As with most places in the world, cybercrime has been on the rise in Georgia — but an elite group of forensic experts has stepped in.

Georgia Bureau of Investigations logo – Source: GBI Website

To prevent the expansion of cyber-related criminal activity in the state, the Office of the Governor, the Georgia Bureau of Investigation (GBI), the Georgia Technology Authority, and Augusta University joined forces to launch the Georgia Cyber Crime Center (G3C) in 2018. Together, G3C assists local and state law enforcement agencies with complex investigations involving digital crime.

At the helm of G3C is Special Agent in Charge Steve Foster, who has been a crime scene specialist with GBI for 28 years.

“Technology has changed the nature of crime,” Foster said. “We need the tools and people in place to be able to work through the challenges.”

There are two components to crime when technology is involved, Foster explained: latency and patency. With latency, the technology is running in the background providing information the criminal may not even know exists — a mobile phone in the pocket or a car’s GPS. Patency, on the other hand, is intentional. The criminal uses technology to their advantage, and it’s up to law enforcement to determine who it is and where they’re operating.

“It is truly a cat and mouse game of privacy and obfuscation to find that evidence,” he said.

The evolution of evidence

Having spent much of his career at the scene of the crime, Foster has had a front-row seat in the evolution of forensic investigations.

G3C is Special Agent in Charge Steve Foster, who has been a crime scene specialist with GBI for 28 years – Georgia Bureau of Investigations – Source: Cellebrite

“The technologies involved in traditional physical evidence have always moved at a snail’s pace,” he said. “You can go back over 100 years and see the first fingerprint powders being developed, understanding ridges, bifurcations, and those types of things. It took decades to move from powders to chemicals to AFIS (automated fingerprint identification system), and CODIS (combined DNA index system).”

While this slow progression has always been a challenge, today it’s technology’s rapid pace of change that must be faced and overcome.

“Every time Apple comes out with an updated iOS, we’re dealing with new challenges and new problems,” Foster explained. “That change is coming daily.”

Working for a large state-funded agency, Foster has been able to keep up with the changes, having carte blanche in building the toolkit. Unlike many of the smaller agencies that are funded by grants, he and his team were able to try out different technologies before deciding what was necessary.

“We did it in reverse order,” he said. “We started with everything and worked our way backward, which is a really good place to be budgetarily. We were able to buy all the tools we needed and pare down what was unused or unneeded over the course of years.”

For GBI that means having an assortment of tools from various vendors to work through digital evidence in the most efficient way possible. Smaller agencies, on the other hand, must consider how to keep up with digital transformation within a budget.

“My perspective is to look for the all-in-one. That’s where you start. You find a tool that does the most bang for the buck.”

Embracing the change

There may be ways to get funding and a plethora of tools to consider, but trusting change can be a struggle, especially for agencies that have their own way of doing things.

“Anytime we trust our evidence to a third-party agency, that gets a little territorial. We know what we do. We don’t know what the other groups do.”

Foster explained that even as a state agency with a closed loop, they’ve been hesitant to move from the system they have complete control over to one that’s cloud-based. At the same time, he also accepts they eventually must do that.

“Not just for storage, but for dissemination. It’s a lot easier to give a prosecutor a temporary password to access his case file and download everything from his office, without us having to mail anything or drive. That’s an important step that we’re looking at as we move forward with this.”

Georgia Bureau of Investigations office – Source: Cellebrite

Preservation of data is also essential. “That’s one of the challenges as an agency comes online, is how do we preserve this? How do we isolate it from the crime scene to the courtroom?” GBI uses an air gap system for evidence, but ultimately, law enforcement agencies will have to find confidence in the security of the cloud if they want to keep up.

It’s a matter of trust

As Foster puts it, one of the most important tools in the forensics toolbox is validation — and technology provides that in more ways than one.

“People use technology every day. They trust technology. It allows people to trust their own eyes and judge for themselves. We’ve seen bite mark evidence come into question. We’ve seen handwriting evidence come into question. Even ballistics evidence comes into question. The ones and zeros behind this are really difficult to break down.”

Not only does digital evidence help convict or exonerate suspects, but it also builds trust within communities and with police officers. “If your police are proven right by the technology, then your community’s going to say, okay, we can put trust in these guys.”

In Foster’s experience, people are starting to give more weight to digital evidence than traditional physical evidence. Take the timing component, for instance. If your fingerprint or DNA is found at a crime scene, investigators know you were there, but they can’t put you there at a specific time. Have a phone in your pocket or your car driving by? That evidence doesn’t lie, which is why digital forensics technology is so critical.

“We’re getting terabytes of data coming in,” Foster said. “Everything they’ve ever done is stored, and we’re only looking for a small percentage of that. Having the technology to almost surgically go in, find, and isolate the evidence we need without having to sift through everything is absolutely critical. And it’s going to be more critical going forward.”

Tomorrow is today

Like many larger agencies, Foster’s team is decentralized, with agents spread out across the state. He believes sharing information quickly and effectively would be much more difficult without the tools he’s gathered.

“Without accepting technology as the key to advancing your program forward, you’re going to fall behind,” he said. “You have to accept the fact that technology is advancing. It’s here. It provides a tremendous amount of efficiency and information sharing.”

Georgia Bureau of Investigations office – Source: Cellebrite

Foster points to the fact that emerging technology like Cellebrite Premium helps his team get evidence in ways they previously could not. “In a lot of cases, we’re getting evidence that we didn’t have a week or two ago.”  But even with advancements, he’s quick to note that we still have a way to go.

“We need technology that supports automobile forensics, cell phone forensics, computer forensics all under one umbrella. That’s what we’re looking for.”

In its ongoing mission to provide the highest-quality investigative, scientific, and information services to the criminal justice community, the GBI knows the importance of digital transformation.

“Tomorrow is today,” Foster emphasized. “The opportunity to find important evidence is everywhere around us. If we don’t use technology, then who are we serving?”

Share this post
3 Aspects of Digital Transformation within Law Enforcement View Now