There is an evolutionary component to crime.
The endless game of cops and robbers has always had a back-and-forth nature, with both sides trading clues as they learn to outsmart the other while avoiding the same fate.
But as technology, including cell phone technology, has advanced, so have the digital and cyber elements of crime and the investigations of those crimes.
“It’s always a foot race,” said Gillette Police Detective Cpl. Dan Strop. “But it’s a foot race between us and the bad guys, and it’s a foot race between us and the tech companies.”
As the crimes have evolved, so have the investigations to solve them.
Technology has always played an important role in this evolutionary process. As mobile phones have become increasingly entrenched in everyday life, their pervasiveness has helped law enforcement solve crimes through previously unattainable evidence.
The information from the phones could guide the investigation towards simple but often difficult to answer questions about who, what, when, where and why. Perhaps a photo proves that a person was or was not in a particular place at a particular time. Or maybe the geolocation of that photo contradicts an alibi.
Perhaps, as in a series of burglaries that occurred at Gillette in 2016, the suspect’s phone could provide Google search history that revealed he searched for “Gillette Police Department Domino’s burglary” shortly after the burglary occurred. crime, but before it was publicly reported.
“We were able to say ‘We don’t know if he was there, but we know his phone was there,’” Stroup said. “Nobody goes anywhere without their phones.”
Or in the 2016 3-year-old homicide case, when cellphone data showed the suspect did Google searches around the time the crime occurred, asking detailed questions about possible specific injuries.
While researchers may know that crucial information resides within the memory chips and cloud-based servers associated with a cell phone, gaining permission to search and having the ability to break in complicates the task.
Stroup began working with the Gillette Police Department’s computer forensics unit when he joined the force around 2008. Since then, the role of cell phones in committing and solving potential crimes has changed dramatically.
“As time has gone on, it has been simpler and more difficult at the same time,” Stroup said. “When we started doing all this, there were countless different types of cell phones.”
Motorola, Kyocera, Blackberry and many other phone brands come with their own proprietary protections, making accessing each one its own unique puzzle to solve, but also much less complicated than modern phone security.
There are now two much more sophisticated phone systems: Android and iOS.
“While that has gotten simpler, the devices themselves have gotten more complex,” Stroup said.
When he started working in computer forensics, which encompasses mobile phone forensics, the information available on mobile phones was relatively rudimentary.
Phone records might provide call logs, text messages and contact lists that helped with drug investigations and some other crimes, but they fell far short of the wells of information people now carry in their pockets.
It’s just a matter of taking advantage of them.
“In older phones, there was no such thing as a padlock,” Stroup said. “Now, with some of the devices, they are virtually impossible to crack. Getting access to the devices has been a huge challenge.”
For law enforcement, there are multiple obstacles to gaining access to the contents of a suspect’s cell phone.
Getting permission to search phone records is the first hurdle.
Detectives have to build a probable cause nexus, providing reasons why they believe the phone contains evidence related to the alleged crime in question.
“The way (phones) are now, you’re packing a filing cabinet, your gun safe, all your photo albums, you’re packing everything into this phone,” Stroup said. “Intrusion into privacy really needs to be looked at.”
Search warrants are requested in most major cases that come through the Gillette Police Department, Stroup said.
“And we’re very careful about that,” he said. “We don’t want to lose any evidence, because there is very good evidence on some of those phones.”
Then there is the challenge of getting into the locked phone.
“I can get an arrest warrant all day, but if I can’t unlock the phone, there’s not much I can do with it,” he said.
Stroup referenced a 2015 terrorist attack in San Bernardino, California, where Apple denied federal law enforcement access to iPhones belonging to the perpetrators. That served as an early example of today’s dilemma of balancing protection of personal privacy with what can sometimes be a matter of public safety.
Hence the foot race between criminals, law enforcement and technology companies.
While they may not get much help from tech companies, advances in privacy protection and encryption have been met with increased awareness and ability to overcome those barriers.
“There are a lot of different ways to get into a phone other than a password,” Stroup said.
Beyond the officer and detective cubicles located within the Gillette Police Department, a soft hum comes from behind an inconspicuous door.
The room behind that closed door looks like a closet, sounds like a fan, and houses high-end computing power and sophisticated software that opens and filters the thousands of pieces of information contained in phones and hard drives.
“This is where it all happens,” Stroup said.
Stroup and Officer Jeremiah Wagner, both in charge of the computer forensics team, are the only ones with keys to the modest lab with a large computer tower and two monitors on a table. The rest of the room is storage for older machines, full or nearly full hard drives, and outdated computer manuals for older versions of Windows and iMacs.
Once they get the phone and permission, they start figuring out how to filter all of your content.
“Most of the time, you’re not attacking the data from the front end,” Stroup said.
First they migrate the data from the phone to the computer, the Forensic Recovery Evidence Device, or FRED, then it comes down to sifting through what can sometimes be hundreds of thousands of nuggets of information. Those nuggets, known as “artifacts,” include everything from phone contacts and pictures, to past Bluetooth networks and geolocations from photos taken.
Even the ridiculous cartoon avatars of downloaded, deleted and forgotten cell phone games find their way into the ocean of information extracted from the device.
It’s a mountain of work for the detectives trained to prosecute it, which makes it even more daunting for the other officers or detectives working on the case. Before returning to them, first go through Stroup.
“I am the filter,” he said.
The software they use, from Magnet Forensics, collects those artifacts and creates a searchable database to narrow down the field to points of interest for investigation.
Stroup and Wagner view and categorize information from a desktop monitor screen. The software can filter information and data points in all kinds of cubes, flagging artifacts recognized by keywords like “weapon,” “drugs,” or “bedrooms.”
“It’s terrifyingly accurate,” Stroup said.
There’s a keyword feature to narrow down relevant messages or even credit card numbers, and a filter that checks colors for skin tones, pulling out photos that may be relevant to child exploitation cases.
Once collected, the information examined can be condensed into “portable cases” that are given to officers working on the case or presented as evidence. “Portable cases” can be printed as paper reports or displayed similar to websites, to present videos or other evidence.
Criminal cases have been won and lost based on tedious searching through thousands of pieces of information, often unknowingly collected and stored while in someone’s pocket.
Both criminals and police officers have adapted to the rapid speed that technology has evolved over the years. Meanwhile, as cell phones have become more integrated into daily life, they have doubled as repositories of the minute details of their users’ existence.
Whether it’s in the cloud or on your phone, that information is hard to hide.
“Most of the time, the adage ‘Once it’s out there, it’s out there,’ is true.” Strop said.
Over time that adage has evolved. It is true that once digital information is created, it is often out of the control of its creator.
But now more than ever, once it’s there, it can be found.