Digital Evidence: How Law Enforcement Can Level the Playing
Field With Criminals
by Nancy Ritter
The need for State and local police departments to leap
ahead in the war on cyber-crime and develop procedures for
identifying and processing electronic evidence is urgent.
Yet, progress continues to be slow.
“At the rate we’re going now, law enforcement
is going to fall so far behind the electronic technology
curve that, in a couple of years, we will never catch
up,” says Bob O’Leary, a former New Jersey detective,
who heads up the Electronic Crimes Partnership Initiative
Funded by the National Institute of Justice, ECPI is a
multidisciplinary team of professionals committed to enhancing
law enforcement officers’ ability to solve computer
crimes. ECPI draws on the skills of a coalition of experts
from law enforcement, academia, the government, and the
private sector. The experts at ECPI teach police officers
to solve computer crimes (such as using the Internet for
child pornography) and to develop digital evidence (from
computers or cell phones, for example) in crimes like rape
and murder. By educating
law enforcement professionals on the myriad ways computers
can facilitate criminal acts, the group seeks to help officers
conduct more sophisticated investigations that will build
stronger cases and lead to more convictions.
The Importance of Cyber Education
Each day, State and local law enforcement officers must
identify, gather, and analyze both physical and electronic
evidence in a wide range of cases. Most police officers
are skilled at recognizing physical evidence in such cases,
but many have never been trained to recognize the existence
or importance of electronic evidence in solving a crime
or building a winning case.
And they aren’t the only ones in the dark. A recent
NIJ needs-assessment study found that many police chiefs,
senior managers, and those who make funding and resource
allocation decisions do not possess the level of expertise
or tools needed to investigate and prepare cases for successful
prosecution. Guy Meader, an electronic crime technology
analyst at NIJ and former detective in Montgomery County,
Maryland, adds, “Of the police chiefs and managers
who are willing to support an investigative capability for
electronic crime, they often do so at the expense of other
units or assign dual investigation responsibilities to personnel.”
To help law enforcement professionals use electronic tools
in fighting crime, ECPI is developing a 4-year, bachelor’s
degree curriculum that will award graduates a degree in
Electronic Crime Prevention and Investigation. The degree
will combine in-the-field investigative skills—the
ability to see the big picture, whether through understanding
a suspect’s modus operandi or approaching a
physical location—with digital know-how.
ECPI also is working with the nonprofit volunteer group
International Association of Computer Investigative Specialists
(IACIS) on a “Bag-’n-Tag” course to teach
officers how to seize and process digital evidence, which
is often more fragile and fleeting than other physical evidence
at a crime scene. ECPI and IACIS will hold classes in police
departments, universities, and prosecutor’s offices
around the country.
O’Leary emphasizes the importance of the Bag-’n-Tag
course. “It’s crucial that you get everything
from a crime scene the first time,” he says, “because
you often don’t get to go back [without a new warrant].”
By then, the scene may have been compromised, and critical
evidence removed or destroyed.
Eliminating Impediments to Prosecution
One of the greatest challenges in electronic crimes for
law enforcement is the absence of geographic boundaries.
Ed Kelly is an Assistant United States Attorney for the
Southern District of Iowa and is currently on detail to
NIJ as a senior advisor on electronic crime. Kelly explains
that while the Internet has eliminated boundaries for criminals,
State and local officials’ investigative authorities
still are bound by narrowly defined jurisdictional areas.
These boundary restrictions and the resulting conflict of
authority often mean that officers must apply for warrants
in multiple jurisdictions. This extra footwork can translate
into a loss of valuable time and, ultimately, evidence.
ECPI is working on a way to encourage reciprocity (sometimes
called “full faith and credit”) between States
when out-of-State search warrants, subpoenas, and court
orders are served. Kelly, who is also a former assistant
director for cyber-crime training of Federal prosecutors
at the U.S. Department of Justice’s National Advocacy
Center, said ECPI is investigating how reciprocity can best
Another impediment to prosecuting cyber-crime cases is
the time it takes for Internet service providers (ISPs)
to respond to subpoenas. Currently, it often takes several
weeks for an ISP to produce subpoenaed records. ECPI is
working on a way to facilitate responses. Using secure servers
in strategic locations around the country, ISPs could transfer
records much more quickly to a regional server to which
only designated law enforcement personnel would have access.
ISPs, which are often served with hundreds of subpoenas
a day, have voiced support for the idea, because it would
save them significant reproduction time and costs. And,
from a law enforcement perspective, a faster response increases
the potential for more successful investigations and prosecutions.
The Need for Standards
Whenever a new field of investigation burgeons, a need
to establish standards soon surfaces. Thus, ECPI is working
to establish standards for the collection and analysis of
digital computer evidence and to create uniform standards
for the certification of examiners. Mike McCartney is a
senior investigator with the Criminal Investigations Division
of the New York State Attorney General’s Office and
member of ECPI’s standards and certification working
group. McCartney notes that although some standards exist
for digital evidence forensics, the certification of examiners
varies widely. And there are no standards or certifications
for high-tech crime investigators.
McCartney’s group is exploring standards and certifications
that will apply to personnel, education and training programs,
tools, and forensics labs. The group is also establishing
guidelines for conducting investigations, handling and preserving
evidence, and prosecuting cases.
ECPI also has plans to update NIJ’s publications
on e-crime and digital evidence. First on the agenda is
an assessment of the tools that law enforcement needs to
catch cyber-criminals and stay ahead of the electronic technology
curve. Criminal justice professionals must look beyond the
immediate horizon, says O’Leary, and a new needs assessment
will help them do that.
Digital Evidence in High-Profile Cases
Martin Novak, program manager of NIJ’s e-crime portfolio,
illustrates how digital evidence know-how helped solve several
recent high-profile crimes:
- BTK serial murderer Dennis Rader
terrorized Wichita, Kansas, for 30 years until evidence
on a computer disk led police to the former church council
president and Cub Scout leader.
- Scott Peterson’s computer contained
a map of the island where his wife’s body was found
and revealed that he had shopped online for a boat, studied
water currents, and bought a gift for his mistress.
- David Leslie Fuller’s computers showed that he
had stalked three other teenage girls before he abducted,
raped, and murdered 13-year-old Kacie Woody, whom he met
in an online chat room.
 ECPI was created after an NIJ needs-assessment study (Electronic
Crime Needs Assessment for State and Local Law Enforcement,
NCJ 186276) concluded that “any potential for growth
in electronic crime raises serious concerns about the capability
of law enforcement resources to keep pace.