Brazoria County Sheriff’s Office Logo (Credit: Brazoria County Sherriff’s Office)

To help process cases faster and win convictions, digital investigations must keep pace with the growing number of digital devices seized during investigations, professionalize the digital workflow, and improve the management of evidence in local courts. The Brazoria County Sheriff’s Office has transformed the way they are running investigations to address these challenges.

The Brazoria County Sheriff’s Office, founded in 1836, is the oldest law enforcement agency in Texas. The sheriff’s office, located in Angleton, serves a Gulf Coast county that’s about 1,500 square miles in total. Brazoria County’s population has grown significantly in the past 15 years as the region shifts from predominantly rural to a suburban-rural mix as the Houston suburbs expand into the county.

As the county has grown, so has the sheriff’s office’s need for fast and efficient management of digital evidence. In 2012, the office opened its first digital lab as a way to centralize the processing, analysis, and sharing of Digital Intelligence—the data collected and preserved from digital sources and data types (smartphones, computers, and the Cloud) and the process by which agencies access, manage and obtain insights from this data to more efficiently run their investigations.

“The devices are like encyclopedias about people because most people have so much data about themselves on their phones. It really opens the door into looking into people before you even meet with them. In the old days, you had to meet with them first to figure them out. This way, you get a good head start on gathering data.”

Before the lab was opened by Kent Nielsen, an ID investigator for the sheriff’s office, devices like phones and tablets had to be ferried to an FBI lab in Houston for processing. This created extra steps in gathering digital evidence and returning devices to owners. With the lab now using Cellebrite’s Digital Intelligence solutions to access devices and collect and preserve data on-site, the device turnaround time has shrunk to as little as one day. Cellebrite Advanced Services (CAS) is used in rare cases when phones can’t be accessed on-site.

Brazoria County Sheriff’s Office has realized the need for fast and efficient management of digital evidence and has opened its first digital lab as a way to centralize the processing, analysis, and sharing of Digital Intelligence. (Credit: Brazoria County Sherrif’s Office Facebook)

For Nielsen and Rodney Haney, who joined the tech lab in early 2018 from a local agency where he performed data collection, the launch of the lab and the adoption of Cellebrite have done much more than simply shorten the device analysis turnaround time. They’ve helped the two-person digital investigations keep pace with the growth of digital devices in investigations, professionalize the digital workflow, and improve management of evidence in local courts to help process cases and win convictions.

The Challenge of Turn-Around Times

“If a case was dependent on text messages or other data from a phone – and you had no other leads – you had to wait for that data. We were running at a backlog of about 100 phones”

“At the FBI lab, we’d process the devices on the Cellebrite solutions they had there,” Nielsen said. “We’d bring the data back if we needed something easy, like some text messages. If we needed more evidence, or the device was complex, we’d submit the device to the lab and then wait.”

Unless the case was one where a life was on the line, such as with a child abduction, Nielsen and Haney had to wait in line.

“The cases would basically come to a halt,” Nielsen explains of the delays in generating useful Digital Intelligence. “If a case was dependent on text messages or other data from a phone – and you had no other leads – you had to wait for that data.” And if access to the phone was dependent on a search warrant, the delay would be extended. The delays were also difficult for crime witnesses and victims, who’d have to surrender phones and other devices for days.

“We were running at a backlog of about 100 phones,” Nielsen says.

Bringing A Lab Home To The County

Nielsen and Haney decided that it would be far more cost-effective and timely to create a lab that was customized for Brazoria County and equip it with Cellebrite solutions that would allow them to handle data collection, management, and analysis in a secure environment that ensures the integrity of the chain of evidence.

Status of projects and workflows are handled with Cellebrite Guardian, so Brazoria’s agency managers can see exactly where projects are in terms of completion and adjust priorities instantly depending on the timeliness of cases.

Cellebrite Pathfinder has proven invaluable in helping investigators parse mountains of data in typical cases and connect disparate pieces of evidence together to provide actionable intelligence fast. Pathfinder also provides agency managers with the ability to visualize the entire case while empowering investigators with functions that allow graphically driven reports to be easily generated. This has helped simplify internal reporting as well as provided easy-to-understand reports for prosecutors who in turn can present evidence in a format that judges and juries can easily grasp.

Cellebrite Pathfinder allows investigators to see all of the connections between suspects and those they’ve been in contact with. (Credit: Cellebrite)

“In the past eight years since we opened our lab, we’ve gotten to the point where we can process about 90 percent of devices right here, instead of sending them elsewhere,” Nielsen said. In the next couple of years, the lab expects to add Cellebrite Premium to access iOS and high-end Android phones; for now, more complex devices continue to be sent to CAS.

