Issue link: https://let.epubxp.com/i/143936
COVER STORY but to send the digital device to a lab, according to Pepenella. He explains at times officers cannot bypass a cell phone or computer password because a JTAG has been used to block access. "These devices have to be sent out because a forensics examiner must take them apart to recover data," he explains. Benefits The primary advantage of digital triage is improved access to forensic evidence. "Ninety percent of the digital media recovered is never looked at because it's no longer needed by the time the lab gets to it," Eskridge says. Consider this example: Authorities confiscate a computer in a fraud case and send it to the state RCFL. In the 13 months it takes for state officials to examine that computer, the suspect may have already plead guilty to two charges of fraud and sentenced to 90 days in the county jail and two years of probation. Eskridge explains, "If I'm a bad guy, I'll plead guilty right away, knowing that if I let the case drag on and authorities actually look at my computer, I'll be facing 100 counts of fraud and state prison. In this example, when the lab finally gets to that computer a year later, the detective tells them the case was already plead out, and state officials never look at the hard drive. Now imagine that same case if they had looked at that drive immediately." Triaging cell phones in particular can have an immediate impact. "Cell phones are much easier to triage than a computer," he says. "We have what we call the 85 percent rule. Eighty-five percent of the cell phones you come across could be lawfully searched when officers seized the phone. Officers could get the exact same data in five minutes that they would have received two weeks to a month later from the crime lab." The result is faster turnaround. Pasco County's official turnaround is 30 days for cell phones and six months for computers. "But realistically we're looking at about a month for computers and a week for cell phones," Pepenella says. "And sometimes, depending on the case, we process them right away." Faster turnaround boosts law enforcement's crime solving capabilities. "We had one case where detectives had an accusa- Cell phones can be quickly processed with tools that rely on advanced plug-in technology to quickly search through emails, chat logs, messages, Internet files and call data. 24 Law Enforcement Technology July 2013 www.officer.com tion that involved sexual battery, and with the information [the investigator] got off the cell phone, he was able to conclude his case in a matter of hours," Pepenella recalls. Technology If a full-blown computer forensics lab that can handle 95 percent of all digital investigations is what a department desires, an agency requires the following technology: The concept of digital triage is simple: Police rely on a… method to prioritize which… devices require in-depth forensic analysis and must be sent to a state lab, and which ones can be analyzed at the department via a simplifed triage scan. ■ Write blockers. The UltraKit III from Digital Intelligence, for example, houses a complete set of write blockers that allow investigators to capture a forensically sound image of a hard drive or storage device. The hard drive duplicator, Data Copy King (DCK) from SalvationDATA, also can be used for this purpose. ■ Specialized digital forensics software, such as Guidance Software's EnCase Forensic or AccessData's Forensic Toolkit (FTK). ■ Software designed to analyze phones and other portable devices. Susteen's SecureView for Forensics, Micro Systemation's XRY, Paraben Corporation's P2 Commander, and Cellebrite's UFED Ultimate all perform forensic analysis of today's cell phones, including smart phones. ■ A powerful forensics computer. Forensic Computers Inc., HTCI and Digital Intelligence will custom-build computers to meet a department's digital analysis needs. "This is not a