No one would ever consider turning back the clock on digital technology. Our digital devices—phones, computers, wearables—are practically a part of us, making our work lives more productive and our personal lives more enjoyable. The skyrocketing number of digital devices being used and the exponential growth in the data they store, however, present some big challenges for law enforcement who find evidence stored on digital devices critically important to convicting criminals and exonerating the innocent.

One recent study showed that digital evidence from cell phones turned up in 96% of cases. Decentralizing the collect-and-review process will empower smaller local departments to significantly speed up the investigative process. (photo credit: Cellebrite Benchmark Report)

Criminals have quickly adapted to the new digital world in which we live, using technology to carry out all manner of crimes. Cellebrite’s 2021 Digital Intelligence Benchmark Report revealed that in the last year, smartphones were an evidence source in 96% of investigations, followed by Windows laptops (52%), feature phones (45%), and tablets (39%). Emerging technologies, a growing source of digital evidence that includes wearables and cryptocurrencies, also provided evidence in 8% of crimes in 2020.

Around the world, the volume of devices, applications, and resultant data associated with criminal investigations is rapidly rising. It’s not uncommon to find multiple devices turning up as evidence sources in even the simplest cases. Many of these devices are now highly encrypted, which makes lawful data collection a huge stumbling block, particularly during the first 48 hours of an investigation when lives may be at stake. Add to this the sheer volume of data newer devices are capable of storing and it’s no wonder examiners everywhere feel like they’re drowning in data.

The Big Picture

Many smaller local and regional police forces have historically turned to larger national and regional labs (hubs) to handle the lawful collection of data from mobile devices because they lack the tools and skilled personnel to do the work themselves. This process adds logistic elements and takes time. It also makes it impossible to get investigative breakthroughs early on in an investigation when it is most critical to solving the case.

The growing number of devices associated with cases and the amount of data newer models are capable of storing presents a huge challenge to labs that are already backlogged. (photo credit: shutterstock)

Today, however, despite being better equipped and having highly-trained professionals, processes, and protocols in place, larger labs are struggling to keep up. More devices, more data stored on devices, and more apps to contend with are all causing backlogs at central labs to grow. These bottlenecks are slowing the turnaround times for small police departments to get actionable intelligence to move investigations forward. They also make it difficult for regional police chiefs to prioritize cases and act on the most important one quickly.

The challenges of leveraging digital evidence in cases being investigated by some small local police forces in Europe, typify the obstacles many smaller police departments are facing everywhere. It’s important to put this into geographical context, however, as the relationship and dependence of small local police forces on larger Federal police agencies in Europe can be quite different than what is typically found here in the US. The important thing to remember is that by decentralizing the legal data-collection-and-review process (and not relying solely on Federal agencies to perform this function) smaller departments can speed up the investigative process.

While data collection and review used to be done at centralized locations controlled by larger Federal agencies in many locations, today’s technology allows this process to be done anywhere, greatly expediting time to evidence to move cases forward faster. In essence, the people handling the investigation at the local level can now do their own collection and review of data to avoid case slowdowns.

Small Departments Face Big Challenges

Until 2018, the Federal Police in one example we looked at in Europe handled data collection for all digital devices. Local forces would typically drive devices to the central lab then hand devices off for data collection. The Federal Police would then handle all of the lab work and provide the smaller local forces with a report of the data from which local investigators would then work.

mobile phone Cellebrite Lab Solutions
Backlogs at centralized labs have forced many local agencies to take up the slack in the collect-and-review process. However, many smaller agencies lack the skilled personnel and solutions to do so. (photo credit: Cellebrite)

As the number of devices and the data each device stored grew, however, the Federal Police couldn’t keep up, so they pushed responsibility for lawfully collecting data from cell phones back to the local forces. Here’s where it gets troublesome.

Like many smaller forces, only one detective and a colleague are responsible for accessing data from all mobile phones associated with criminal investigations. And in many instances, these same small teams must also handle computers. Encrypted devices are also causing major challenges.

Like many small police departments, the European force in our example employs UFED capability. This works well for many devices, but high-end Android and iPhones that are highly encrypted (and popular among criminals) pose a real problem. Because they lack more sophisticated tools like Cellebrite Premium and Cellebrite Premium Enterprise (ES) to access encrypted phones, small departments like this must ship those phones to the Federal Police for data collection. Adding to the slowdowns are laws that in some cases require court orders for the Federal Police to render assistance.

Adding to the challenge of getting court orders, problem devices must be driven to a federal lab for federal assistance. This diverts valuable time and human resources that might otherwise be working on cases. Then there is the lag time to get data reports back because the federal labs are overburdened.

In some European countries, it can take months to get data reports on computers back from centralized labs. Decentralizing the collect-and-review process by equipping local police units with the right solutions and training is one way to increase time to evidence to expedite case closures. (photo credit: shutterstock)

With PC’s, the problem is even worse with some local agencies having to wait 10 to 12 months to get results back from the Federal Police. In some European countries, the lag time is so great that local police have stopped seizing computers because they can’t afford to wait for months to get the results back.

