Gendarmería Nacional Argentina is Building a Network of Digital Labs to Gain Intelligence Faster

The national forensics laboratory for the Gendarmería Nacional Argentina (GNA), the country’s 70,000-person border guard force, is in the capital city of Buenos Aires. GNA officers in five regional headquarters in Campo de Mayo, Córdoba, Rosario, San Miguel de Tucumán, and Bahía Blanca deliver a steady stream of digital devices to the laboratory — as many as 2,000 on any given year — for data unlocking, extraction, and analysis, to aid in digital intelligence investigations involving border security, drug trafficking, and smuggling, among other issues.

GNA locations
GNA’s five regional headquarters: Campo de Mayo, Córdoba, Rosario, San Miguel de Tucumán, and Bahía Blanca

But because the regional headquarters are hundreds (and in some cases, thousands) of miles from Buenos Aires, barriers of time and distance slow down the path to justice. That’s why the GNA is building a network of digital forensics labs, throughout Argentina, to gain intelligence faster.

GNA building
The main Gendarmería lab in Buenos Aires presently handles device extractions for the entire country. Future plans call for multiple labs to be located throughout the country to get valuable digital intelligence to investigators faster. Photo courtesy of Gendarmería Nacional Argentina (GNA)

“It’s a big country, and it’s hard to cover with one lab,” says Antonio Maza, Experto (expert) for the GNA’s Departamento Análisis Forense Digital. “The number of devices is always increasing because of digital adoption, and we can’t keep up with the demand.”

Maza, a 20-year veteran of the GNA and a forensic analytics instructor at Universidad Católica de Salta, has a plan to crush the time and distance barriers affecting investigations — and to ensure that digital intelligence takes center stage in the GNA’s investigations now and in the future. He’s spearheading the creation of the new lab network, which will respond to the needs of local judicial authorities, by studying electronic devices connected to possible criminal activities. Maza, who’s passionate about the value of digital data for the GNA, sees the chain of labs — equipped with Cellebrite digital intelligence solutions—as crucial to future generations of GNA officers.

Antonio Maza, Experto (expert) for the GNA’s Departamento Análisis Forense Digital, will have the first five regional forensic labs online by 2020 with others to follow. Photo courtesy of Gendarmería Nacional Argentina (GNA)

“I want this to be my legacy,” says Maza. “I want all the capabilities in place that will help everyone across the country work as a team. And I want people to be thinking outside the box and take different approaches.”

Now that evidence comes from so many different device and data sources, investigators can no longer “think” in a straight line, Maza says. “Investigating is not linear,” he says.

Data pushes GNA officers in many new directions, inspiring new ways to solve crimes.

Keeping Up With The Suspects

Today, in the GNA’s national forensics lab, officers like Maza are working hard to match the pace of their digital knowledge-building with the explosion of digital devices found in the course of investigations.

“Digital disruption has had an enormous impact on the cases we handle,” Maza explains. “The volume of information we have to process annually has increased exponentially.” That acceleration, he says, has forced GNA examiners and investigators to climb up the digital intelligence ladder as fast (if not faster), as suspects can accumulate digital data on their devices or in the Cloud.

“Our greatest challenge is the vertiginous technological advance, as is the case with mobile devices,” Maza says. “On top of that you have security measures to protect data privacy that have hardened over time, putting up barriers to obtaining evidence that could be of vital importance in investigations.”

It’s an overwhelming and complex task. The good news is that digital intelligence helps Maza and his colleagues meet these steep challenges. “It lets us optimize our time and resources — finding evidence that supports our cases in ways that wouldn’t have been possible without digital intelligence,” Maza says.

A key part of this optimization is around access to data in the Cloud, using Cellebrite UFED Cloud to analyze the information. Maza ticks off a long list of data that’s now a common part of investigations: chats from messaging applications like WhatsApp and Telegram, multimedia content and metadata, online calendars, web browsing history, Wi-Fi connections, location data, and user profile information. It’s all vital these days, and it all requires automated analysis tools in the hands of knowledgeable investigators.

In his own 20 years with the GNA, Maza has seen how the digital world has utterly changed policing. “Tech’s impact on society is continuously reflected in our GNA activities,” he says. “As experts in forensic analysis, we have to dive into these mountains of evidence. One thing I can say for certain today, is that there are no simple cases, thanks to a complex ecosystem that makes up digital evidence.”

“As experts in forensic analysis, we have to dive into these mountains of evidence. One thing I can say for certain today is that there are no simple cases, thanks to a complex ecosystem that makes up digital evidence.”

Eliminating Barriers Of Time And Distance

The first five of the regional forensics labs are expected to open in late 2020. The locations were picked strategically based on case load, as well as examining other national policing resources in those regions, Maza says. His goal is to not only position the GNA at the forefront of digital forensic analysis, but also transform how his colleagues do their jobs.