Creating Efficient Workflows To Process More Devices

Even with just two people, the lab has become the workhorse for Brazoria’s Digital Intelligence efforts. If the lab can add more staff in the future, Nielsen says, perhaps the investigators can also spend more time on analysis. “On many of the phones, we’re getting GPS coordinates,” he said. “We can take those and do some mapping while making connections to crimes based on the locations we know about.”

The link between GPS and suspects was exactly the connection needed for a recent investigation into a number of pharmacy robberies in Brazoria and neighboring counties. The case started out as a fairly ordinary one: A mask-wearing man approached the pharmacy counter of a CVS store and handed a clerk a note saying he had a gun and demanded various narcotic medications. The robbery was similar to ones carried out in the county as well as near Houston; thanks to a surveillance photo of the suspect’s car at the CVS, the Brazoria sheriff’s office was able to arrest the man at his home. However, the man insisted that he wasn’t the robber.

After a search warrant was obtained, the tech lab staff collected GPS and Internet search data from the man’s phone using Cellebrite UFED 4PC and turned the data over to Dominick Sanders, a criminal investigator for the county sheriff’s office. Sanders decided to test a theory: That the man who robbed the local CVS was the person responsible for all of the region’s pharmacy holdups.

“On many of the phones, we’re getting GPS coordinates. We can take those and do some mapping while making connections to crimes based on the locations we know about.”

“I started putting a timeline together for when all the robberies happened,” Sanders said. He plugged the GPS data from the suspect’s phone, as well as the locations and times of the other pharmacy robberies, into Cellebrite Physical Analyzer to pin each location. In this way, Sanders could see that the time of every robbery correlated to GPS locations collected from the suspect’s phone – placing him close to the right places at the right times.

But there was more to tie the suspect to the crimes than just locations and times. The collected web search data showed that the man had looked up information about local police shifts just before the various robberies occurred, in hopes of hitting the pharmacies when policing resources were thin. He’d also searched for news stories about the robberies.

GPS coordinates obtained from a suspect’s mobile device can be critical in many cases because they can clearly show the suspect was at the crime scene. (Credit: Cellebrite)

At one point before the suspect was arrested, the sheriff’s office in neighboring Victoria County, where a pharmacy robbed, issued a press release with a security camera image of the suspect’s car and asked the public for tips. Sanders found web searches on the suspect’s phone seeking places to buy fake beards and mustaches, showing he knew the police might be coming closer to identifying him.

When Sanders confronted the suspect with the detailed timelines of robberies, all connected to the phone data, the suspect confessed, explaining that he was a drug addict who fed his habit through the robberies. He was charged with multiple counts of aggravated robbery but died in jail due to addiction-related health issues before the case went to trial.

Placing Digital Intelligence Tools In Capable Hands

As other police agencies saw what the Brazoria County Sheriff’s Office had accomplished with its digital transformation, they also began adopting Cellebrite solutions and improving Digital Intelligence workflows. Nielsen and Haney continued to refine their own workflows and create efficiencies. For example, the lab investigators’ captain uses Cellebrite Guardian to manage caseloads for Nielsen and Haney. The captain can easily re-prioritize the order of lab projects, depending on urgent case requirements.

Cellebrite Guardian helps investigators manage all case data in real time from one centralized system to improve investigative efficiency and expedite the flow of cases. (Credit: Cellebrite)

“The captain might have 19 investigators waiting on digital evidence,” Nielsen says. “They’re all asking him ‘When are they going to get to mine?’ Now, the captain can just click a button in Guardian and tell investigators, ‘OK, I moved yours up to third place,’ or ‘You’re not getting your data until next week.’”

“In the past eight years since we opened our lab, we’ve gotten to the point where we can process about 90 percent of devices right here, instead of sending them elsewhere.”

Of course, the sheriff’s office is plainly aware that digital evidence can’t do much unless it’s in the hands of trained officers – as in the case of the brainstorming done by Dominick Sanders to solve the pharmacy robberies.

“It still takes old-fashioned police work to solve cases,” Nielsen said. “You need that trail that you follow using all of the data points, whether it’s actually getting out in the field, or getting the data from the lab and sitting in your office and going through it for hours.”

There’s no doubt, Nielsen says, that investigators relish the chance to access such rich storehouses of evidence, quickly and easily, since it often makes the difference between solving a case or letting leads grow cold.

“The devices are like encyclopedias about people because most people have so much data about themselves on their phones,” Nielsen said. “It really opens the door into looking into people before you even meet with them. In the old days, you had to meet with them first to figure them out. This way, you get a good head start on gathering data. It’s been fascinating, and fun to try to put it all together.”