Too many devices. So much data, too little time.

With smartphone storage pushing into the terabytes and penetration in the United States surpassing 92%*, examiners must now contend not only with an abundance of data but also how to make sense of it, surface crucial evidence and draw pertinent connections. All of these are pushing traditional techniques and manual analysis—which are time-consuming and labor-intensive to start with—to its limits. Foreseeing these challenges and inundated with complicated cases that connect to wider webs of crime, the Montgomery County Sheriff’s Office, located in a suburb of Houston, Texas, dove headfirst into digital forensics—building a specialized lab equipped with a diverse suite of digital forensics tools and solutions. The lab drives speed and efficiency and increases accessibility to external parties who need these cutting-edge capabilities.

Scaling Up

At the helm, sits Detective Billy Ballard, Digital Evidence Examiner, with 27 years of diverse experience and dedicated service within the Montgomery County Sheriff’s Office. When he joined the lab, he recalls, “We only had two sets of UFED4PCs (now called Cellebrite Inseyets) here in the lab, and they were only two of us using them. Then a couple of detectives who had been to the first Cellebrite classes would come over and use them when they could.”

Later iterations of the lab saw much needed upgrades. “When [Sheriff] Rand [Henderson] took office, one of the things he wanted was for us to move into the future. So, we got another Cellebrite UFED for homicide, one for narcotics and that’s when things started to stabilize,” Det. Ballard says.

Fast forward to 2023, where the lab processed about 600 mobile phones, along with a welcome upgrade to the lab itself.

Collaborating with the Community

“We also got the Cellebrite Kiosk—that was a game changer. It made a big difference because it was for the public. Victims or witnesses, if they have important evidence, can meet an investigator who can then use the kiosk to get the data and hand the phone right back,” Det. Ballard says.

Not only did it speed up case investigations, but it also encouraged collaboration from the public—reducing backlogs and driving higher case successes.

In the same vein, the county has put its digital forensics tools and solutions to good use with great effect, especially when it comes to connecting dots, processing large volumes of data and revealing critical connections.

The Biker Gang

“We had this one phone with 27,000 contacts in it, 15,000 were on WhatsApp and 19,000 on Signal. The perpetrator was an outlaw biker and made calls and sent messages on those apps. On top of that, this guy had 14,000 location-related entries through Apple Maps and Google Maps,” Det. Ballard recalls.

The sheer amount of data took a village. “There were five different detectives looking at the phones, a whole division of eight analysts. They’re doing all the social media stuff back and forth and sending out preservation letters to people once they find other contacts they want to look at. Then, we had the gang unit that was in there and they were just combing all kinds of intelligence, learning everything about this motorcycle group.”

A monumental effort that would have been near impossible without the help of digital forensics tools. “[Pathfinder] was the only way they could do it. They all said there’s no way they could have physically done any of that leg work with individual UFDRs. So much data, so little time is what I called it.”

montgomery county sheriff talking with detective

Fentanyl Murder

Another case where digital forensics tools like Cellebrite Pathfinder were crucial includes the Montgomery County Sheriff’s Office’s first-ever fentanyl murder arrest in the county on November 27, 2023.

The investigation began on October 18, 2023, when deputies responded to a home in Montgomery County and found a 34-year-old man dead, with evidence suggesting he may have overdosed on illegal drugs.  An autopsy later confirmed the man died from fentanyl use. Police arrested the suspect who was charged with murder for allegedly supplying fentanyl that resulted in the death of the Montgomery County resident. 

Through their investigation, the Montgomery County Narcotics Enforcement Team (MOCONET) was able to use digital forensics tools to access the victim’s phone, draw connections and quickly ascertain the identity of the dealer. An arrest warrant was eventually issued due to the new Texas law that went into effect on September 1, 2023, which allows prosecutors to charge people with ‘fentanyl murder’ if they supply or distribute fentanyl that leads to someone’s death. 

The accused is currently held without bond due to the nature of the charge and his criminal history.

Clearing Charges

Beyond just being a tool to serve justice, Det. Ballard recalled an instance where digital forensics can also be a tool to help exonerate the innocent. The Texas Highway Patrol needed his help.

“A high school kid had a head-on collision, and they felt like he was texting. They brought that phone to me, and we got into it with Cellebrite,” the detective recounts. “We did an advanced logical and took it over to Cellebrite Inseyets powered Physical Analyzer to go through his timeline.”

The timeline was able to show the suspect leaving the campus where he was taking the SAT and his phone screen did not activate until he called 911. “He never touched his phone. I could see it leave the school’s Wi-Fi. I know he never touched that phone because he didn’t even get a notification,” he adds.

The evidence exonerated the teen.

Reflecting on his experience, Det. Ballard shares some wisdom that can help smooth the investigative process for others in the field.

Faraday at the Ready

“You need a Faraday bag in your car in case something happens,” Det. Ballard comments. He also stresses the importance of training investigators on its use. “We had a walk-through with our homicide unit, to keep devices ‘hot’ by putting them in these Faraday bags. We also have evidence submission lockers marked with Apple logos so they can cut the side of the bags and keep the phone charged inside.”

Keeping a device ‘hot’ and disconnected helps preserve the data on them and prevents potential erasure.

Into the Cloud

Det. Ballard explains his agency has a firewalled network with shared drives. For example, the narcotics team can be out in the field with a substation downloading phones, and when they’re done, they zip up their raw data and the reports and put them in a shared drive. “Those files then get uploaded to the server. It’s not like the old days when they’re physically driving a hard drive to Conroe to have it uploaded,” the detective explains.

Reliable Chain of Custody

To ensure the integrity of digital evidence, chain of custody and building public trust, Det. Ballard and the team also rely on Cellebrite Commander. “With Commander, I could see what was put through a Cellebrite solution in the office. Who knows at three o’clock in the morning, some guy’s not in there downloading his wife’s phone,” Det. Ballard says. This end-to-end visibility together with comprehensive documentation, ensures the reliability, traceability and integrity of the sheriff office’s investigations.

From unravelling a bigger web of crime to exonerating the innocent, Montgomery County Sheriff’s Office’s successes are testaments to not only why agencies should keep up with changing technology at large but also the indispensability of digital forensics tools and solutions. Det. Ballard says, “DNA and fingerprints may be able to individualize and identify a person, but with digital forensics, you can not only identify a person but also open a window to their soul. You can actually put a motive behind a crime that you can’t get from a fingerprint.”

Share this post