The byte stuff

Local officers should be prepared to follow the trail of bytes criminals leave behind

     Police administrators play an active role in setting up local high-tech crimes capabilities. These individuals must decide where this capability falls within the department and the types of high-tech crimes that will be given priority. If the department has one examiner, Stone explains this officer may receive 100 cases annually and will need to whittle that number down. A solid policy designating priority to each type of crime aids in the decision-making process. Stone also warns to look beyond child porn cases when making these considerations. "You get financial crimes and identity theft cases that have losses in excess of $1 million. Where will these cases fall?" he asks.

     Managers then must define resources. "Is one person part-time good enough? How much training does that person need?" Stone asks. "Managers must realize they can't send an officer to three days of training, buy him a thumb drive, not use him for six months and expect him to be competent. There is a commitment involved, if they want to be able to investigate technological crimes."

     Equipment needs cannot be overlooked either, he warns. These officers need robust computers, software tools, write protecting devices and more. "They require more than one tool in their toolbox," Stone says. "If you have a guy whose only tool is a hammer, he'll try to fix everything with a hammer, but not everything can be fixed with one. Administrators may complain that's an extra expense, but investigators need more."

     Harris recommends local agencies embrace a multi-organization approach to bear these costs. When several agencies join forces, it becomes easier to finance needed manpower, training and equipment. "It's a good alternative to having nothing at all," he says, adding that in his area one part-time detective took it upon himself to learn cell phone examinations and is now training other officers in the region to do the same.

     Sharing the workload also helps shrinking and overloaded task forces. In the Sacramento area, Harris says a patrol officer might send a confiscated cell phone to the task force where it may sit for three to six months. "That's problematic. If you have an ongoing investigation you need that information right away," he says. "The prosecution time clock is ticking."

     Multiple agencies that align with each other and a task force cover all bases, because criminals are not bound by jurisdictional boundaries - especially in high-tech crimes, adds Costa. "The Internet and high technology allows criminals to be virtually any place and victimize a person anywhere." Partnerships with federal law enforcement help investigate crimes across multiple jurisdictions or even international venues.

     "Today's agencies need to think regionally and consider collaborations and partnerships that haven't existed before, and look at pooling experience and resources to address high-tech issues," Harris stresses. If things remain status quo, he says the only thing certain in his mind is "criminals will get a much bigger upper hand than they ever had before" as they move into the high-tech world and few officers are trained to examine the trail of bytes they leave behind.

     Editor's note: At press time, a California news agency reported the Northern California Computer Crimes Task force had its funding restored and will reportedly resume operations on April 1.

     Ronnie Garrett served as the editorial director of the Cygnus Law Enforcement Group for 12 years. She can be reached at

Technological investigations training

     Several organizations provide high-tech crimes training to law enforcement, says Det. Randy Stone of the Wichita (Kansas) Police Department Computer Crimes Unit. These include:

  • National White Collar Crime Center (NS3C) offers a variety of cyber crime courses on topics that include identifying and seizing electronic evidence, cell phone examinations, online investigations and more. These inexpensive or free courses can be brought to the agency itself or taken at NW3C's headquarters in Fairmont, Virginia. To learn more visit

  • International Association of Computer Investigation Specialists (IACIS) is a private, nonprofit organization that offers computer forensics courses in a two-week training conference followed by a year-long certification process once officers leave. More information on IACIS training can be found at

  • SEARCH offers training at its National Criminal Justice Computer Laboratory and Training Center in Sacramento, California. Among its course offerings are a 32-hour basic computer crime course, an advanced search and seizure course for first responders, a cellular device investigation course, and a course on social networking sites. To learn more visit

  • Enhance your experience.

    Thank you for your regular readership of and visits to To continue viewing content on this site, please take a few moments to fill out the form below and register on this website.

    Registration is required to help ensure your access to featured content, and to maintain control of access to content that may be sensitive in nature to law enforcement.