Recently Cellebrite, a leader in the development of digital intelligence tools that provide access to data and automation of analysis for investigators, examiners, and agencies, published their 2019 report on industry trends for law enforcement. The report consisted of a survey of more than 2,700 global law enforcement professionals with the goal of understanding what types of digital data are being used in modern-day investigations and what role does technology play in resolving those investigations.
In 2017, global mobile devices and connections grew to 8.6 billion, and it is estimated that global mobile device traffic will reach almost one zettabyte annually by 2022 (1). These mobile-centric data points coupled with the fact that 85% of criminal investigations include some form of digital data (2) highlight the importance for data and legal discovery practitioners to have a working understanding of how the global law enforcement community considers digital data and devices in their investigative efforts. Provided below are selected extracts from the complete report from Cellebrite that may be beneficial for understanding, discussing, and addressing the challenges associated with data discovery on mobile devices.
Extract #1: Five Key Report Findings (3)
- Mobile phones are the most frequently used and most important digital source for investigations.
- The variety of digital sources used in investigations in increasing and now includes sources such as wearables and smart home technology being used more frequently in investigations.
- Two most common challenges to extracting data from mobile phones are locked phones and encrypted data.
- Law enforcement agencies are averaging three-month backlogs on investigations.
- Despite the backlogs and the variety of digital sources and the amount of digital data that typically need to be reviewed in an investigation, the vast majority of law enforcement agencies are reviewing this information manually instead of using analytics solutions.
Extract #2: Most Frequently Reviewed Data Types in a Typical Investigation (4)
% Is a Combination of Very Frequent and Frequent Responses
- Images from Digital Evidence – 94%
- Text Message – 93%
- Social Media – 92%
- Videos from Digital Evidence – 90%
- Contacts – 90%
- Location History from Digital Evidence – 86%
- Interviews (Witness, Victim, Suspect) – 72%
- Documents and Files – 80%
- Email – 78%
- CCTV Videos – 68%
- Data from Internal Police Databases – 64%
- Digital Data from Other Cases – 64%
- Crime Scene Photos – 59%
- Audio from Digital Evidence – 59%
- CDRs – 53%
- Fingerprints – 40%
- DNA Analysis – 40%
- Ballistics – 24%
- Blood Splatter Analysis – 18%
Although digital evidence cannot take the place of physical evidence, the results show it is an equally important source of information in many investigations.
Extract #3 How Data is Reviewed from Forensic Extractions for a Case (5)
- Reader Tool – 69%
- Digital Analytics and Link Relationship Tool (e.g., IBM i2, Palantir, Cellebrite Analytics, etc.) – 26%
- Printed Extraction Report and Mark with Highlighter – 22%
- Microsoft Excel – 19%
- CDR Analysis Tool (e.g., Pen-Link, Hawk Analytics, ZetX, Chorus, etc.) – 17%
- Other – 7%
The vast majority of investigators employ a “reader tool” to review data extracted from digital devices and sources.Cellebrite-Trend-Survey-Report
1 “Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2017–2022 White Paper”. Cisco, 2019, https://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/white-paper-c11-738429.html. Accessed 2 Apr 2019.
2 Cellebrite. Cellebrite Annual Industry Trend Survey 2019: Law Enforcement. Cellebrite, 2019, p. 3. Accessed 2 Apr 2019.
3 Ibid, 4.
4 Ibid, 9.
5 Ibid, 13.
- [Legal Education Webcast] Anatomy of an International Investigation
- Drunks, DNA, and Data Transfer Risk in eDiscovery