By John Ahearne, Forensic Analyst When data is is needed for use as evidence, it…
By Dr. Jim Kent
History and fiction are filled with colorful stories of famous investigations and the skills that ultimately solved high-profile crimes. Much has changed since the city of Philadelphia established the first paid daytime police force in 1833.1 What has not changed is the fundamental approach to solving crimes: The investigative process of gathering information, evaluating the evidence collected, and sharing the intelligence gained leading to a resolution.
Today’s investigative teams are buried under a mountain of digital data that comes from an increasing number and variety of sources. As the quantity of potential evidence continues to grow, some might yearn for a simpler time before the latest advances in technology; especially since criminals have become quite efficient at using these tools to hide their crimes and evade detection and prosecution. The communication revolution has brought us an onslaught of data. But technology can also add speed, flexibility, scalability, teamwork and actionable intelligence to the forensic process.
Power of Technology
With traditional methods, investigators must examine each and every data source individually. This requires an enormous time commitment which will only worsen as the volumes of data rise. This method severely limits investigators’ ability to compare information, because they must make all the correlations manually after extracting the relevant intelligence from individual evidence sources. When there are numerous suspects, each with multiple evidence sources, it is practically impossible to identify valuable connections between the various elements in an investigation. This in turn hinders efforts to prove intent or collusion and close the case.
The latest forensic technologies are vastly improved over the traditional tools and workflows. These technologies enable investigators to combine multiple evidence sources into a single repository and examine them all simultaneously to reveal connections across the entire investigation. This frees investigators from hours of menial work so they can focus their brainpower on solving cases.
Gaining this powerful perspective shaves off significant time from the laborious procedures of the past. And, with this comprehensive insight comes the recognition that this evidence set might only be a piece of a bigger picture. The complete answer might well reside in other investigations at a different agency, office, location or country.
Many law enforcement agencies recognize the tremendous value of sharing intelligence internally and externally, but are challenged by limited budgets and resources. Traditional investigative methods have made it difficult to share information among the same team working a single investigation. Trying to compare findings across multiple investigations and between agencies presents nearly insurmountable obstacles.
Thanks to the latest technological innovations, investigators can work smarter rather than harder. They are now empowered to share intelligence, collaborate across jurisdictional and geographic boundaries, and uncover the smoking gun from massive collections of evidence. They can share individual intelligence items or entire collections of evidence with other investigators, technicians, subject matter experts and external agencies anywhere in the world.
Advanced investigative tools use a “named entities” model to extract intelligence items such as personal or company names, e-mail addresses, IP addresses, and credit card or passport numbers. Investigators can instantly compare which suspects have those items in common across all the evidence sources in the case. Typically they can also identify who shared what, with whom, and when.
It is then a simple matter to compile and share libraries of intelligence related to investigations. Agencies can assemble lists of relevant names, e-mail addresses, phone numbers, bank account numbers, or other intelligence items and search any available evidence sources for those lists. These lists are easy to share with investigators at other agencies, who can quickly search their case files for the same items to see if any connections emerge.
Collaboration is the Key
The most efficient means of solving cases is through collaboration. Law enforcement agencies need an efficient framework to support this.
Once again, advanced technology has the answer. The ability to spread the digital evidence review workload among investigative team members means they can complete the process faster. Dividing the workload among technical specialists means evidence is reviewed by those most qualified to understand the context. For example, investigators could pass on financial records to forensic accountants, internet activity to technical specialists, or suspect images to specialist child protection teams.
Visualization Plays a Vital Role
Complementing these innovations are data visualization and analytics tools that accelerate identification of the items most relevant to the case.
Adding visualization to the toolset enhances review of large volumes by visually representing the data to speed identification of connections and key facts critical to the case.
Through visualization techniques, investigators can analyze relationships between items, see frequency of data over the entire case, review content in chronological order, view connections between people and items, and understand how data overlaps and pinpoint critical intersections.
Combining analytical techniques can help filter the entire data collection to concentrate the review on a certain category of evidence; assessing only email messages from a specific date range that contain credit card numbers, for example. Investigators gain advantage by using link analysis which automatically tallies and displays connections, oftentimes finding relationships between seemingly unrelated people and events; and a timeline view displays the order of occurrences.
What About Forensics?
Forensic analysis is a critical component of any investigation. The latest technological innovations actually reinforce the importance of in-depth analysis in examining critical evidence and preparing for presentation in a courtroom. Rather than spending countless hours conducting deep forensic examinations on every artifact, these new techniques speed the investigation by quickly ruling out unrelated data and narrowing the focus on items central to the case. This critical evidence can then be scrutinized with an in-depth forensic analysis, particularly for provenance and authenticity that satisfies the requirements of courts and authorities.
1. Criminal Investigation, Chapter 1: The Evolution of Criminal Investigation and Forensic Science, McGraw-Hill,http://highered.mheducation.com/sites/0078111528/information_center_view0/sample_chapter_1.html
Read more athttp://www.forensicmag.com/articles/2015/04/uncovering-smoking-gun-team-effort