Forensics tool lets Florida police gather digital evidence at the scene
The Plant City, Fla., Police Department is using a mobile digital forensics tool that enables officers to quickly pull data from computers and other personal electronics.
Crimefighting in the 21st century involves an increasing amount of evidence popping up in electronic devices, everything from personal computers to smart phones and removable flash drives. But many police departments and law enforcement organizations have been relying on slow, lab-based 20th century methods that can take months to extract the evidence.
A new portable forensics technology is speeding up this process and making law enforcement more responsive to detecting and reacting to modern crime. Dell’s Mobile Digital Forensics system consists of a rugged laptop running software that allows police to quickly analyze and pull data from personal electronic devices. One example is the Plant City, Fla., Police Department.
Plant City is a community of about 38,000 people in Hillsborough County, east of Tampa. The city has a small police department consisting of 86 people, 68 of whom are police officers. This includes a detective unit and a street crimes unit, said Detective Kent Andrel. A 17-year veteran and certified forensics investigator, Andrel is half of the city’s two-person digital forensics unit, which was activated last year when the department adopted the Mobile Digital Forensics system.
The Mobile Digital Forensics system uses Dell Latitude E6400 XFR rugged laptops running the SPEKTOR forensic intelligence software developed by Evidence Talks. The system can identify and pull data from desktop computers, laptops and mobile phones, as well as from USB sticks and other external memory devices such as satellite navigation systems. “It’s another tool for law enforcement,” he said.
Before acquiring the Dell equipment, the police department relied on improvised equipment to read hard drives and electronics brought in as evidence, Andrel said. Dell helped to install the department’s computer forensics system. The new technology has cut casework time in half, he said.
The technology has been used in 14 forensics cases in the last year, five of which involved evidence from smart phones. Of these cases, four arrests were based on data pulled from hard drives and handheld devices. And one of those arrests could not have been made without the forensics technology, Andrel said.
Because the system is portable and can be used at a crime scene or an investigation, it allows detectives to pull data and analyze it quickly, usually within four to five days. Prior to using the Dell system, if the Plant City Police Department could not access data with its improvised systems, it would have to send the evidence to a larger city or state jurisdiction for analysis, Andrel said. The process could take as long as 12 to 14 months to get the analysis back.
“If I have a missing child and that evidence is on a computer, do you want to wait 12 to 14 months? Time could cost somebody’s life,” he said.
Besides speeding up the process, the digital forensics system also keeps the evidence in house. There used to be chain-of-custody issues because any confiscated electronics had to be sent to a laboratory in another jurisdiction.
The forensics equipment has also attracted interest from other jurisdictions. Plant City has been approached by other local, state and in-state federal agencies to help process evidence, Andrel said.
Dell’s offer to provide the forensics gear last year came at the right time for the department because it was in the middle of rebuilding its network infrastructure, Andrel said. The department’s old network consisted of 18 outdated servers. Because of the high cost of buying new servers, which can cost $4,000 and $8,000 a piece, the department decided to virtualize the system. Virtualization cut the number of in-house servers from 18 to three ESX hosted machines running VM Ware software.
The department also built a physical network separate from the main police network. These physical in-house servers operate the forensic data network and are completely separate from the virtual network, Andrel said.
In the future, Andrel said, the department will have to add more storage for archiving. “Digital evidence is going to need a lot of space,” he said.