Build Stronger Cases with Mobile Device Link Analysis



Similar documents
How To Solve A Violent Home Invasion With A United Force

SIMPLIFYING THE COMPLEXITY OF MOBILE DATA FORENSICS

WYNYARD ADVANCED CRIME ANALYTICS POWERFUL SOFTWARE TO PREVENT AND SOLVE CRIME

Evaluating Mobile Forensics Training & Certification Programs: 5 Questions to Ask

TESTIMONY OF COOK COUNTY STATE S ATTORNEY ANITA ALVAREZ SENATE JUDICIARY SUBCOMMITTEE ON HUMAN RIGHTS AND THE LAW

To do Justice, as no one is above the Law nor beneath its protection.

10 Victims and the law 57

d CRIMINAL INVESTIGATION ADMINISTRATION OF JUSTICE 5 Spring 2015

CENTRAL TEXAS COLLEGE SYLLABUS FOR CRIJ 2314 CRIMINAL INVESTIGATION. Semester Hours Credit: 3

Applications of GIS in Law Enforcement. John Beck Global Law Enforcement Manager Esri 12/10/2014

Classification scheme Criminal law and criminology (STR)

Making critical connections: predictive analytics in government

Siebel for Investigative Case Management. An Oracle White Paper August 2007

Digital Forensics for Attorneys Overview of Digital Forensics

OVERVIEW OF THE MULTNOMAH COUNTY DISTRICT ATTORNEY'S OFFICE

Crime Location Crime Type Month Year Betting Shop Criminal Damage April 2010 Betting Shop Theft April 2010 Betting Shop Assault April 2010

Decades of Successful Sex Crimes Defense Contact the Innocence Legal Team Now

FROM CHARGE TO TRIAL: A GUIDE TO CRIMINAL PROCEEDINGS

January 26, 2015 Presented by Rose Mukhar, Pro Bono Attorney

OFFICE OF DAKOTA COUNTY ATTORNEY JAMES C. BACKSTROM COUNTY ATTORNEY

IBM Content Analytics: Rapid insight for crime investigation

Delivery Plan

Adult Criminal Justice Case Processing in Washington, DC

Computer Forensics: an approach to evidence in cyberspace

Key Crime Analysis Data Sources. Crime

DISQUALIFICATIONS. What is a disqualification?

MASTERS DEGREE IN CRIMINAL JUSTICE

Texas Highway Safety Operations Center: Using Data to Combat Crime, Crash, and Traffic Enforcement Issues

DELAWARE COUNTY TREATMENT COURT APPLICATION

Education & Training Plan Criminal Investigation Professional Certificate Program with Externship

Security and Law Enforcement Community of Interest 1811-Criminal Investigating Career Road Map

Making Critical Connections: Predictive Analytics in Government

THE TOP TEN PERCENT: Targeting the Top Ten Percent of Pawners

CRIMINAL LAW AND VICTIMS RIGHTS

GUIDANCE Implementing Section 176 of the Anti-social Behaviour, Crime and Policing Act 2014: Lowvalue

REPORTING AN OFFENCE TO THE POLICE: A GUIDE TO CRIMINAL INVESTIGATIONS

CMJ CRIMINAL INVESTIGATION Spring Syllabus 2015

Crime Mapping and Analysis Using GIS

Law, Public Safety, Corrections and Security Career Cluster Criminal Investigations Course Number:

LAW-ENFORCEMENT RECORDS and the FREEDOM OF INFORMATION ACT

FLORIDA STATE UNIVERSITY POLICE DEPARTMENT Chief David L. Perry

Maricopa County Attorney s Office Adult Criminal Case Process

1342) Prerequisit. cies. Investigative interview and C9, F9,) interviews. research, the. C. Sketching. the Crime and students. Scene.

APPENDIX A Quick Reference Chart for Determining Key Immigration Consequences of Common New York Offenses

Overview. The TriTech Solution TriTech s Inform RMS is a proven, robust, multi-jurisdictional records management system.