While the woes faced by smaller agencies in Europe may be slightly different from those faced by many local police units here in the US, the solution to expediting case closures remains the same. Digitizing the investigative workflow—from collection to the lab, to review—must be done in large and smaller agencies to expedite time-to-evidence. Decentralizing and replicating collect-and-review capabilities from the main lab to the field will enable agencies of all sizes to cope with the growing volumes of devices, sources, applications, and data. It’s not a question of if but of when. This is where advice from a trusted partner can help.

Decentralizing DI

Solving the lab problem, however, is just one of the benefits decentralizing can bring to agencies. By equipping regional police forces with collect-and-review capabilities, they can lawfully collect and process data from devices themselves.

This will allow local forces to obtain actionable information quickly (critical in the first 48 hours of the case) to solve more crimes faster. Decentralizing data collection and review will also reduce the local departments’ dependency on the central labs, freeing up valuable time at the central labs to devote to cases that require more expert knowledge. This will also enable regional chiefs to prioritize cases more easily.

As a leader in Digital Intelligence technologies, Cellebrite’s experts see the trendline of constant growth in the number of devices, variety of devices, apps, data sources (IoT, the Cloud, wearable devices), and the resultant problems of data overload. And we have the solutions and expertise to overcome these challenges.

  • Strategy: Setting a DI strategy is the foundation on which everything that follows is built. It starts with agency managers at both the national and regional levels envisioning where they want their agencies to be in three to five years. What crimes do you deal with the most? What infrastructure do you have in place? How might Digital Intelligence solutions be integrated to streamline your present workflow to solve more crimes faster?

  • Infrastructure: What solutions/tools are you presently using and how might those tools be supplemented to do more? For example, smaller forces with UFEDs can add Cellebrite Premium and Cellebrite Premium Enterprise (ES)—a solution with scale that empowers UFEDs with Premium capabilities to unlock a wider range of modern, encrypted devices including high-end Android and iOS devices. Does your system provide adequate storage and can it be accessed from anywhere at any time? Is it secure?

  • Workflow: What does your present workflow look like? How might digital technology be used to collect, review, analyze, manage, and obtain insights from data to run your investigations more efficiently?

  • Training: Running Cellebrite’s basic solutions does not require highly-trained personnel, but considering who on the force needs immediate training to get up to speed is worth noting during your evaluation process. Looking ahead is also important.

    Understanding the importance of keeping employees well trained, INTERPOL has established the Virtual Academy in order to provide training to a larger audience. (Credit:
    Down the line, how might frontline officers be trained to do minor data collections in the field to reduce the strain on your lab? Cellebrite’s Learning Center offers a full curriculum leading to valuable certifications, and our online webinars and digital how-tos are unmatched in the industry.
  • Best practices: Once you solve the issue in the lab, you can begin to think more long-term in terms of digitizing the investigative workflow and what training and services will be required to optimize this system. From there, it’s then a question of establishing the best practices and protocols to protect and save lives, accelerate justice, preserve data privacy, and ensure the digital chain of evidence is secured. At Cellebrite, we can bring our best practices to you to streamline your workflow and help your department run more efficiently.
Decentralizing collection and review of data will eliminate backlogs and free up larger centralized labs to assist smaller local agencies with their most difficult cases. (photo credit: Cellebrite)

Digitally transforming your department doesn’t mean that you can’t use larger labs or outside resources. On the contrary, by taking on more of the responsibility for data collection from the centralized labs, they, in turn, can be freed up to help on the toughest cases you may need assistance on. Other resources, like Cellebrite Services, can also provide the knowledge, capabilities, and expertise needed to meet your mission—anytime, anywhere.

Our experts are there to support every step of your digital transformation journey and help increase the value of your Cellebrite investment to ensure you always get the most out of it. And our consultants can help set up a timetable for transformation and work through the entire process with you.

Key Benefits

Decentralizing data collection by equipping small/regional police units with collect-and-review capabilities will help solve more crimes faster and empower smaller forces to serve their communities better.

  • By freeing themselves of their dependency on the larger labs, local forces can get results on data collection faster—no more waiting weeks or months for data reports.

  • Gaining insights and leads faster, gathering golden evidence, corroborating the story, and confronting suspects with evidence early on results in a higher confession probability.

  • By handling data collections in-house, devices never leave your possession, so the digital chain of evidence is better protected.

  • Backlogs at the central hub and at the local level can be reduced.

  • By increasing collect-and-review capabilities at the local level, forces that stopped seizing laptops due to backlogs at the main lab can now deal with those devices. No device is left behind, so valuable evidence that might have been left undiscovered can now be used to build stronger cases while dependency on the main lab is reduced.

  • Time-to-evidence is accelerated.

  • Central hubs are freed up to concentrate their more highly trained staff on the toughest cases.

  • Larger, centralized labs can take on more of a consultive role to assist small police departments on their most difficult investigations.

  • Smaller departments become more efficient and can better serve their communities.

  • Trust in local police is enhanced.


Decentralizing the collect-and-review process takes time and investment, but by partnering with Cellebrite, smaller agencies can free themselves of their dependency on larger labs to increase their ownership of the investigative process, control priorities, and minimize backlogs. And because Cellebrite solutions are easy to implement with short training times, smaller police departments don’t need a staff of highly trained technical people to get started.

To learn more about how Cellebrite’s experts can expedite your department’s digital transformation, click here.

Share this post