Kerala Police Digital Forensics Lab (Credit:keralapolice.gov.in)

India’s Kerala State, on the country’s southwestern coast, has seen an unprecedented increase in cybercrime cases involving mobile devices since the Kerala Police Forensics Laboratory’s digital forensics unit was founded in 2009. That year, when Dr. S. P. Sunil launched the five-person digital forensics lab, only a handful of mobile phones came across investigators’ desks. Today, as many as 800 mobile phones arrive at the cybercrime unit yearly. For one recent case, 35 mobile phones were assigned to investigators like Assistant Director A.S. Deepa.

Dr. S. P. Sunil launched the Kerala Police Forensic’s Laboratory digital forensics unit in 2009. (Credit: Kerala State Police)

“There are so many challenges today, besides the numbers of phones,” says Deepa, who trained at India’s Centre for Development of Advanced Computing and the National Institute of Criminology and Forensic Science, as did Dr. Sunil. “Circumventing the passwords of some phones is very difficult. And now there are so many more models of mobile phones in the market.” Court cases have also increased, with court officials sending constant requests for forensic reports.

 

It’s against this backdrop of an increased workload and demands for faster and more well-informed forensic reports that forensic leaders such as Deepa and Dr. Sunil must deploy two essential tools to solve cases: persistence and technology.

“We’re continuously training investigators from other departments. We’ll explain how Cellebrite Digital Intelligence solutions work, and the various types of data collections that investigators might need to do”.

A.S. Deepa, Assistant Director of the Kerala digital forensics lab (Credit: Kerala State Police’s Digital Forensics Lab)

Persistence is critical for cases where many stumbling blocks, like passwords and damaged devices, stand in the way of case resolution. Technology can guide dedicated investigators in their search for answers, collecting and analyzing Digital Intelligence that creates paths toward suspects and convictions. (Digital Intelligence is the data collected and preserved from digital sources and data types – such as smartphones, computers, and the cloud – and the process by which agencies collect, review, analyze, manage, and obtain insights from this data to more efficiently run their investigations.)

To bring Digital Intelligence to cases, the Kerala lab’s investigators use Cellebrite access solutions to support their persistence and knowledge. But given the lab’s ambitious plans to meet the many challenges facing its digital forensics team, Dr. Sunil plans to adopt Cellebrite Premium in addition to their current access solutions to handle iOS and advanced Android devices.

Cellebrite Pathfinder allows investigators to see all of the connections between suspects and those they’ve been in contact with. (Credit: Cellebrite)

Having a robust Digital Intelligence platform in place that includes a powerful analytics solution like Cellebrite Pathfinder to automate the analysis of digital data and build visual narratives to resolve investigations faster is the goal. This platform will allow Dr. Sunil’s team to expedite time to evidence, keep backlogs on device examinations to a minimum, and equip his team for the digital challenges of the future as DI becomes ever more important to solving cases.

Sharing Knowledge with Interpol and India Police Departments

The Kerala Police Forensics Laboratory’s digital forensics lab has ambitions to become “India’s number-one forensics lab,” says Dr. Sunil. “As we gain more and more information about devices, it makes us more motivated to get convictions and close cases.”

Police departments and crime forensic labs from around India seek guidance from the Kerala lab since it’s built a reputation for adopting advanced Digital Intelligence tools and techniques since its founding. The Kerala police department is considered a national expert in investigating crimes involving child pornography; departments from all across India come to the Kerala lab to seek advice on the latest tactics for fighting these crimes.

“People are using more and more advanced phones, so if we want to find the evidence that solves crimes, we need the right tools more and more”.

“We’re continuously training investigators from other departments,” Deepa explains. “We’ll explain how Cellebrite Digital Intelligence solutions work, and the various types of data collections that investigators might need to do.” The Kerala digital forensics lab also hosts investigators from the national Indian Police Service.

