Platform Overview
See why Penlink is the global leader in AI-powered digital intelligence and investigations
The Agency
The University of Alabama Police Department’s Regional Evidence Analysis & Cyber-Intelligence Team (REACT) serves the University and law enforcement agencies throughout Alabama by collecting and analyzing digital evidence for a range of cases, including child exploitation, narcotics, theft, harassment and threats, sexual assault, and domestic violence.
An obstacle that many law enforcement agencies face, especially in ICAC cases, is that nearly every case – whether it’s a NEMEC tip or peer-to-peer investigation – involves an IP address. In this case example, REACT was aware that an individual was using a school’s network for illicit activities. In fact, they had the IP address and could tell it was a residence.
Though REACT investigators had an IP address, they didn’t have the direct connections needed to prove that someone was downloading illegal images through it. Investigators would need to establish probable cause to obtain a search warrant to compel the internet provider to furnish information on the account owner, along with the physical address. Investigators also wanted to determine whether the target might have connections with other networks, and if there were additional victims.
Using the IP address as a starting point, REACT investigators used Open-Source Intelligence (OSINT) by leveraging the PenLink Tangles platform to gather more information. The investigators suspected the IP address was Wi-Fi-based, so they searched for other connected devices from the previous month. Next, investigators looked for devices that were connected at night to show who likely lived at that location.
Using Tangles, investigators were able to find a location and possible suspect; then, by comparing other IP addresses for the target phone via peer-to-peer monitoring, the team was able to locate the connections they needed for a viable case.
At this point, the REACT team had a name and could see which websites the suspect was visiting, but they needed to dig further to find whether any downloads had occurred. Further research found additional IP addresses to investigate, of which at least one showed that content had been downloaded. Once investigators had determined probable cause, they were able to request subpoenas for the service providers.
REACT then turned to PLX, PenLink’s evidentiary collection and analysis solution, to quickly analyze social media and cell-tower data to validate communications and image downloads the team first discovered with Tangles. At the same time, the team continued to monitor open-source intelligence, remaining on the lookout for information that could lead them to broader networks.
PLX displays a visual representation of all dates, times, and locations – including latitude and longitude data for communications like text messages and calls – and overall travel patterns. As additional key data was uncovered, additional warrants were obtained so investigators could access more data to further strengthen the case. With the information collected by REACT, local law enforcement was able to make an arrest.
REACT investigators are confident the evidence provided to prosecutors will lead to a conviction and justice for victims. The case underscores the importance of having proper digital intelligence solutions available to investigators and analysts. The ability to collect and analyze open-source data to quickly identify leads gave investigators the intel they needed to request search warrants for the suspects. Those warrants provided significant evidentiary data that was quickly analyzed and turned into actionable insights.
Corporate Security teams need to integrate Open-Source Intelligence (OSINT) into their security operations to protect organizations from threats and illicit activities. OSINT platforms alone, without best practices for integration and use, can often end up as ‘shelfware’ without careful consideration as to how it fits into security infrastructure.
See how the University of Alabama’s REACT team used PenLink’s OSINT tools to track down a suspect, build a solid case, and secure key evidence for an arrest.
Uncover how investigators use OSINT—from social media to the dark web—to track criminals and solve cases, even as data access becomes more challenging.
Discover how layering digital intelligence—mobile, OSINT, and more—helps investigators uncover connections and solve cases faster. Tune in for expert insights!
Learn how Google Data for Law Enforcement supports investigations with real cases, data types, and analysis tips. Download the guide to improve your investigative strategy.
AI-powered digital intelligence is reshaping investigations, helping law enforcement process and analyze data faster.