COMMONWEALTH OF MASSACHUSETTS THE TRIAL COURT STANDING ORDER NO (AMENDED)

Nebraska Law Enforcement Training Center

CMPD s Predictive Crime Analytics Implementation. Harold Medlock Deputy Chief Charlotte-Mecklenburg Police Department

Criminal Law. Month Content Skills August. Define the term jurisprudence. Introduction to law. What is law? Explain several reasons for having laws.

LAW ENFORCEMENT OFFICER, GS

Bail and Remand The Scottish Executive Action Plan

COMMITTEE ON LEGISLATIVE RESEARCH OVERSIGHT DIVISION FISCAL NOTE

NUIX WHITE PAPER THE INVESTIGATIVE LAB: A MODEL FOR EFFICIENT COLLABORATIVE DIGITAL INVESTIGATIONS WHITE PAPER

C RIMINAL LAW O V E RVIEW OF T H E T E XAS C RIMINAL J USTICE P ROCESS

HOW A TYPICAL CRIMINAL CASE IS PROSECUTED IN ALASKA

2015 Campus Safety and Security Survey. Screening Questions

COMMUNITY PROTOCOL FOR DOMESTIC VIOLENCE CASES

Police Officers who Commit Domestic Violence-Related Criminal Offences 1

Services. Computer Forensic Investigations

STATE OF NEVADA Department of Administration Division of Human Resource Management CLASS SPECIFICATION

SAMPLE Memorandum of Understanding (MOU) Blueprint for Safety Participating Agencies. Community:

The Well-Rounded Investigator

Kroll Ontrack Data Analytics. Forensic analysis and visualization of complex data sets to provide intelligence around investigations

Victim Witness Assistance Program

Tarrant County College Police Department

Compensation for Crime Victims

Information for Crime Victims and Witnesses

Court, School and Law Enforcement Collaborative Task Force: Guidelines for Schools in Contacting Law Enforcement Appendix A

Deputy District Attorney Tammy Spurgeon Orange County District Attorney Office

CASE STUDIES. Examples of analytical experiences detecting fraud and abuse with. RiskTracker. Account Activity Analysis System

The Art of Trial Advocacy: Integrating Your Theme & Theory Into All Aspects of Your Trial

HIRE A SPECIALIST ALWAYS FIGHTING FOR THE ACCUSED

Jail, Warrants and Court Security

YOSEMITE REGIONAL OCCUPATIONAL PROGRAM CRIMINAL JUSTICE

DISTRICT ATTORNEY S OFFICE OCTOBER 1 ST, BUDGET

Name of Nominee: Vanessa Snyder. Nominee's Telephone: Nominee's Name of Nominator: Clayton Solomon

POWERFUL SOFTWARE. FIGHTING HIGH CONSEQUENCE CYBER CRIME. KEY SOLUTION HIGHLIGHTS

Perry Housing Partnership Transitional Housing Program APPLICATION FOR ADMISSION

CHAPTER. What is Criminal Justice? Criminal Justice: Criminal Justice: Criminal Justice: What is the Definition of Crime?

WHERE WILL MY CRIMINAL CASE BE DEALT WITH AND WHAT HAPPENS?

How To Be A Computer Forensics Examiner

2015 Campus Safety and Security Survey. Screening Questions. Institution: Main Campus ( ) User ID: C

How To Become A District Attorney In Texas

JURY QUESTIONNAIRE [PLEASE PRINT]

Greenwood County, SC Job Description

INSTRUCTIONS FOR COMPLETING THE U VISA CERTIFICATION FORM

Transcription:

White Paper Build Stronger Cases with Mobile Device Link Analysis How data from mobile devices reveals the patterns of life that can make for stronger proactive and reactive investigations - on the street and in the courtroom

