FBINAA Associate Q1 Magazine
Continued from "Digital Evidence", on page 31 like a fingerprint, it will always be unique to a specific individual. This preciseness provides incredible value to the evidentiary nature of the records. More importantly, this evidence can be both inculpatory (a person committed a crime) or exculpatory (a person did not commit a crime). To develop best practices associated with geolocation and call detail record evidence, we must clearly define what is re - quired to establish a sufficient data sample that reveals a reliable “pattern of life.” • Time. The primary best practice requirement associated with exculpatory digital evidence is time. A span of time that provides a large enough data sample to clearly identify patterns within the records is mandatory. This typically requires a minimum span of 30 days to determine if a device has had consistent usage. However, 60 days or more is always preferred. • Usage. A secondary requirement is usage within that time. Ideally, the data will contain daily activity providing data that detail voice call connections, text message connections, and data connections. In addition to the voice, text, and data records, geolocation data is also required. Gaps of non-usage, or lack of activity within the span of time, should be carefully examined to determine if any gaps seen are part of a pattern within the records or an isolated anomaly. • Analysis. A detailed analysis of device activity and pattern of life is always required as a best practice. The process of completing a “detailed analysis” is far too complex and lengthy to be discussed here; however, a final requirement to a detailed analysis is the peer review process. A peer review is having a group of your peers review the analysis for accuracy. Peer reviews should be conducted within a group of peers, not a one-to-one review. EVIDENTIARY CONCERNS By identifying the necessary requirements to develop a pat- tern of life, we can move onto the evidentiary concerns associ - ated with digital data. This data is digitally stored and maintained by communication service providers in the normal course of busi- ness. Within the normal course of business, the communication providers will purge the data at some point. This evidence has a shelf life. Therefore, establishing and following required best practices is critical to the exculpatory nature of digital evidence. Failure to do the simple task of record preservation could result in evidence suppression, or even worse, a wrongful conviction. The following case summaries provide real-life examples illustrating the need to establish best practices associated with the methodologies discussed: • During a homicide investigation, investigators identify a suspect and obtain only three days of their carrier’s cell phone records. By analyzing the records at the time of the crime, the geolocation data reveals the mobile device is in the immediate area of the homicide. This association of device location at/near the crime scene at the time of the crime is heavily relied on for the criminal prosecution. o By developing a limited pattern of life based on three days of data, the suspect’s device is found to be in the area of the homicide all three days. This is the inculpatory value of the records. o If investigators had requested 60 days of carrier cell phone records, the pattern of life would have revealed the
person is commonly in the area of the homicide, thereby revealing the exculpatory value of the records. o When investigators improperly analyze a single point of time and determine the evidentiary value in a vacuum, a pattern of life is not developed, and the records appear to provide convincing evidence the suspect is related to the crime scene. When properly analyzed with 60 days of records and a complete pattern of life is developed, it is found the suspect device is regularly in the area of the homicide scene as the suspect’s work location is in near proximity to the scene. This evidence is exculpatory in nature. • During a drive-by shooting investigation that resulted in the homicide of a child, investigators identify a cell phone associated with a potential suspect and obtain 60 days of records. The investigators analyze the records for only the day of the drive-by and discover the phone was in the area of the drive-by at the time of the shooting. The records indicate there were calls between the suspect’s phone and the victim’s phone. The subscriber of the phone is arrested, largely based on the evidence related to the mobile device records on the day of the drive-by. o In completing a thorough analysis and developing a detailed pattern of life for the 60-day sample, in lieu of analyzing just the day of the crime, there is a major deviation in the subscriber’s pattern of life on the day of the crime. The common phone numbers the device regularly interacts with daily are not seen in the records on the day of the crime. This is exculpatory evidence, as it indicates the subscriber may not have been the device user on the day of the crime. o Further investigation reveals a family member borrowed the subscriber’s device on the day of the crime. The exculpatory evidence eliminates the subscriber as the perpetrator and the actual suspect is apprehended. o In this case, 60 days of records were obtained, but were not thoroughly analyzed to determine exculpatory patterns of behavior. GAINING INSIGHT INTO MOBILE DEVICE RECORDS IS CRITICAL Gaining Insight into Mobile Device Records is Critical I spent a considerable amount of time researching recent evidence-based policing trends and law enforcement policies and procedures involving exculpatory evidence to write this article. I had an idea of what I wanted to communicate, but the more articles I came across in my research, the more this article changed, evolved, and revealed itself to me. It was during my ba - sic research I saw the hidden topic, in plain sight. Evidence-based policing models must include insight on mobile device records and the undeniable exculpatory nature the records may have. There is no denying mobile device records provide an unbiased view into the finite details of a person’s day-to-day life. When properly obtained and analyzed, they provide extremely powerful evidence that can lead to a conviction or an exonera - tion. Additionally, this evidence has a limited shelf life and will be destroyed if not properly preserved. Knowing this, I have devel - oped “Best Practices” to help provide guidance to investigators. 1. Preserve. Mobile device records can be preserved, allowing them to be obtained later though a legal process. While these records require a search warrant, every communica-
continued on page 33
32 F B I N A A . O R G | Q 1 2 0 2 2
Made with FlippingBook - Online Brochure Maker