Bapi Saha, Forensic Digital Analyst
Bapi Saha, Digital Forensic Analyst , sees the growth in the number of devices per case as one of his team’s biggest challenges. (Credit: Bapi Saha)

Time is the enemy for digital forensics organizations trying to keep up with the flood of devices, typically mobile phones, coming into their labs for rapid data collection and analysis. At the Digital Forensics Division, Tripura State Forensic Science Laboratory in northeastern India, a staff of three people, led by Bapi Saha, Digital Forensic Analyst, field about 15 electronic exhibits per case – an increase from one to two exhibits per case just a few years ago.

In a state where drug trafficking is a major challenge through neighboring Bangladesh, the Tripura team is under pressure to not only process the devices, but to “decode” the habits and behaviors of criminals. Once the Tripura lab adopted Digital Intelligence technology, analysts were able to speed up the process of delivering digital evidence to investigators, and solving more crimes, more quickly. (Digital Intelligence is the data collected and preserved from digital sources and data types – such as smartphones, computers, and the cloud – and the process by which agencies collect, review, analyze, manage, and obtain insights from this data to run their investigations more efficiently.)

“Without the Digital Intelligence tools, we would have to spend an enormous amount of time on tasks like image categorization” 

A Steady Increase in Digital Devices Per Case

Saha and his colleagues have watched the number of digital devices per case rise steadily. “We used to see one or two mobile devices in a case,” says Saha. “Today, the average is 5 to 10 mobiles. Last week, we received one case with 16 mobile phones.” The cases themselves are multiplying as well; whereas the lab used to manage only about 15 cases per year, there are sometimes as many as 170 cases per year.

Digital Intelligence technology has proven to be a force multiplier for the Tripura team. Analysts are now able to speed up the process of delivering digital evidence to investigators, which allows more crimes to be solved faster. (Credit: sfal.tripura.gov.in)

Absorbing this exponential increase in cases would not be possible without technology to help forensic analysts collect digital evidence more quickly, and to apply their own investigative skills to viewing evidence and finding patterns and behaviors that can help investigators solve crimes.

“Without the Digital Intelligence tools, we would have to spend an enormous amount of time on tasks like image categorization,” Saha explains. “Mobile devices have more and more data, and we have to locate the evidence from within this unstructured data and categorize it – all of which takes a lot of time.”

With the help of Cellebrite Digital Intelligence solutions, the Tripura team has totally streamlined their investigative process. This has empowered them to go from managing only 25 cases per year to handling as many as 170 cases per year today. (Credit: sfal.tripura.gov.in)

As Saha and his colleagues have perfected their use of solutions such as Cellebrite UFED, they have been able to compress the timelines for collecting and analyzing data to the point where they can manage as many as 170 cases in a given year – a vast improvement over the 25 cases per year they were limited to before using Digital Intelligence solutions.

 

Decoding the Language of Criminals

The Tripura lab’s adoption of Digital Intelligence solutions doesn’t only deliver speed – it delivers insights that can help lab analysts and criminal investigators solve crimes. In one recent case, a bank account holder alerted authorities that someone had made an unauthorized withdrawal from his account. The bank, suspecting that an employee was involved in the theft, asked Tripura authorities to investigate. After an investigating officer obtained the employee’s phone, Saha and his analyst colleagues used UFED to examine databases of banking applications found among the phone’s data.

“We managed to obtain one database,” Saha explains. The team extracted the data using UFED 4PC, and then used the SQLite database viewer to pull information from the database. Within that database, the Tripura team located logs about transferring funds from the customer’s bank account on the day in question. The case is currently ongoing.

The ability to categorize data using Digital Intelligence solutions has helped Saha and his colleagues organize information, such as text messages and photos, to run investigations more efficiently. This now allows them to spend more time looking for actual evidence. (Credit: gadgets360.ndtv.com)

In another recent set of cases involving drug-dealing, Tripura analysts were able to obtain videos from one suspect’s phone providing instructions on consuming certain types of drugs. But the most useful data obtained by analysts, again using UFED, was the coded language that dealers were using with their customers to confirm deals.

For example, Saha explains, a photo might show a 10-rupee note, and include a message along the lines of, “We will send an agent to you and he will show you the same currency.” A drugs customer would need to confirm the amount of the note in order for the deal to proceed. By uncovering this coded language, the Tripura team could compile a list of probable drug deals by the suspects – and pass these assumptions along to investigators for further review. (This case is also in progress.)

Closing More Cases: The Ultimate Goal

The result of the Tripura lab’s adoption of Digital Intelligence solutions is that more cases are closed more quickly. “Every day, we learn about more cases that have been solved,” Saha says. “We also hear how police are branching out into other aspects of cases. When we analyze one mobile phone, police learn about other people who might be involved in the same illegal activity.”

The ability to categorize data also helps Saha and his colleagues organize information such as text messages and photos, so that they can spend more time looking for actual evidence.

Categorization helps the digital analysts quickly finding relevant data like call logs, contacts, chat messages, web history, audio, databases, and videos from the defined set of categories within UFED Physical Analyzer. AI image categorization also reduces the team’s efforts to sort out specific image categories – including drugs, weapons, identity cards, nudity, and screenshots – from the large set of images received from the different data sources. This capability also minimizes potential errors associated with manually finding relevant image files within a large number of decoded images.

Likewise, reports from Digital Intelligence solutions such as Cellebrite UFED improve communications among law enforcement officers and courts – boosting the chances that evidence will be accepted and cases will proceed smoothly.

So far, Saha and his team have successfully taken control of the time element when trying to rapidly bring digital evidence to investigators. But Saha is well aware that he and his lab colleagues can’t rest easy when it comes to understanding technology that’s used by criminals.

“We have to continually upgrade our knowledge of technology,” he says. “It’s changing every day. What’s new? What’s trending? That’s what we need to study.”