Link analysis and data visualization are commonly associated with large, complex cases: the many hundreds of people and events connected to Bernie Madoff s Ponzi schemes, for instance, or the networks of organized crime families, drug cartels, street gangs and terrorists. Yet link analysis can also have narrower, more localized meaning. Prescription drug diversion, home methamphetamine manufacturing, prostitution rings, and crimes against persons or property (including violent and serial offenses) are just a few examples of criminal activities that involve small networks or often just two or three people. By connecting data from suspects and victims contacts, communications and locations, investigators can discern those subjects patterns of life - and the disruptions in those patterns - that can make their cases stronger. For these types of cases, large scale link analysis tools are unwieldy, cost prohibitive and require specialized training. Law enforcement requires a scaled-down tool to analyze only the most important information about suspects, accomplices and victims. Mobile device link analysis is this tool. By connecting data from suspects and victims contacts, communications and locations, investigators can discern those subjects patterns of life - and the disruptions in those patterns - that can make their cases stronger. From digital footprints to digital trails Any investigation relies on human behavior patterns. By linking and cross-referencing disparate data, you can deduct actionable information. UNUSUAL PATTERNS REVEAL CLUES Even anomalies - changes from normal communication and travel patterns - can have significance when analyzed in the context of an entire timeline. Pre-incident anomalies can show preparation or trigger events. Post-incident anomalies might be linked to cover-up activity. And unusual behavior at the time of the incident can show potential direct involvement, whether as a suspect, victim, or key witness. Timelines, links graphs and maps can provide investigators with a birds-eye view of ongoing behavior or deviations from normal behavior. By combining data from several people s devices, you can see not just sent and received communications (as well as the frequency and modes of communication such as calls or SMS); the links between those devices can reveal direct and mutual relationships among people. Coupled with timelines, those communications can show who communicates the most with your subjects, how they do it, and when they do it. Likewise location patterns, which can show commonalities between subjects and the places they visit. Any investigation relies on human behavior patterns. By linking and cross-referencing disparate data, you can deduct actionable information. These digital trails can provide leads which investigators may not otherwise have uncovered. The arrest of three accomplices may lead to a fourth, for example. Or, link analysis may assist the interview process by providing investigators with the links, timelines, maps and related communications that can help direct an interview or interrogation. In addition, many criminals carry more than one mobile device to cover their criminal activity. Link analysis can construct timelines of the call logs, SMS and other communications, along with GPS and social networking posts, across devices to create a fuller picture of the suspect s range of activity and contacts. 2

Reconstructing patterns that led to a crime Mobile device data can help reconstruct a suspect s and victim s movements, and communications in major crimes, serial crimes and group-perpetrated crimes. Violent Crimes Prior to any violent crime, the individuals, places and events in suspects and victims lives fit a routine that identifies them, a norm from which people typically don t deviate. For example, investigators may wish to establish sexual harassment, domestic or dating violence - whether constant or escalating - through several weeks or months worth of abusive text messages and repetitive phone calls. Likewise, cell phones and GPS devices owned by stalkers and their victims can be compared. In-common locations can bolster a case against a stalker, as can the frequency of one-way communication from suspect to victim. Repetitive or abusive communications that end abruptly, coinciding with a victim s death or disappearance, can help identify a suspect. Police may start by analyzing the victim s phone, GPS device or tablet, then linking that analysis with the extraction from the suspect s device(s). A homicide victim s patterns may become anomalous hours or days before death. Communications or travels that are unusual, either in their frequency or people contacted, can provide important leads. Data from one or more suspects phones, linked to patterns from the victim s phone, can provide additional clues - incriminating or exculpatory. Pattern Crimes Different patterns emerge when it comes to conspiracies and/or serial property crimes like burglaries, vandalism, arson and retail theft, all of which often involve more than one suspect. In these types of cases, the patterns may first be identified by crime analysts, whose job it is to mathematically predict likely next targets. Police who make successful arrests based on these analytics can then compare previous activities with their suspects mobile device data. In burglaries or robberies, one or more suspects may case the target location prior to committing the offense, and may also call or text associates from the location at the time of the offense. Log files, GPS and social location-based services can show this activity. Any communications among accomplices in the days or weeks leading up to the crime can also be linked and analyzed, on their own and as part of an incident timeline. Arson, theft and vandalism suspects may take images or even video of the property they stole or damaged. They may send these images to one another or to social media profiles. Connecting these images as part of a pattern - especially if that pattern has already been identified as part of predictive crime analytics - can strengthen the case against them. Prior to any violent crime, the individuals, places and events in suspects and victims lives fit a routine that identifies them, a norm from which people typically don t deviate. Overlaid on predictive crime analytics such as maps with cones of probability, angles of change, time-and-date tactical analysis, and other tools in a crime analyst s kit, communication patterns can establish that suspects actual movements fit the statistical probability of their being at a particular location at a particular time. Thus, detectives can show that their suspects are definitively linked to ongoing crime problems in their community. This can strengthen cases and can heighten the likelihood of prosecution. 3

