Eric, tell us a bit about your background and how you became an investigator.
I was a police officer with the Phoenix Police Department in Arizona for 24 years. 15 years of that was working with crimes against children. But even before that, when I started off on the Vice squad, I knew I wanted to be an investigator. Going to Vice was a stepping stone for me – a way to learn how to go undercover, how to handle cases, how to take on a case load.How did you get involved with CSA investigations?
In 2001, our police department got a charter with the Internet Crimes Against Children taskforce (ICAC), which is one of 61 federal taskforces in the United States. I tested to go there – mostly because of the technology. I did the job from 2001 to 2005. By then I needed a break.
Before taking the job, I had no idea or understanding of how traumatic CSA is. I can still see in my mind, the very first picture I ever saw of a child being abused. It will always be stuck there. I have seen so much since, but I will never get that first image out of my head.
However, a couple of years later a lot of great examiners started to leave the ICAC unit and I started working with it again. This time with a different mindset.
When did you first come into contact with Griffeye?
I worked full-time as a computer forensic examiner of CSA between 2009 and 2015. Along the way, we’d lost a bunch of really great examiners – and great people! So, I took it upon myself to look for alternate workflows and solutions to minimize the exposure to the material.
Also, CSA investigations are primarily about images and videos, even though there are other artefacts as well like chat logs, but the bulk of it is to go through large amounts of images and videos. At that time, the backlog was over a year, meaning it took over a year for the examiner to go through all the data – and that is just unacceptable. So, we were also looking for a solution to decrease the backlog.
The software solutions at the time weren’t focused on images and videos only, so they weren’t good enough to depend on. So, we had to find one that was. It was only when we came into contact with Griffeye that we found a solution.
When I met Johann and Pelle, they were such genuine people. I could instantly tell that they really cared. However, the first version that they showed me was quite buggy, so it was actually when they showed the upgraded version that we realized that “This is it! This is exactly what we need!”
What was it you saw that made the difference?
Well, with other programs, if you have 10 copies of the same image on different devices, you have to look at the image 10 times even though it’s already known to you. With Griffeye, they de-duplicated it so that you only had to look at the same image one time.
It gave us a workload reduction of 65% – and that doesn’t even include the Project VIC hashes that pre-categorize files. With Griffeye, we were able to decrease the workload from a backlog of 18 months (with five computer forensic examiners working) to just five months (with two examiners working). So it not only increased productivity, it allowed us to get more work done faster with less exposure. We could also facilitate teamwork in the way that different investigations, containing the same data, would not be exposed to the examiner over and over again – but just the first time.
So it helped you change to a better workflow too?
Yes. Previously, investigators would dump all the seized data on the examiner, and bombard them with CSA material. With Griffeye, we changed that. Now, the forensic examiner processes the digital files, loads them into Griffeye Analyze, and then calls the investigator to give a “go-through” of the investigation. Often investigators just kept doing case after case after case, not thinking that they are putting all the mentally hard job on one person.
You mentioned the Project VIC hashes. How did you start using them?
Around 2014, I met Rich Brown, the head of Project VIC, at a conference. They had this additional cloud server that contained hashes of known files and it worked in conjunction with Griffeye Analyze. The hash sets are brought into Griffeye Analyze, so the data is checked and it can categorize previously seen images. That pre-categorization, combined with the de-duplication in Griffeye Analyze, made the work even better.
That is also when I began teaching with Project VIC, and for the last two years I have been going around the US and the ICAC units teaching them this new workflow, using Griffeye Analyze with Project VIC integrated.
Now you’ve taken the next step to work directly for Griffeye. Tell us about that.
I’ll be the connection between law enforcement agencies in North America and Griffeye. My job will include training, helping investigators evaluate the solution that suits them and their needs best, and also to be liaison between users and our development team. Essentially, my job is about helping our users to get the best fit.
In the US, we call this role a Tech Evangelist. I am spreading the word in North America that this software exists and what it can do – going back to my own experiences of what it has meant and done for me and my colleagues.
What is it specifically that excites you about this role?
I do this job because I want to help other people. I’ve been around doing training in my own role to help as many as possible. As part of Griffeye, I can help on a larger scale. And on an international level, not just in the US.
Griffeye has a human connection and commitment to the people doing the job – like the original free licenses for those working with CSA. That was huge and I’ve never even heard of another company who would even consider doing that. They also understand the investigators’ work, and how to make it faster and better. So, Griffeye is on the same wavelength as me, trying to find solutions to keep the investigators in the job longer.
Griffeye's Analyze DI product has the capacity to rapidly and intelligently process huge volumes and deliver fast, accurate results. Find out more on their website.