Boulder, Colo., police uses mobile data extraction tech to crack cases
A rash of heroin overdoses in Boulder, Colorado, earlier this year had Detective Mike Heidel searching for answers. It turned out some technology the police department already had in-house provided the solution he was looking for.
The Boulder Police Department started using Cellebrite’s Universal Forensic Extraction Device link analysis software last year as a way to extract data off cell phones. With the number of overdoses growing, Heidel’s team of investigators used the tool to sort through the victims’ cell phone data and get an inside look at who the victims were calling.
“We were looking to see who these people might be getting the heroin from,” Heidel told StateScoop. “When there were search warrants done and people arrested, we were collecting cellphones and uploading those and then putting them into the Cellebrite analytic.”
The detectives were then able to run analyses of that data without the help of a forensic analyst, Heidel noted.
While that may seem like a common sense solution, many of the other law enforcement agencies using the technology depend on analysts. By putting the tool in the hands of investigators, Boulder’s become an innovator among the other departments using cellphone data extraction tools.
“Traditionally, agencies have relied exclusively on mobile forensic examiners to perform extraction then provide reports to investigators,” said Cellebrite Vice President of Marketing Jeremy Nazarian. “Boulder is really broadening this and making it available to the investigator.”
Heidel’s team uses Cellebrite’s “UFED 4PC” software, allowing them to install it on any computer. From there, detective can connect a cellphone to that computer to push past the device’s passwords.
“You’ve got to get in the front door before you can root around in the closet,” Nazarian said.
The program can access data stored on the phone or in its applications and provide a “high level of automation” to the process beyond just rifling through the device, and it can extract and reconstruct data that might have been deleted from the phone.
“We accomplish this by performing a bit-by-bit re-imaging of the hard drive, so we can find hidden or deleted pieces of information,” Nazarian said.
Cellebrite’s program then lets users compile that data into a spreadsheet, or lay things out in a timeline. The tool also allows for data from multiple phones to be included in the same visualization, which Heidel feels is crucial for cases involving a variety of suspects or witnesses, like those involved in Boulder’s heroin overdose case or even gang investigations.
“In the old days … you’d have spreadsheets with the phone call records and from the cellphone, you’d go through there and you’d get records from another phone and another phone, and you’d combine those and try to show common phone numbers and it’s a tedious process,” Heidel said. “This does it for you automatically.”
The tool also allows investigators to access a phone without modifying it or its contents, Nazarian said. That feature has spurred privacy concerns in the past. After the Michigan State Police adopted Cellebrite technology in 2008, the state’s chapter of the American Civil Liberties Union wrote a letter in 2011 expressing the fear that the tool would make it easier for troopers to search phones without adhering to standards that require they obtain a warrant first.
“A device that allows immediate, surreptitious intrusion into private data creates enormous risks that troopers will ignore these requirements to the detriment of the constitutional rights of persons whose cellphones are searched,” the group wrote.
Michigan State Police called that allegation a “divisive tactic,” and persisted using the devices, claiming that they’re only used when police have a warrant or the consent of the device’s owner. Similarly, Heidel stressed that his investigators only use the technology when they have a search warrant.
Yet, even with a warrant in hand, police may still be stifled by encrypted devices, whether they’re using UFED software or not. It’s part of the reason the FBI is pushing for tech companies to include “backdoors” to let law enforcement officers bypass any type of encryption.
But even with that type of access to devices still up in the air, Heidel said the software’s benefits have made it essential to the way his team conducts complex investigations.
“The stuff that we do with these records, it may never see the light of day in court, but it helps us to drive our investigations,” Heidel said.