Linking as part of long-term planning Mobile device link analysis can be applied proactively, too. In many communities, hotspots of prostitution, property crimes or other criminal activities can be persistent. They may recur despite consistent targeted enforcement, or shift to other areas. Identifying the people involved in these recurrent crimes may be the key to stopping them. Crime analysts create comprehensive predictive analytics to help police figure out how to deploy resources; police can get more mileage out of their deployments by analyzing any mobile device data they obtain as part of search incident to arrest. Police can get more mileage out of their deployments by analyzing any mobile device data they obtain as part of search incident to arrest. During a prostitution sweep, for instance, police might extract data from a number of prostitutes mobile phones. In-common calls or text messages to and from one particular person might point to a pimp or madam. That person s device, in turn, could provide links to other prostitutes or even other criminal activities he or she may be involved in, such as narcotics or broader human trafficking activities. Just as predictive analytics make it easier for police to deploy resources, proactive link analysis can help police plan where to find a subject for field interviewing or even arrest. Another form of proactive link analysis is using received data, such as geotagged images or other geolocation data, to discern where a suspect is likely to be at some future point: a favorite bar visited every Friday night, for instance, or at a friend s or relative s house every Wednesday morning. Again, consistent data from multiple devices can provide a clearer picture of a lead s locations and activities. Just as predictive analytics make it easier for police to deploy resources, proactive link analysis can help police plan where to find a subject for field interviewing or even arrest. Finally, criminals connected to one another may have a common code or language they use among themselves. The information within their text messages may contain key words and phrases, which police can use for future forensic analyses: within forensic software s watch lists, for instance, or as part of search and filter tools on future devices seized as part of an ongoing investigation. TAKING LINK ANALYSIS TO COURT One of the most critical pieces of automated link analysis is its value in court. Explaining the concepts for patterns of life, anomalous activities, timelines, and common locations is easier when judges and jurors can see for themselves how defendants acted before, during, and after an incident. Just as importantly, an automated link analysis is much more accurate than a manual process. No human can parse the thousands of data points representing contacts, calls, text messages, locations and other links. This can cast doubt on the veracity of an investigator s interpretation of data. 4

