Internet Child Exploitation Unit (ICE) turns to OpenText EnCase Forensic to close cases faster and prosecute more offenders.
When child exploitation materials are uploaded to the Internet, websites often report those uploads to the National Center for Missing and Exploited Children (NCMEC) in the United States. If it is determined the upload of the exploitation material originated in Alberta, Canada, ICE gets called into action.
The Internet Child Exploitation (ICE) Unit, part of the Southern Alberta Law Enforcement Response team in Canada, is one of many agencies across North America that investigates offences related to the exploitation of children over the Internet that originate in the province of Alberta. This could include but is not limited to: the possession, distribution, importation and manufacturing of any child pornography and any computer-related child sexual abuse materials; luring children over the Internet; and voyeurism involving victims under the age of 18.
In addition to working with Canadian law enforcement units, ICE works closely with other law enforcement agencies in North America, including the FBI and Department of Homeland Security. Within the last year, in Alberta alone, ICE conducted 25 child interventions, identified 976,569 child exploitation photos/videos, seized 1,494 exhibits and devices and analyzed 153TB of data.
Typically, when a law enforcement agency is called upon to investigate a crime, they set about doing a background investigation on the subject and obtain a warrant that allows them to seize digital devices from the suspect’s possession. Because of the proliferation of electronic devices such as mobile phones, laptops, tablets and all of the other devices associated with the IoT (internet of things), forensic examiners and investigators are tasked with collecting numerous devices when investigating crimes and wading through the information on those devices to determine what information is applicable as potential evidence in their case. Often, suspect devices are taken from the crime scene to labs for analysis.
The process from evidence collection to reporting and prosecution can be a long one. To help bring their cases successfully to closure, investigators and examiners need tools that help them to quickly and reliably collect, analyze and store digital evidence that can be used in the arrest and prosecution process.
As an example, when ICE received a complaint about an unknown subject who was suspected of assaulting a young female, they searched his house and found 25 electronic devices that were likely to contain information relevant to their case. Needing to quickly identify potential digital evidence at the scene and obtain the information to effectively interview the suspect, they turned to OpenText EnCase Forensic Software. Designed for law enforcement, government agencies and corporations, EnCase Forensic provides the ability to quickly and reliably preview, collect and analyze relevant digital evidence.
“We use OpenText EnCase every day on every case we establish,” said Allen LaFontaine, Forensic Examiner with the Southern Alberta Internet Child Exploitation Unit. “In this particular case, thanks to EnCase, we were immediately able to determine that only 3 of the 25 devices we seized contained evidence relevant to our case, saving us precious time and resources in the investigation process,” said LaFontaine.
One of the issues facing the ICE team is the lengthy investigation process. It can be weeks or even months from the time they get the complaint, secure the warrants, seize devices, collect and analyze evidence, and prepare reports for investigators, attorneys and judges. “We need to be able to trim that down to hours or days in order to bring offenders to justice sooner and close more cases”. Examiners are also concerned about the efficiency of the evidence collection and analysis process. “Ideally, we’d want to have some clues from the devices we seize before we even start interviewing the suspect so that we can put together an airtight case as quickly as possible,” said LaFontaine.
“OpenText EnCase is a terrific tool for both the field and the lab, and in this case meant we didn’t have to spend time acquiring the devices and then taking them back to a lab to examine them. We were able to use EnCase’s preview capability to look at the devices at the scene within an hour after we received our search warrants. This meant we were able to start collecting evidence within seconds instead of hours,” said LaFontaine.
The quicker the team can capture evidence, the more likely they are to be able to apprehend the suspect. “We were also able to use some of the features in EnCase that grab the memory from those devices, build a dictionary of key words and then use those key words to break passwords the suspect had set on the devices. EnCase really helps us get to the meat of what we need quickly,” LaFontaine explained.
Unfortunately, ICE receives far more complaints than they are able to pursue. However, according to LaFontaine, “With EnCase, we see a significant improvement in our efficiency, allowing us to investigate more complaints and bring more offenders to justice.”
In this particular case, ICE examiners and investigators were able to use EnCase to collect evidence that proved the suspect was not only assaulting his daughter but was also assaulting additional under-age daughters.
Sadly, NCMEC received over 1 million complaints last year, leaving our law enforcement agencies worldwide buckling under the pressure to pursue all of these cases. With EnCase Forensic, law enforcement is able to reduce the strain on their resources, reduce the time to case closure, investigate more cases, and prosecute more offenders to ultimately make the world a safer place.