As every investigator of any age realizes during the first week on the job, there’s such a thing as too much data – data that’s so voluminous that it’s a barrier to the speedy resolution of cases. Detective Senior Sergeant Chris Knight, who joined Australia’s Queensland Police Service in 1990, knows what it’s like to be at the starting point of an investigation without a clear direction.

Sergeant Chris KNIGHT the Queensland Police Service
Detective Senior Sergeant Chris KNIGHT of the Queensland Police Service – Homicide Investigation Unit Operations Leader

“What we would have done in the past is continue to throw more and more resources at a case until we could get the answers we needed,” says Knight, who’s also Operations Leader of the service’s Homicide Investigation Unit. “So you’d put a lot of resources into trying to validate or negate what suspects were saying.”

It was a costly and slow way to solve cases – but it was the only way policing could do its detective work. And as mobile devices became commonplace, mountains of paper evidence became terabytes of digital data that was no easier to leverage to shed light on a case’s big picture.

Today, for Det. Knight and his peers around the world, digital intelligence – which helps investigators transform the way they conduct investigations in the digital age – has dramatically sped up investigations.

As he explains it, digital intelligence gives him and his colleagues the virtual equivalent of highway markers, turn signals, and detour signs: Instead of dead ends and wasted time on fruitless leads, investigators get data that gives cases context, points them toward suspects, and reveals admissible evidence.

Need proof that digital data helps crack cases? In recent years, the Queensland Police Service has solved in excess of 97% of its homicide cases. “It’s allowed us to place our resources into precisely targeted areas and get independent corroboration that confirms our data is accurate – which gives us greater credibility in court,” Det. Knight says. Queensland’s homicide unit routinely uses a range of capabilities to ensure digital data is captured as soon as an investigation begins. This includes a range of products to extract and decode data, as well as Cellebrite UFED Cloud for cloud extractions. 

Balancing Digital Data with On-the-Ground Policing

For Knight, solving homicides is often a resource issue. Teams want to use staff effectively and in a targeted manner.   

That’s not to say that Queensland police officers have done away with traditional investigative techniques. Det. Knight says data extraction and analysis work in partnership with on-the-ground detective work – assuming the two techniques are carefully matched.

“While digital data has given us a reach that we never had in the past, the big challenge is balancing technology against more conventional investigative practices,” says Det. Knight.

A missing-persons case – one that turned out to be the murder of a young Queensland woman – highlights the importance of using data insights to lead investigators to answers. In 2015, when the woman was reported missing by her family, Queensland police established that she was last seen with a 19-year-old man who insisted he’d picked her up at school, drove her to another location, and left her.

Needing to establish the facts and validate his version of events, investigators realized they needed data that would prove his whereabouts that afternoon– and from there, point them toward evidence that could lead them to the woman and signs of a criminal act. Det. Knight and his team also knew that corroborating data could come from many sources – not just the man’s cell phone, but also from CCTV and local witnesses. It all had to be gathered and analyzed swiftly and had to inform the detectives’ search as they canvassed the region for clues.

Questioning the suspect further, and pushing for the truth, was the traditional investigative tactic, but one that would take time and people that could be better used to place the suspect near a crime scene. To complement questioning, the Queensland homicide team performed a data extraction of the suspect’s phone using Cellebrite UFED Touch 2; once the team realized there could be more data of value, the department’s crime lab also used Cellebrite UFED Ultimate.

In analyzing non-coded databases, investigators found a geolocation showing that the suspect was about five kilometers south of the position he told police he was at with the missing woman.

Making the Most of Scarce Policing Resources

This was the point when the hunt gathered steam, as investigators used data from many sources and began analyzing it with Cellebrite Physical Analyzer and the data carving functions with this product. With the suspect’s new location in a rural area, investigators appealed to businesses and residents to share CCTV footage and search their properties for signs of the missing woman. 

Investigators manually reviewed the CCTV footage; the local appeal for information, based on the digital information, resulted in the discovery of the woman’s body about two weeks after she was reported missing.