The Kerala digital forensics lab hosts police departments and crime forensic labs from around India to help solve cases (Credit: Kerala State Police’s Digital Forensics Lab)

The Kerala lab often partners with Interpol, the international policing and crime control organization, to help collect and review mobile phone data relating to international cases. To date, the lab has assisted Interpol in about 200 child pornography cases. In addition, the lab assists in a Kerala Police investigative unit called Operation P Hunt, which works to prevent the dissemination of child porn content and to stop sexual violence against children. The forensic reports generated by Dr. Sunil’s team are shared with the Operation P Hunt team.

Painstakingly Reconstructing a Broken Phone

In 2019, the persistence and expertise of the Kerala digital forensics teams were tested when a sensational murder case that rocked the state, hinged on the ability to obtain Digital Intelligence from a suspect’s mobile phone. In July of that year, the body of Rekha Mol, a 30-year-old woman, was found in Amboori after she had gone missing for about five weeks. The suspects were Mol’s boyfriend Arun Nair, and his brother Rohit.

On interrogating friends of Mol and Arun, police discovered that the man, who had planned to marry another woman, had strangled Mol and buried her body, which police then found and exhumed. A friend of the couple also said that Nair and Rohit had destroyed Mol’s phone, a Xiaomi Mi Max 2, and scattered the pieces around Kerala in order to destroy evidence.

A.S. Deepa, assistant director of the Kerala digital forensics lab, reconstructed this Xiaomi Mi Max 2 phone over the course of several weeks. Using Cellebrite Digital Intelligence solutions, the phone eventually provided critical evidence in the case (Credit: Kerala State Police’s Digital Forensics Lab)

Kerala police carefully searched the locations provided by the couple’s friend, and amazingly, were able to deliver many key parts from different locations in the state to the digital lab, such as the motherboard and the central display unit. As Deepa recalls, the police did a heroic job of rounding up the pieces from nearby woods, canals, and rivers.

“We don’t have a technical person on staff or extra accessories to put together a broken phone,” Deepa says. “I had some interest, so I decided to work on this project myself.”

The process of rebuilding the phone to the point where Deepa could collect data was long and painstaking. Deepa first checked the phone’s motherboard and found that it appeared to be working. She purchased a new display unit for Xiaomi Mi Max 2 phones in order to connect it to the motherboard and see if the phone would boot up. “The power switch was partially broken, but still attached to the phone,” Deepa recalls. “And the phone came on!”

That was good news, but Deepa had much more work to do. “I was in tears sometimes, wondering if I could ever break into this phone,” she recalls. “I knew this was the only digital evidence we’d have because there was no cloud data. My husband and my son kept cheering me on – and so did Dr. Sunil.”

“As we gain more and more information about devices, it makes us more motivated to get convictions and close cases”.

Shortly after getting the phone operational, Deepa attempted to guess the phone’s password. But when she was informed by Mol’s friends that the woman had set a long and complicated password for the phone, Deepa stopped her trial-and-error method. She attached a USB charging cable to the phone, and then attached the phone to the UFED Touch 2.

Deepa was able to unlock the phone and collect the evidence using technology developed by Cellebrite.

Digital Intelligence Yields Connections to Alleged Killers

The process of finding the phone’s scattered pieces, putting it back together, overcoming issues like broken display units, and finally, collecting the data, took about two months. The wait was worth it: Deepa found WhatsApp chats between Mol and Nair, as well as recorded conversations, photos, and videos between the two.

From this evidence, it was clear that Nair had asked Mol to meet him at his new home under construction, just next to the site where Mol’s body was later found. A friend of the Nair brothers, who was interrogated by police, said the woman was strangled in a car just in front of the house, after which she was buried.

The digital lab’s process for the Amboori murder started with a broken, damaged phone – and ended with Deepa cracking the case. As Dr. Sunil points out, it’s the kind of outcome that drives his small team to come to work every day and apply their skills to solving and closing cases.

“This is why we want to upgrade our lab even more,” says Dr. Sunil. “People are using more and more advanced phones, so if we want to find the evidence that solves crimes, we need the right tools more and more.”

Note: Names of the suspects and victims have been changed.