Going Digital: Harnessing Digital Forensics Technology
A lot has changed in the last decade in how officers and law enforcement agencies as a whole understand the importance of digital forensics. As the tools and software have evolved, it has begun to play a bigger role in investigations. Jad Saliba, the founder and Chief Technology Officer of Magnet Forensics and Justin Tolman, a forensic subject matter expert at Exterro spoke to OFFICER Magazine recently about the growing use of digital forensics in investigations and how more law enforcement agencies are getting on board with the technology.
This article appeared in the March/April issue of OFFICER Magazine. Click Here to subscribe to OFFICER Magazine.
Increase in understanding
Saliba states that the overall understanding of digital forensics has improved through the years, “If you look back 10 years ago, people looked at digital forensics as this small team of people in lab coats doing really technical work and they were the only ones who could really understand the computer forensics or digital forensics data, and were the only ones who could really deal with it.”
He says that mindset has grown to the point where a lot of senior law enforcement leadership are beginning to realize how important digital evidence can be. “I think the understanding has really grown and senior leadership really sees that this is how we can clear cases and be more efficient in executing on justice and in our communities,” he says. “I still think there is a ways to go there and we need to put more focus on modernizing how we do this work and making the work more efficient, and making it more possible for others in the agency to participate in that review of digital evidence and being involved in that process.”
Tolman says that as digital evidence has become a bigger part of investigatons, officers have been made aware of its importance. “Every street cop to detective to supervisor-level knows: ‘I’m going to hook up this person, I need a phone. I’m going to get that phone.’ I think that’s where the understanding kind of stops for the general population. After that they are going to deliver it to the lab and magic happens and they get the data back,” he says. “I think people view it as maybe one of the, if not one of the top two, most important things they need to get in any investigation.”
He says that there has been a shift to where if there is not a phone recovered at a crime scene, the question becomes why was there no phone? “They want wins. We want to make our community safer, and they recognize that digital data can do that for them. The chats, the emails, the phone calls,” he says. “You think about how you use your phone. It’s huge now. There is digital element now in pretty much every case because we live on our phones. If I want to figure out how to do something illegal, I’m going to Google it, I’m going to chat with somebody via text message. Nobody calls anymore. If we want to plan something nefarious, we’re going to text about it. There’s going to be this large digital footprint for every case.”
He adds that detectives working cases have more contextual knowledge than the technicians and should be trained at least in the basics of collecting digital evidence. “Not are we only trying to make it more accessible where we can get more hands on keyboards or eyes on screens without increasing the load, you’re actually getting a better investigation because that detective, that officer knows more context than the guy in the lab ever will. I see that as a major shift in not just the speed, but in the quality of the cases in the digital aspect.”
Advances in technology
According to Saliba, the advances in technology have been both a blessing and a curse when it comes to digital forensics. “The devices are very different than they used to be from a complexity of how you access data on them to the amount of what’s stored on those devices. So, you’ve got more devices—everyone’s got at least one phone and maybe a tablet, maybe still a laptop,” he says. “All of those devices now have a lot more data on them or a lot more capacity to store data and the security has gotten better across the board so it’s harder to access the data on those devices. That’s created a lot of challenges because there’s a lot of workflows that have not really changed much in the last 10 years where the landscape has really changed. That’s created backlogs and challenges with officer wellness and stress levels and bringing devices and the data to the court system in time to ensure a swift process. But there’s also far more valuable information now to be found on those devices.”
He says that another area of focus has been the modernization of workflows in order to allow the computers process data and find connections in order to allow investigators to use their experience and talents to analyze the data.
The future of digital forensics
Saliba sees the cloud playing a bigger role in digital forensics in the future. “I think that’s really going to completely change things as people get more comfortable with understanding how secure things can be in the cloud and understanding the benefits that it provides,” he says. “Again, I think it’s just about modernizing digital forensics and digital evidence handling for the 21st century to kind of take the old methods that we used to use, modernize them and make things more efficient so people are focused on the things that they are good at. Investigators are focused on the things that their experience can really help with and then we can provide a better service to the entire agency, create more trust with the community and ensure that justice is being served.”
Tolman agrees that the increased use of the cloud will be likely going forward. “In the old system, it was very segmented,” he says. “If you wanted to get my work product from your case back, you either had to mail it through secure mail or you had to come get it back from the office. It was time-consuming; especially if you need to have more work done. Where you’re seeing the shift now, where you are trying to fix this to make it more efficient and easier and also cut costs, is a move to the cloud. You and I can work seamlessly together.”
He says that prior to the cloud, agencies have been forced to focus less on the investigations and more on server management and become IT data managers. “That’s a lot of money and time that people don’t realize is going into it that they will have to invest. By going to the cloud they cut the cost of an entire IT department that they have to hire,” he says. “That wasn’t even a thought five years ago. In fact, people would talk about it as a negative. We are seeing a huge shift in that. When we talk to people—ICAC commanders, police chiefs, lieutenants—and we mention the cloud, we don’t ever hear an objection. They realize that the security and the technology has come a long way. Now it’s just about how, not about why.”
This article appeared in the March/April issue of OFFICER Magazine.
Paul Peluso | Editor
Paul Peluso is the Managing Editor of OFFICER Magazine and has been with the Officer Media Group since 2006. He began as an Associate Editor, writing and editing content for Officer.com. Previously, Paul worked as a reporter for several newspapers in the suburbs of Baltimore, MD.