Jan. 23, 2023 Digital forensics has come a long way in the last five to 10 years the St. Martin Parish Sheriff’s Office is making it a priority to build its in-house digital forensics capabilities.
By Katie Gagliano Source `The Advocate, Baton Rouge, La. Distributed by Tribune Content Agency, LLC.
Collecting evidence from phones, computers and social media accounts has become as much a part of police work as DNA analysis and documenting eyewitness accounts, and the St. Martin Parish Sheriff’s Office is making it a priority to build its in-house digital forensics capabilities.
Sgt. Dina Theriot, the St. Martin Parish Sheriff’s Office’s forensic detective, began working in digital forensics part-time in roughly 2006-2007, establishing a minimal setup at the sheriff’s office with a single computer and analysis program.
Today, the sheriff’s office’s forensic technology lab has six computer stations with a range of software and specialized machinery Theriot and another investigator use for tasks like analyzing text messages and mapping cell tower data. Digital forensics work has come a long way in the last five to 10 years, she said.
Investment in digital forensic work, both in equipment and in training, is crucial to modern crime fighting, she said.
Like all things digital, the ways police analyze digital evidence, from cell phone records to social media posts to vehicle GPS records, are constantly changing. The change is driven in part by the growing knowledge base, but largely because digital tools and platforms are constantly evolving.
Investigators have to stay up to date as social media platforms and other tools change and as user patterns evolve, said Sgt. Vicky LaGrange, supervisor of adult detectives. While Facebook might be the platform of choice for an older generation, Snapchat and TikTok are the platforms preferred by juveniles, she said.
“[The platforms are] always changing. There’s always a new update and they’re adding more features. So we have to go through additional training to learn those features,” LaGrange said.
Theriot said each year she invests significant time in attending training programs, watching webinars and searching for free educational opportunities to keep up to date. Having one or two people with expert knowledge is good, but collecting digital and online evidence has become so ubiquitous that the sheriff’s office works to make sure staff at all levels are versed in what to look for, she said.
On the crime end, suspects use the internet and social media platforms to scam people, to sell drugs, to sell items they’ve stolen, to set people up for robbery through buy, sell and trade platforms, to issue threats, to disseminate revenge pornography and share about recent crime, among other activities.
All this online activity can then be mined for potential evidence, said Lt. Sloane Turner, supervisor of the sheriff’s office’s CID division.
Social media can also be a source of tips and an avenue to identify suspects.
“It’s helped us,” Turner said.
The investigators said the department often receives tips from members of the public. Witnesses may be identified from online posts or come forward first virtually, because it’s less intimidating. Social media profiles may provide more up-to-date photos of suspects than the state Office of Motor Vehicles database of license photos.
The department also uses its own social media accounts to put out public requests for help to identify suspects in cases, they said.
When the sheriff’s office does identify a piece of digital or social media-based evidence, it isn’t enough to take a screen grab of the information.
While that may be useful as a starting point for investigation, it isn’t forensically sound enough to build a case around. The investigators want the underlying data from the post, like any details about the originating account and the IP address, to draw more reliable conclusions, especially since people can easily create accounts under different names, Theriot said.https://19205eeda9656237e049ea67334596e5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Once a post or information of interest is identified, the detective will put together a search warrant identifying the information needed and laying out its connection to the case. After it’s signed by a judge, the search warrant will be sent to the social media platform’s parent company, Turner said.
It can take time — sometimes weeks or months — to get requested evidence from social media platforms’ parent companies, the investigators said. Though subpoenas and warrants are submitted to the companies through official law enforcement portals, investigators around the world are also doing the same thing for their cases, creating a queue.
LaGrange said the volume of information needed can impact how long it takes for a request to be filled. Whether the department is seeking information over a two-week span or a two-month span can make a big difference, she said.
Reviewing the data, depending on the type of information and the volume of data, can also be an extensive process, Theriot said.
TV and movie depictions of criminal investigations have given the public a simplified idea of how this investigative work is done — and how quickly it’s executed, the investigators said.
“Real life versus TV, it’s really time consuming. We can’t get that information within 15 minutes and have this case solved in an hour with commercials,” Turner said.
The potential for a long fulfillment timeline means that getting the language of the request correct from the jump is important, they said.
That’s one area where the St. Martin Parish Sheriff’s Office tries to educate partner agencies, the investigators said.
The sheriff’s office often partners with neighboring departments to provide analysis services they can’t manage in-house. While doing so, detectives work with their counterparts to ensure they’re up to date on things like the particular terminology to use in requests to social media companies and other custodians of digital evidence, they said.
Sometimes, using the wrong verbiage can get a request kicked back to the agency, delaying an investigation.
“By the time they return that email or whatever, that’s two weeks out the window that you’ve lost. They’ll get with the detectives and do that verbiage and terminology on those search warrants to be as effective and quick as we can,” Turner said.
A main reason every agency is not equipped with the tools to analyze digital evidence is the cost — the licensing agreement for a single needed software program might cost $10,000 annually, Theriot said. The sergeant attended seven weeks of training programs in summer 2021 with the assistance of federal funding, and estimated the overall value in training, software and tools she brought back to St. Martin was over $150,000.
The sheriff’s office has benefitted from collaborations with larger agencies, such as the Louisiana Attorney General’s Office and the U.S. Secret Service, to make more advanced tools attainable, she said.
“Years ago, because we’re a small rural parish, I would have never thought we could’ve had the stuff we have but we’re very fortunate where we’ve been able to get resources from federal services and some local and state entities,” Theriot said.