Trending Topics

IACP 2021 preview: Using digital forensics to gain drug intelligence

With the constant threat of newly emerging drugs, it is critical law enforcement develops a common operation picture of the drug landscape


By reviewing digital evidence reports, you can understand how to scale solutions across your agency to prioritize and leverage digital evidence.

Getty Images

While the in-person portion of IACP 2021 has been canceled due to Hurricane Ida, over 100 presentations will be available online. Drug Intelligence, Digital Forensic Insights, & Response Strategies for Interdiction, Investigation, and Overdose Prevention is a panel discussion hosted by Jonathan McGrath, PhD, MSFS, of the Department of Justice, National Institute of Justice that emphasizes the importance of collaboration between law enforcement entities internally and with public health stakeholders externally to effectively respond to the opioid overdose crisis. In this article, panelist and Police1 author Brendan Hooke summarizes key discussion points.

What does an effective and efficient opioid response look like?

Law enforcement cannot and should not respond to the numerous challenges we face alone. From mental health, homelessness and drug addiction, numerous localities are formalizing co-response models with other public services to include mental health workers, prevention specialists and social workers. Collaboration between groups is most successful when the spirit of cooperation goes beyond the response.

During the panel discussion on drug intelligence insights, Dr. Jonathan McGrath explained that: “Now, more than ever, it is critical that law enforcement agencies and their public safety agency partners work hand-in-hand with their local public health agencies counterparts to identify and respond to drug threats impacting their communities. Equally important are their mutual roles for overdose prevention.”

Shared information within entities and among stakeholders can help guide strategies and resources. My partners on the panel discussed the value of sharing law enforcement information with public health officials so that officials can rapidly detect drug trends among overdose victims and identify particularly harmful batches of narcotics. Dr. Daniel Flannery of Case Western University gave an example of using crime data with GIS programs to effectively deploy NaloxBoxes.

What does sharing digital intelligence look like within an agency?

Sharing information and scaling collaborative strategies can be difficult not only with external agencies but also within an agency. Police leaders must listen to investigators to deliver solutions to meet their needs.

If you haven’t worked a case in a long time, ask your detectives about the value of digital evidence. Regarding overdose investigations, often a phone left behind by a dead victim may be the only clue as to the source of the deadly drugs that contributed to their death.

By reviewing digital evidence reports, you can understand how to scale solutions across your agency to prioritize and leverage digital evidence.

Here are some key steps to take:

1. Training for handling digital evidence

The first area to focus on is training and procedures for handling digital evidence. Stabilizing and recovering digital evidence early in an investigation will help investigators access and analyze evidence. If a phone is left at an overdose scene and not stabilized, it is more likely to lose power and then enter a deeper state of encryption. Agencies must have a procedure to recover digital evidence in a safe manner from a crime scene, perhaps before the entire scene has been physically processed. That decision must be made by leaders and communicated before an incident.

As part of the importance of emphasizing a dynamic digital evidence procedure, all responders must have some digital evidence training. The National White Collar Crime Center offers free, online, high-quality training geared toward all skill levels. Leaders should direct their officers to these resources so that they are more likely to recognize and then preserve digital evidence.

2. Keeping lines of communication open

Digital forensics examiners also need to share their information and skills with field investigators. During the panel, I share an anecdote that emphasizes the need to communicate and strategize before an incident.

In short, homicide detectives had reviewed CCTV footage of an abduction that was likely a precursor to a homicide. During their review of the footage, they identified the type of phone used by the suspect. Before they acted to interview the suspect, homicide detectives consulted with digital forensic examiners. Because of their preparation, we were able to offer advice on the best strategy to recover digital evidence and we were able to prepare our facility for an incoming priority phone. After a surveillance operation and a creative ruse, detectives were able to seize the phone while it was unlocked and then rushed it to forensics. The phone stayed unlocked, and we were able to recover a significant amount of data that helped locate a grave and assist in the subsequent prosecution.

Leaders need to make sure lines of communication between field and lab units stay open and that both groups collaborate on strategy. In the example above, homicide detectives used the forensic detectives to plan, which made their job easier. In return, the homicide detectives received an excellent product that helped close their case. Strategy on the front end is much easier than cleaning up a mess.

3. Implementing procedures to defeat encryption

One of the difficulties in accessing digital evidence is defeating encryption. Leaders can help scale social engineering solutions to increase the likelihood of success.

As a general principle, people are creatures of habits and tend to use familiar passwords across multiple systems and devices. Based on that premise, leaders can help scale the effectiveness of their digital evidence across their agency in a few specific ways:

  • Work with your local jail. See if the jail can have the inmate calling system mirror a 6-digit pin code. Once implemented check that system for inmates’ 6-digit pin codes to help gain access to phones.
  • Include passwords in reports in a standard format. If your agency ever needs to defeat that person’s password in the future, investigators can check old reports for previously used passwords.

Thank you to my fellow panel members, Dr. Daniel Flannery and Jessica Wolff and to the panel host, Dr. McGrath, for an exciting and informative discussion.

NEXT: The massive growth of video evidence: What police administrators need to know

Brendan Hooke is a captain with the Fairfax County (Virginia) Police Department. He is a commander in the department’s Information Technology Bureau. He recently served as the school liaison commander assigned to the Fairfax County Public School system. He has prior experience in the department’s Cyber and Forensics Bureau and investigating and supervising major crimes, organized crime, and narcotics. He holds a bachelor’s degree from the College of William and Mary and a master’s degree in high technology crime investigation from George Washington University. He is currently completing a graduate certificate in forensic accounting from George Mason University.