Integrating link analysis into existing workflows So, who does the analysis? It depends on the agency or task force, individual competency and mandates. More specifically, the agency s size, resources, and internal political structure determine who primarily owns data analytics. For example: In many organizations, investigators perform all forensic and analytical work themselves: from identifying suspects to writing search warrants, to digital forensics to report writing and, if necessary, testifying in court. Link analysis may become a natural part of this workflow, when the case warrants it. In larger agencies or task forces, as well as in the private sector, forensic examiners deal with all digital evidence and simply present a report to investigators when they are through. In these organizations, a forensic examiner who can analyze extracted data for possible links may make sense. In other organizations, data analysis is part of neither forensic examiners nor investigators workflows. Here, crime analysts have the expertise to crunch data related to crime trends and hotspots, and on whom investigators already rely for proactive and reactive support. They can be a one stop shop at trial to show how all the data from a crime or crime pattern fits together. Professionals in all these groups may question whether link analysis saves or costs time. Although there is no question about the value of any methodology that can reduce investigative cycles, vast swaths of digital data have become burdensome for everyone, regardless of who manages it. In larger agencies, crime analysts may require forensic examiners to work with investigators so that they can focus on patrol support. But backlogged forensic examiners may in turn ask analysts to work with investigators. The agency s size, resources, and internal political structure determine who primarily owns data analytics. In many cases, investigators have no access to either crime or forensic analysts. Even if they do, they may be unable to wait for their analysts to return results to them. They may perform much of their own analytic work. No matter who or how many perform the analysis, it is crucial to set investigative goals, prioritize tasks, and triage data. The investigator managing the case must take the lead on this activity. Supervisors could assign one person to handle mobile link analysis on a part-time basis, regardless of where the organization that person works. Or, investigative and analytical professionals could find themselves needing to negotiate. Crime analysts or forensic examiners may be willing to assist with high-profile case analytics, for example, while asking investigators to perform their own analysis on more routine cases. No matter who or how many perform the analysis, it is crucial to set investigative goals, prioritize tasks, and triage data. Regardless, the decision should be based on time savings. Timeline analysis can be done manually, for example, by merging call logs and SMS records from multiple devices into a single spreadsheet. But this could take many hours and would not provide a graphical representation of the timeline for easy presentation in court. It also raises the risk of human error, which in turn could raise doubts about the analysis accuracy. Tower data can be overlaid onto a map to show travel patterns, but this too can be painstaking work. And hours spent interrogating a suspect about his relationship to other suspects or victims may result in misleading or no information. A good mobile link analysis tool automates these processes, shortening both analytical and investigative cycles and thus making it easier to decide who should own the mobile data analytics in any organization. 5

Getting more out of your UFED extractions with UFED Link Analysis UFED Link Analysis is a versatile investigative tool that can be used both proactively and reactively to visually identify suspect and victim patterns of life and the anomalies that can indicate guilt or complicity in a range of cases. In any situation where investigators need this information within a limited period of time - working on their own or in conjunction with digital forensic examiners or crime analysts - this streamlined solution can provide better leads for investigators to follow up on, and better prima facie evidence that can ensure a conviction. Unlike analytic solutions that connect data from many different sources, UFED Link Analysis focuses on data that comes solely from mobile devices. It was built to help identify non-complex, low-level criminal networks such as local drug networks, prostitution rings, property crimes conspiracies and the like. It can also assist after the fact with violent or major crimes investigations, linking victims to suspects in homicides, rapes, assaults and the like. By analyzing data extracted from any of the thousands of mobile devices already supported by the UFED platform, UFED Link Analysis improves investigators likelihood of finding important leads. An analysis that could otherwise take days or weeks - and result in an end product with questionable accuracy - can be done in minutes and result in complete accuracy. UFED Link Analysis reporting is appropriate not only for intelligence and investigation building, but also for supporting courtroom testimony, as it clearly shows information in easy-to-understand visual formats. About Cellebrite Cellebrite is the world leader in delivering cutting-edge mobile forensic solutions. Cellebrite provides flexible, field proven and innovative cross platform solutions for lab and field via its UFED Pro and UFED Field Series. The company s comprehensive Universal Forensic Extraction Device (UFED) is designed to meet the challenges of unveiling the massive amount of data stored in the modern mobile device. The UFED Series is able to extract, decode, analyze and report data from thousands of mobile devices, including, smartphones, legacy and feature phones, portable GPS devices, tablets, memory cards and phones manufactured with Chinese chipsets. With more than 30,000 units deployed across 100 countries, UFED Series is the primary choice for forensic specialists in law enforcement, military, intelligence, corporate security and ediscovery. Founded in 1999, Cellebrite is a subsidiary of the Sun Corporation, a publicly traded Japanese company (6736/JQ) To learn more, visit www.cellebrite.com For more information contact sales 2015 Cellebrite Mobile Synchronization LTD. All rights reserved. 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information