital guidance as possible.

The burden is on leaders and trainers to create the culture change that supports digital intelligence and explains how this knowledge can actually close more cases. Making the training simple and straightforward helps: Teach attendees about five or 10 easy-to-remember best practices for every interaction.

Inspire with real-world stories of justice accelerated

Sharing real-world examples of how well-trained investigators can make a difference in terms of bringing criminals to justice and improving case-closure rates is a great way to show law enforcement managers the value of training. Make it a point to collect and share these success stories during in-service training.

This case study from the Brazoria County Sheriff’s Office on the Texas Gulf Coast is a great example of how a well-trained staff was able to use a variety of digital intelligence skills to catch a criminal.

The case, which involved the robbery of narcotics from a local pharmacy, seemed ordinary at first: A mask-wearing man approached the pharmacy counter of a CVS store and handed a clerk a note saying he had a gun, and demanded various narcotic medications. Investigators knew there’d been several pharmacy robberies in the region, and wondered if their suspect could be the culprit in all the thefts. Using digital intelligence solutions to extract and analyze data from devices and the cloud, investigators created maps and timelines matching the suspect’s locations and web searches to the times and places of the robberies.

The challenges

The robbery at a Brazoria County CVS was the first one on the radar of the sheriff’s office. Surveillance images helped investigators identify the likely vehicle, a four-door red car, used by the robber, and a description of the man. At the same time, the Brazoria sheriff’s office heard from colleagues near Houston of similar pharmacy robberies involving a person and vehicle that matched the description of the Brazoria suspect.

At one point, the suspect appeared to have switched vehicles in response to publicity about the robberies. However, since investigators had a likely address for the man, they were able to stake out that location until he returned home. A search of the vehicle uncovered a bag of pills of the type stolen from the pharmacies. When questioned by Brazoria investigators, however, the man insisted he wasn’t the robber.

The solution

Since the suspect continued to claim he wasn’t involved in the robberies, investigators would have had to continue looking at surveillance camera images in order to place the man at the various crime scenes. Fortunately, Dominick Sanders, a criminal investigator for the county sheriff’s office, had the suspect’s phone, and could also call on the services of the sheriff’s office’s digital lab, which opened in 2012.

Prior to the lab’s opening, investigators had to bring devices to an FBI lab in Houston for processing – a step that created as much as a three-week turnaround in gathering digital evidence and returning devices to their owners. With the Brazoria County Sheriff’s lab now using digital intelligence solutions to unlock devices and access data on-site, the device turnaround time has shrunk to as little as one day.

“In the past eight years since we opened our lab, we’ve gotten to the point where we can process about 90 percent of devices right here, instead of sending them elsewhere,” said Kent Nielsen, ID Investigator, Brazoria County Sheriff’s Office.

The results

After a search warrant was obtained, Nielsen extracted GPS and internet search data from the robbery suspect’s phone. Sanders wanted to test a theory: That the man who robbed the local CVS was the person responsible for all of the region’s pharmacy holdups.

“I started putting a timeline together for when all the robberies happened,” Sanders said. He plugged the GPS data from the suspect’s phone, as well as the locations and times of the other pharmacy robberies to pin each location. In this way, Sanders could see that the time of every robbery correlated to GPS locations extracted from the suspect’s phone – placing him close to the right places at the right times.

Sanders found more: The extracted web-search data showed that the man had looked up information about local police shifts just before the various robberies occurred, in hopes of hitting the pharmacies when policing resources were thin. He’d also searched for news stories about the robberies.

At one point before the suspect was arrested, the sheriff’s office in neighboring Victoria County, where a pharmacy was robbed, issued a press release with a security camera image of the suspect’s car and asked the public for tips. Sanders found web searches on the suspect’s phone seeking places to buy fake beards and mustaches, showing he knew the police might be coming closer to identifying him.

When Sanders confronted the suspect with the detailed timelines of robberies, all connected to the phone data, the suspect confessed, explaining that he was a drug addict who fed his habit through the robberies. He was charged with multiple counts of aggravated robbery but died in prison due to addiction-related health issues before the case went to trial.

There’s no better way to hammer home the importance of training than showing that when officers build our expertise, we show the public that we care about accelerating justice and protecting citizens.

NEXT: How to buy evidence management (eBook)


About the author

Brendan Morgan brings 20 years of law enforcement experience to Cellebrite. He is responsible for the development and delivery of technical training for Cellebrite solutions to law enforcement and other government agencies throughout the Americas. Mr. Morgan has successfully managed programs and professional services in more than 20 countries around the globe and he regularly speaks at industry conferences such as the Mobile Forensics World and the National Cyber Crime Conference. Mr. Morgan holds an MBA from the University of Georgia’s Terry College of Business. Additionally, he has earned both a Certificate of Concentrated Study in Computer Forensics and Digital Investigations and a Graduate Certificate in Digital Forensics from Champlain University.



Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *