By Rob Goodman for Police1 BrandFocus
For law enforcement in 2025, digital data can reveal enormous insights into suspects and subjects of interest – where they go, whom they communicate with and more. The challenge lies in how quickly criminal investigators can gather that information after a crime has been committed.
With the right data sources and legal foundation, you often can find the necessary intelligence to solve criminal cases. Powerful new tools can help investigators start building preliminary intelligence pictures from as little as a single initial identifier – e.g., a phone number, email or social media handle. It’s not push-button; agencies still need appropriate court orders and provider integrations. But when that comes together, it can provide invaluable jump-starts to investigations.
A cloud-forward way forward
SS8 Networks is a California-based vendor that markets lawful intelligence, location intelligence and monitoring/interception solutions for law enforcement and intelligence users. Its signature product for reconstructing and analyzing digital communications is Intellego XT. Its new cloud-based version, available as an SaaS, is Discovery, recently released in September.
The goal of Discovery is to help investigators with the appropriate authorizations legally combine, correlate, analyze and visualize communications, signaling, metadata and associated data to develop leads – often before arrests.
“We operate more on the front-end side of investigations than after the arrest,” said Cemal Dikmen, Ph.D., the company’s chief technology and security officer. “You may have a number of suspects but not know which one actually committed the crime. By looking at their prior communications and movement patterns, we can help develop intelligence that determines the likely suspect.”
“On the mobile network operator side,” explained DeAnn Baker, SS8’s vice president of marketing, “our Xcipio software allows intelligence agencies to gather communication data, metadata, via a warrant. On the intelligence agency side, Discovery supports advanced data analytics. Investigators can merge communication data with other data sources and run intelligent queries to drive actionable intelligence.”
Besides the obvious legal authority, doing that successfully relies on the data sources that can be connected. Discovery can ingest data feeds from a large range of sources, including network providers (call detail records and SMS/MMS data), surveillance systems, social media and others.
In addition, Discovery can add location tracking, uniquely combining two essential investigative capabilities within the same platform.
In the early stages of an investigation, however, Discovery is especially useful for mapping relationships and establishing who is meaningfully communicating – and potentially collaborating – with whom. Here’s how that can work.
How an investigation works
Getting started with Discovery requires at least one identifier for the subject being investigated – a phone number, email address, social media handle, etc. Obviously, the more information you can start with, the better; details like known associates and common hangouts can help build a picture. But even a single item can potentially get things going.
From this Discovery can leverage relevant metadata and external content from network sources like telecom systems, 911 logs, social media feeds and other databases. Even if a warrant doesn’t allow listening to subjects’ conversations, the metadata around those calls can reveal location information, who called whom, how often and for how long.
This is all combined and normalized for cross-correlation and presented in a unified way through SS8’s Discovery platform. This simplifies querying and resolves the historical problem of siloed data. Users can also filter findings dynamically – for instance, by time, geography, etc. The results are depicted visually, with spider graphs, heat maps and timelines, for easy review and contextualization.
The result is the proverbial single pane of glass: a one-stop interface that keeps investigators from needing to toggle among multiple other tools.
As an example, an investigation might begin with seeking a victim’s or suspect’s call data records (CDRs). Basic call logs may be obtainable with a carrier subpoena or court order, although CDRs with location links can require warrants and probable cause. These CDRs provide an initial overview of which numbers are talking to each other.
Discovery then cross-references with other database information like local records management systems and open-source intelligence like social media, messaging apps and online advertisements, where people often link phone numbers. Link analysis begins within Discovery, which starts mapping relationships based on its telecom and internet findings, identifying top contacts, clusters and patterns. Discovery then provides broader data fusion capabilities, adding in external datasets and correlating across domains – for instance, linking phone numbers to home addresses and vehicles and connecting cell-site records to surveillance camera hits.
This can also help provide a basis for more traditional investigative methods, like simply calling a number to see who answers and, when a handset is located by tower data, pings, etc., physically watching to see who’s carrying it.
With this baseline of information obtained, investigators can move on to things like DMV records, obtaining license plate and vehicle information and hits within license plate recognition (LPR) and other video surveillance systems.
“You can basically build out these relationships based on CDRs, location information, automated license plate recognition and any other data source you can imagine,” said Dikmen. “You can also look at open-source intelligence and social networks like Facebook or Twitter. From there you may see subjects connected to each other or commenting on each other’s posts. You can add as many data sources as you need – criminal records, financial records, toll records, airline ticketing information – any data law enforcement thinks is relevant. You can discover a lot of things by combining different types of data sources.”
What do investigators want to know?
The information about individuals and their network is assembled within Discovery in what’s called an iDossier. This combines everything discovered about a person – name, address, date of birth, emails, jobs, etc. – into a single easily referenced profile. Existing criminal records databases can be merged in as well, leveraging previous investigative work and results. iDossier files can also be created for both criminal organizations like gangs, cartels and smuggling or trafficking groups and entities that aren’t overtly criminal but may be engaged in wrongdoing.
Everything can be presented in charts and clickable links that demonstrate connections visually. “If I were to call or contact someone 100 times a day, that node will be more prominent than if I do it once,” noted Baker.
The platform’s querying abilities were developed in collaboration with law enforcement users of Intellego XT, who helped provide guidance around their workflows and what might make their jobs easier – for instance, keyboard shortcuts rather than requiring repetitive pointing and clicking, or the ability to quickly forward reports.
AI will soon supplement Discovery’s operations with real-time translation and transcription, and image and video analysis for purposes like object detection may be next. “We just started adding AI capabilities; this is the very tip of the iceberg,” said Dikmen. “There’s going to be a lot more in the near future.”
The tools to keep up
Advanced digital forensics capabilities like these have often been beyond the reach of law enforcement organizations that aren’t large and well-funded. The cloud-based nature of Discovery has helped keep it accessible for smaller and less-resourced departments.
“Large federal law enforcement agencies, like the FBI and DEA, can purchase, maintain, and operate their own platforms,” said Dikmen. “But when you think about a data fusion or monitoring center-type product like Intellego XT, if you were to put that on prem, it would take large number of servers, storage and dedicated communication links to data sources. That equipment needs to be maintained, and some administrator has to be responsible for administering it, so there’s an overhead.
“Small and local law enforcement agencies do not necessarily have that type of personnel and expertise. So, there’s a need for those kinds of state and local agencies to have access to these capabilities without the administrative overhead.”
With a software-as-a-service solution, users don’t have to buy, deploy or maintain hardware – or stress over connectivity, security or upkeep. It’s all handled for them. Flexible short-term subscriptions also let Discovery be used precisely when it’s needed, case by case.
“We’re trying to help law enforcement stay ahead of the game,” said Dikmen. “Criminals today are using the latest technology, so law enforcement should too.”
For more information, visit SS8.
About the author
Rob Goodman is a communications strategist and freelance writer with Rose City Public Relations, bringing more than 30 years of experience in technology-focused public relations and content creation.