The people who hold the purse strings have agreed with Maza: They recognize that digital intelligence is a must-have, not a nice-to-have, when it comes to effective investigations. And a single lab wasn’t going to help the GNA solve cases with necessary speed.

“Last year, for example, we analyzed about 2,000 devices over all Argentina,” Maza explains. “And it’s not just mobile phones – it’s also computers, DVRs, and more. A few years ago, we had to analyze 1,000 devices – now it’s 2,000, and next year, it will be much more. It’s a problem to solve for the future.”

Infographic

It’s not just about devices mushrooming in number: It’s about the time it takes to ferry them to the national lab from all points across Argentina. “We don’t have days and days to finish investigations,” Maza says. “And we don’t want evidence to be lost.” With a network of labs, devices and data can be analyzed more rapidly, closing cases more quickly and bringing suspects.

“I want this to be my legacy…I  want all the capabilities in place that will help everyone across the country work as a team. And I want people to be thinking outside the box and take different approaches.”

Maza expects all the labs to be equipped with the same Cellebrite technology he and other officers use at the national lab. In the field, investigators and examiners use UFED, the solution to extract data from mobile devices; investigators also use Cellebrite UFED Cloud to preserve and analyze cloud data like messaging app conversations and web browsing history.

Investigators also use Cellebrite Pathfinder to create a unified forensics environment across the lab network. Once Maza and his colleagues extract evidence from devices, forensics experts apply a layer of digital analytics, which allows them to identify relevant evidence from a large volume of data. The evidence is forwarded to investigators and prosecutors through reports in various formats for evaluation, including reports generated by Cellebrite Physical Analyzer. The combined Cellebrite tools will help investigators access, analyze, and manage data so they’re prepared for the onslaught of digital data in their cases. The national lab will still be the hub of the GNA’s forensic activities, managing training programs for investigators and building strategic alliances with public and private sector institutions in Argentina.

Speedy Case Resolution

The critical value of digital intelligence shines in more and more of the GNA’s cases, like one from March 2019 involving a teenager’s threat to kill fellow students at his college in northeast. The 17-year-old posted a Facebook message saying that he would broadcast the “massacre” live on Facebook; the post included a photo of an assortment of firearms.

“It [digital intelligence] lets us optimize our time and resources — finding evidence that supports our cases in ways that wouldn’t have been possible without digital intelligence,”

In an early morning raid on the student’s home, GNA investigators seized the students’ mobile phones and a computer. Using Cellebrite Pathfinder, investigators applied filters to locate more firearms photos that the student had downloaded from the Internet; with Cellebrite UFED Cloud, they also located social media messages sent to other people alerting them to the proposed attack.

GNA's forensics vehicle and tent
GNA’s forensics team currently handles more than 2000 devices per year through their main lab. Adding regional labs will spread the workload out, expediting investigations while allowing examiners at the central lab to concentrate on the toughest cases. Photo courtesy of Gendarmería Nacional Argentina (GNA)

“In just two hours, we solved the case,” Maza says. “We knew that this was the person, and we found credit card numbers belonging to him as well as other people connected to the proposed attack.” Maza and his colleagues were also able to construct a timeline of the suspect’s movements as he made plans for the attack. The suspect was eventually charged with making anonymous threats involving weapons.

“Although the case could have been solved without digital intelligence tools, we would have had to spend more time and more resources to do so,” Maza says. “It might have taken a week or more, which translates to more money for staff deployment and accommodation.” Given the nature of the case, more time could have meant the attack went forward in some way—a chance that investigators simply can’t allow. “We need to identify evidence in a short time frame, and with certainty,” he says.

A Lifetime Love Of Forensics

 It’s no surprise that Maza, who’s spent decades working with forensic evidence, is behind the expanded lab project. Even in childhood, he wanted to know how things worked. “I used to take apart my grandfather’s radios because I wanted to know who was talking inside the box,” he laughs. “I like to get to the bottom of things. That’s why I like forensics and investigating so much.”

In college, Maza studied computer engineering—but even though the field was about figuring out how all things technical worked, he didn’t feel excited about it. “It didn’t give reason to my life,” he explains. When he discovered policing and forensics, everything clicked.

“I love my job because I can catch the bad guys, and because I figure out things that no one else knows,” Maza says. He’s frustrated by the cases he and his team can’t solve, but he’s encouraged at how digital intelligence is helping the GNA close cases that, years ago, might have only resulted in dead ends. He’s sharing what he knows with a new generation of investigators: Maza is currently the director of the postgraduate degree program in forensic analysis and digital investigation at the Universidad Católica de Salta, teaching everyone from police officers and judicial officials, to IT and cybersecurity professionals.

As Maza prepares to take a two-year leave of absence from his position to take GNA courses to advance in the force, he feels confident that the legacy he’s worked hard to create will remain strong.  

“I remember back when I started doing digital investigations that our processes and tools almost seemed homemade,” Maza says. “Now we’ve moved on professionally and we have the maturity that digital forensic analysis gives us. We can move quickly, and we are much smarter.”