India’s DFIR Community Turns To Digital Intelligence Technology To Solve Their Toughest Cases
Santosh Khadsare is India’s prominent digital forensics expert who was the Head of Digital Forensics at two reputable Forensic Labs in India, which serve all of the country’s law enforcement agencies. A veteran officer with over 20 years of experience in digital forensics, Santosh oversees a team of 12 examiners who are divided into what he describes as three forensic workbenches—one each for mobile, computers, and network. Each workbench has 4 to 5 people depending on the number of cases that come in.
Like many agencies around the world, Digital Forensic Labs in India struggles on two levels with what Santosh describes as “a problem of plenty and the problem of capacity.” As criminals have increasingly moved toward using digital devices to carry out crimes (90 percent of the cases reaching Digital Forensic Labs as on date deal with mobile devices), the number of devices flooding the lab has grown exponentially.
“In digital forensics, every case is different, every approach is different, and for that, you need the help of technology…. In any of the stages [of an investigation], it is required.”
This greatly impacts the second challenge, which is capacity. How do you deal with the number of devices inbound to the lab while prioritizing which are the most important to tackle first? Overwhelming numbers are causing case delays because of the time needed to process and review devices and then parse the mountains of information they generate.
Locked devices, encrypted apps, and cold devices (BFU) coming into the lab are also adding to the challenges.
“Most of the apps are encrypted,” Santosh says. “Then the most [important] problem is actually bypassing the first step, which is the lock mechanism. That is a bigger issue for us because, for the later part, there are many other ways we actually handle that problem. The next problem comes with jailbreaking in the case of iOS and rooting. So there are a lot of technical problems which are posed.”
Fortunately, technology is providing important tools that help Santosh and his team move cases forward.
As Santosh describes, “Technology is an enabler when it comes to solving any problem in the digital domain… technology is the bedrock of forensics.… In digital forensics, every case is different, every approach is different, and for that, you need the help of technology…. In any of the stages [of an investigation], it is required.”
In the course of his career, Santosh has worked in a number of different labs at different agencies. Throughout the years, however, one constant has been his reliance and trust in Cellebrite solutions. “In every agency from the time I know, we have been using Cellebrite products….We use different types of tools, but the trust which we have in this particular product [Cellebrite] may be, you can say, a pinch better than the other tools which we use, because of the confidence, trust, support which we get. And, of course, it’s a global product….There’s no doubt about it. It [Cellebrite] is the world leader.”
“For a law enforcement agency, it [a digital strategy] is very important. It’s actually our bread and butter, so we cannot do without it. And if you don’t have it, you are toothless and will not be performing to your maximum as such.”
As Santosh describes, “Cloud and Touch2 are the most prominent devices being used, and upon which myself and my team train.” Santosh was also one of the early adopters of Cellebrite Premium, but not every lab has it yet.
“The scenario in India is totally changing,” he says. “Now people have understood the importance of various technologies, and the technology which can be relied upon when it comes to solving cases concerning national security or cases of very high importance. So that’s for sure there. The trust is there.”
That trust in digital technology and Cellebrite products is put to the test in all the cases Santosh and his team have ever tackled.
According to Santosh, Cellebrite solutions provided the means for the team to succeed in solving full-disk encryption of various mobile phones providing key evidence to cracking cases, and helping in strengthening national security.
“We use different types of tools, but the trust which we have in this particular product [Cellebrite] may be, you can say, a pinch better than the other tools which we use, because of the confidence, trust, support which we get. And, of course, it’s a global product….There’s no doubt about it. It [Cellebrite] is the world leader.”
Training is Key
One of the most important factors in helping Digital Forensic Labs solve more cases faster has been training. “Training is the most important thing, even more, important than having a tool to actually do the analysis. Without training… you cannot go ahead in this particular field.
“Without training, I feel you are actually [doing] more damaging your case than actually making it, because if some mishandling of the case takes place, we will have to pay a huge price for it, and the main reason will be because he is an unskilled professional who will be working on the case. So training we conduct regularly, whether it’s internal or external….That’s the priority. And it’s continuous because continuity of training is very much important.”
Driving Better Outcomes
The right tools and training are also helping Digital Forensic Labs provide better outcomes in the cases they handle. When asked what three high-level outcomes Cellebrite Digital Intelligence solutions are helping to drive in his agency, Santosh said, three key areas with tools are critical:
- Cellebrite solutions [provide] investigative teams with the information they need to develop a starting point for investigations.
- As technology evolves, it’s providing viable solutions that teams can quickly implement on the ground to solve cases faster.
- Finally, technology is providing what Santosh calls “proactive forensics.” This is the ability for teams to actually use actionable intelligence gathered using Digital Intelligence solutions to actually stop incidents from happening.
Helpful Advice for Other Agency Managers
Based on his years of experience and seeing the progress that Digital Forensic Labs has made in stopping crimes, Santosh had some sage advice for agency managers who may be farther behind Digital Forensic Labs on their digital transformation journey. When asked what agency managers should be doing today to get ahead of crimes, Santosh recommended the following:
- Train Up: Keeping a cool head is always the first priority for an agency manager, but right behind this is skillset training. “I would again stress training. Without that, nothing. [can happen]…if I can train a person, I would go for that first.”
“Training is the most important thing, even more important than having a tool to actually do the analysis. Without training… you cannot go ahead in this particular field.”
- Prioritize Your Tools: Equipping teams with the training and tools they need to do their job is critical, but managers must also do so under whatever budgetary restraints they may have. This is why Santosh suggests that managers should ask “which tool will you go with, irrespective of the cost factor? The factor should be more of what are you looking at, what objective do you want to achieve? So I would recommend to them that instead of going for the cost factor, you should go for a tool that is best able to cater to your needs, and it should be able to resolve your [cases easily].
- Go for quality not quantity: Many managers are simply focused on pushing devices and cases out the door, Santosh says. “I realized it over the years, I made the same mistake. I wanted quantity, not quality. But it’s the quality that matters at the end of the day, because the results matter, rather than just running around the bush, it will not help you anymore.”
- Adopt a digital strategy: Having the right digital strategy in place is critical. If you have a vision, you are an inspiration, people will follow you. People will know that he—or she, for that matter—is thinking about things. So this is what I feel about inspiration. But let me tell you, every uniformed soldier across the globe or planet, whether in any law enforcement agency, police, or any other service, inspires other countrymen. So that’s it. And I have a privilege, and I’m proud that I got this. “For a law enforcement agency, it [a digital strategy] is very important. It’s actually our bread and butter, so we cannot do without it. And if you don’t have it, you are toothless and will not be performing to your maximum as such.”
- Build a strong foundation: “If you are able to have a better foundation of getting your lab in place, your skilled manpower in place, and your tools in place, you are actually being much more of service to the nation
Why Strategy And Vision Are So Important
Contributing to your profession is equally important according to Santosh, “This cannot be bought by anything, not by money, not by any other thing. It’s my privilege, and I’m proud that an opportunity to serve the nation (as a digital forensic expert) by assisting the Law Enforcement Agencies in solving forensic cases has been given to me.”