“You can’t cover every inch of ground using police resources,” Det. Knight says. “We might have found the body using conventional tactics.” But by narrowing down the area in question by analyzing phone data, and issuing appeals to the public via local media, the search for the victim was significantly shortened.

Now that they had a victim’s body and a location, investigators could amass more evidence. They used UFED and data carving of a non-decoded section of the phone’s database to reveal spoken turn-by-turn directions requested of Google Maps. Because the suspect was in a rural area, the directions easily allowed investigators to identify roads the suspect had traveled on – and to back up these findings with CCTV.

The data types used by investigators included web search data, gleaned from the suspect’s phone using Cellebrite Physical Analyzer. One day before the murder took place, the suspect was found to have used the search term, “best way to dispose of a body.”

Digital Data is Key to Placing Suspect at the Scene – and Uncovering His Motive

The Queensland investigation not only helped charge the suspect with the young woman’s murder, it bolstered the case in court. Initially, after the deceased’s body was found, detectives swiftly arrested the suspect, charging him with murder.  As the trial approached, the suspect changed his stance and offered a guilty plea to the lesser offence of manslaughter. But when the web search term data showed he’d looked up “best way to dispose of a body” the day before the killing, the prosecution’s position was strengthened and progressed to trial for the offence of murder.

This piece of data was key to proving his motive. Investigators created a detailed map of the suspect’s movements, using data points gleaned from his phone and web searches as well as CCTV footage, and eventually presented the map to the jury – contradicting the suspect’s first statements of his whereabouts at the time of the crime.

The suspect was found guilty of murder and sentenced to life in prison. His appeal was quashed, in part because the digital evidence – which proved the murderer had lied and concealed evidence – withstood the rigors of the court process.

The Challenge of Capturing, Analyzing, and Triaging Data

The growing data types that help solve crimes like the Queensland woman’s murder are welcomed by investigators – with the caveat that they need tools to collect the data and make sense of it.

“There’s a whole new set of challenges in interpreting that data,” Det. Knight says. “There’s routine data like CCTV footage, and of course there’s more phone data since storage on the phones keeps increasing massively. Capturing the data is one thing, but having the resources to triage and review it is a significant challenge. That’s why we need automated tools that we can put faith in, because we need to make big decisions based on what we discover.”

Massive storehouses of data make the time crunch of even investigations more critical. As Det. Knight explains, CCTV footage isn’t designed for long-term storage: Most of it is only stored and retained for a limited time.

“Once you get beyond seven to 10 days, you may not ever recover that footage,” he says. “If we can get to the places where we can capture that data in a timely manner, it gives us far greater opportunity to solve cases. Any analytics tool that points you in the right directions gives you a tremendous advantage.”

Digital Data, Used Correctly, Resolves Cases Faster

While traditional investigative techniques and detectives’ own powers of analysis have by no means been put on a shelf, there’s no doubt, Det. Knight says, the challenge is to balance the digital evidence review process with fundamental investigative practices.

“If people overestimate the value of digital intelligence and don’t understand it, the risk is that you become lazy and place too much emphasis on it – and as a result, the conventional investigation can suffer, he says. “We still have to go out and canvass, we still have to go out and do our interviews – that hasn’t changed. But we can’t isolate our techniques. They have to complement each other.”

That balancing act isn’t a once-and-done deal, he adds.   Over the two years that the Queensland murder investigation began until the murderer was convicted, the investigative team uncovered even more evidence.

“As the trial started, we ran new and improved analytic tools over exactly the same data, and we actually recovered more,” Det. Knight says. “That was really beneficial and gave us a lot of clarity on the case.”

Det. Knight is hopeful that as the pace of digital intelligence innovation accelerates, police teams will innovate on ways to use tech to enhance their investigations. “You can’t assume that technology will solve all the problems for you,” he says. “But what it can do is shorten the time needed to know where to look for answers.”