By: Jeremy Byers, a police investigator in Australia
I have been employed as a member of the Australian Federal Police and the South Australian Police since 2008. Most of my law enforcement experience has been investigating serious and organized crime. I am presently undertaking a Graduate Diploma in cybersecurity under the supervision of Dr Matthew Sorell Senior Lecturer at University of Adelaide.
Investigations within this field of policing increasingly rely upon interpreting large volumes of telecommunications data commonly derived from service providers as well as data extracted from mobile telephones.
By way of example: a recent investigation, relied heavily upon the network and mobile phone data. It was an armed robbery, where one victim had been shot during a violent home invasion. Compounding the difficulties involved in the investigation was a lack of victim/witness co-operation due to associations with outlaw motorcycle gangs. The use of data from seized devices became paramount in proving the offence had occurred, identifying other suspects and proving their involvement.
Initially, I provided a supporting role assisting in searching properties, exhibit collection and corroborating interviews. I obtained good understanding of the circumstances of the offending and had a high level of understanding of the criminality of the suspects based on having had previous interactions with many of them. Just as importantly, through my policing experience I had an innate understanding of how organized crime and criminal gangs operate, and how they go about their day to day business.
This investigation had been running for almost two years when I was asked to review all mobile telephone evidence and network records. Clearly, this was a complex and time-consuming task. After identifying the extractions and records I had only six weeks to prepare the digital and network evidence for trial.
During that time, I identified key evidence, including direct and indirect contact between the accused, victims and witnesses prior to the offence. The main concern was managing the large volume of data and the tedious task of ensuring its accuracy so that it could be relied upon in evidence. Investigators are increasingly required to specialize in various aspects of cases. Most recently this is the ability to understand and interpret complex communications systems data. Critical to this function is the use of a suitable tool for digital data.
The use of the XAMN interface helped me fast track my investigation, making the task infinitely more manageable. I was able to quickly cross-correlate data from multiple data sets, find important data using key word searches, use filtering to find images taken on or around the offence date by mobile phones used by suspects and other relevant associates as well as identify other persons of interest. The XAMN interface made it easy to find a google maps location search and lessened the need for external data specialists to be brought into an investigation, thus saving money and time.
The presentation of mobile telephone data was key to the successful prosecution of this case and resulted in the conviction of the suspect. This is one of many investigations I have been involved in that has significantly relied upon the use of digital evidence to assist in convicting a suspect.
In August 2019, I was fortunate to be provided a license to use MSAB’s new version of XAMN with upgrades to Spotlight, Horizon and Elements, all of which are tools investigators can use to find key evidence, interpret the data, and save time throughout the process. My main interest focused on the use of Horizon. One of the tools in Horizon is designed to assist investigators with a feature which can map geographical coordinates instantly. I tested the software using datasets and found all to be highly accurate regarding geo locations and of considerable investigative value.
In the past, investigators have found it challenging to review large telephone data sets. Historically this would have been completed by an analyst and / or extracting officer. However, with the complexity of most criminal cases this is something over which an investigator now needs total control as they are invested in the job from the start to the finish. They have the detailed knowledge of the case and ultimately find key pieces of evidence, no matter how small or seemingly irrelevant, improvements to the way in which data may be found and displayed is vital. Development of products into the future needs to bear this fact in mind and will require regular updates from the software provider.
For more information visit our website: https://www.msab.com.
Jeremy Byers is a police investigator in Australia and is recognized within law enforcement for his expertise on forensic interpretation of telecommunication network records, mobile phone data sets and his understanding of the criminal behavior. He is able to give an expert opinion of the data to investigators and court. Jeremy trains other police investigators on the use of network records and mobile devices in offences.