More law enforcement agencies are doing more with less, but digital evidence keeps growing. Most people -- criminals included -- own more than one mobile phone, often tablets and GPS devices too. Many digital evidence labs are backlogged, if not by weeks then by months.
Some agencies are responding to these trends by asking their personnel to wear more hats: computer forensics tasked with mobile forensics, investigators tasked with some digital evidence analysis, even on a limited basis.
Therefore, asking for or obtaining all the evidence on every mobile device you seize is less and less realistic. The good news: improving your understanding of the evidence, and how to get it, can improve the job you do now and into the future. Here are three reasons to learn the language of mobile device evidence, and three ways to learn it.
Why get familiar with mobile evidence?
1. Build better cases, on your own or with others.
Mobile evidence is different from computer evidence because it is frequently more personal, containing information about a suspect’s or victim’s day-to-day activities, contacts, movements, and other details. This personal-ness makes it more important to get the data sooner, rather than risking an investigation stalled due to backlogs.
Your investigations turn up facts you can use to put digital evidence in context. Incident timelines and locations, other (non-digital) evidence, and the people who were immediately involved in the incident are all important pieces of information. Because much of the data on the device is likely not relevant to your case, use timelines to narrow down the text messages, call logs, GPS trackpoints, and other data.
All of this can help you to identify additional key people and the patterns of their lives, which enables you to develop leads when you need them. Not only can you find additional potential suspects, victims or witnesses; the information can improve your interview process when you question them. Needless to say, this can help you identify victims and eliminate suspects faster, too.
If or when you do have to rely on digital forensic specialists to obtain deleted, encrypted, or other hard-to-get data, being able to provide specifics to them -- everything from properly labeling each device, to the timelines and other context -- will reduce the amount of time it will take them to retrieve the data and get it back to you.
2. Prepare for courtroom testimony. Even the fundamentals of digital evidence and mobile forensics can help you, especially when it comes time to assist prosecutors in laying the groundwork for both direct and cross examinations.
Many prosecutors are savvy to the various issues with digital evidence, but nonetheless, being able to walk them through how you handled extraction and analysis -- and why you did what you did, what the evidence means to your case -- can improve their strategy for presentation. It also helps them to prepare for the defense’s strategy.
3. Career security.
Knowing digital evidence gives you a leg up in the workforce, too. Just as being able to talk in specifics helps you collaborate better with forensic specialists, it can do likewise with other investigators in your or neighboring jurisdictions or task forces.
It also improves your career development, whether laterally or upward. Moving from patrol to detectives, from detectives to a specialized unit, into a more senior position, or even into an agency with further-reaching jurisdiction can become more likely when you show you’re aware of the most important trends affecting your community.
How do you get proficient with mobile evidence?
Create Google Alerts on digital evidence-related keywords that will deliver new articles to your e-mail inbox. Subscribe to digital evidence blogs using mobile and browser apps like Feed.ly; other apps like Zite, Flipboard, Pulse and Google Currents help you find new articles about digital forensics.
Become certified to an appropriate level of skill you need for your position. Tool vendors all provide specific training and certification on their extraction and analysis capabilities; vendor-neutral training is available from for-profit, nonprofit, and government-backed organizations. Look at the Federal Law Enforcement Training Center (FLETC); the National White Collar Crime Center (NW3C); SEARCH, the National Consortium for Justice Information and Statistics; and the Internet Crimes Against Children task force network, among others.
Make friends with agency experts. Join local high-tech crime investigators’ organizations, whether international or regional. Make connections to other professionals on LinkedIn. Attend conferences where digital evidence specialists gather, and/or attend digital evidence-related lectures at law enforcement conferences.
Digital evidence can be confusing and even intimidating, but it’s like exercise: even incremental changes can make a difference in your professional health. Take one step at a time, each month for the next 12 months to improve your proficiency, and you won’t regret the effort.