Forensics tool lets Florida police gather digital evidence at the scene

Mobile system quickly pulls data from PCs, handhelds

Crimefighting in the 21st century involves an increasing amount of evidence popping up in electronic devices, everything from personal computers to smart phones and removable flash drives. But many police departments and law enforcement organizations have been relying on slow, lab-based 20th century methods that can take months to extract the evidence.

A new portable forensics technology is speeding up this process and making law enforcement more responsive to detecting and reacting to modern crime. Dell’s Mobile Digital Forensics system consists of a rugged laptop running software that allows police to quickly analyze and pull data from personal electronic devices. One example is the Plant City, Fla., Police Department.

Plant City is a community of about 38,000 people in Hillsborough County, east of Tampa. The city has a small police department consisting of 86 people, 68 of whom are police officers. This includes a detective unit and a street crimes unit, said Detective Kent Andrel. A 17-year veteran and certified forensics investigator, Andrel is half of the city’s two-person digital forensics unit, which was activated last year when the department adopted the Mobile Digital Forensics system.

The Mobile Digital Forensics system uses Dell Latitude E6400 XFR rugged laptops running the SPEKTOR forensic intelligence software developed by Evidence Talks. The system can identify and pull data from desktop computers, laptops and mobile phones, as well as from USB sticks and other external memory devices such as satellite navigation systems. “It’s another tool for law enforcement,” he said.

Before acquiring the Dell equipment, the police department relied on improvised equipment to read hard drives and electronics brought in as evidence, Andrel said. Dell helped to install the department’s computer forensics system. The new technology has cut casework time in half, he said.

The technology has been used in 14 forensics cases in the last year, five of which involved evidence from smart phones. Of these cases, four arrests were based on data pulled from hard drives and handheld devices. And one of those arrests could not have been made without the forensics technology, Andrel said.

Because the system is portable and can be used at a crime scene or an investigation, it allows detectives to pull data and analyze it quickly, usually within four to five days. Prior to using the Dell system, if the Plant City Police Department could not access data with its improvised systems, it would have to send the evidence to a larger city or state jurisdiction for analysis, Andrel said. The process could take as long as 12 to 14 months to get the analysis back.

“If I have a missing child and that evidence is on a computer, do you want to wait 12 to 14 months? Time could cost somebody’s life,” he said.

Besides speeding up the process, the digital forensics system also keeps the evidence in house. There used to be chain-of-custody issues because any confiscated electronics had to be sent to a laboratory in another jurisdiction.

The forensics equipment has also attracted interest from other jurisdictions. Plant City has been approached by other local, state and in-state federal agencies to help process evidence, Andrel said.

Dell’s offer to provide the forensics gear last year came at the right time for the department because it was in the middle of rebuilding its network infrastructure, Andrel said. The department’s old network consisted of 18 outdated servers. Because of the high cost of buying new servers, which can cost $4,000 and $8,000 a piece, the department decided to virtualize the system. Virtualization cut the number of in-house servers from 18 to three ESX hosted machines running VM Ware software.

The department also built a physical network separate from the main police network. These physical in-house servers operate the forensic data network and are completely separate from the virtual network, Andrel said.

In the future, Andrel said, the department will have to add more storage for archiving. “Digital evidence is going to need a lot of space,” he said.

Reader Comments

Tue, Jun 21, 2011

In many older cities, in spite of judges saying it is improper, it is SOP to arrest everyone at a crime scene, and let the detectives figure it out later. The cowed population mostly goes along with it. I am afraid that it will become SOP to do a data-dump of all electronic devices possesed by anyone near a crime scene, 'just in case'. We've already seen it in the high school confiscations of cell phones for the dirty pictures cases. What kid is gonna say 'No-get a warrant!' to a cop? And then the cops won't give the phones back. Collecting the data, instead of the phone, falls in same category- a fishing expedition.

Mon, Jun 20, 2011 Walter Washington DC

Sounds like a neat idea. I am not sure why they need so many servers for such a small police department. I am sure adding memory capacity will be easy enough. An archive system with tapes or flash memory for long term storage may do the trick for storing evidence, not sure what the current state of the art for that is anymore.

Fri, Jun 17, 2011 Anonymous America

What no one is commenting on here is the constitutionality of the way these officers are using this tool... There are already reports of police officers demanding victims of driving violations hand over cell phones and portable flash drives and draining them of data. Data which is sometimes confidential customer or company data which is also sometimes sensitive. They are doing all this WITHOUT A WARRANT. As great as these tools are, they are nothing more than weapons against the populace when the 'Blue Light Gang Members' break the same law they promised to uphold...

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above