The CoAnalyst Podcast – Chapter Five: Enhancing OSINT Investigations
Discover how OSINT is revolutionizing investigations—listen to Chapter 5 of the CoAnalyst Podcast now!
In this month’s edition of our monthly Investigative Q&A series, we sat down with Elizabeth Bigham, Special Agent, and Emily Butler, Criminal Intelligence Analyst, from the Georgia Bureau of Investigation. Discussing the future of investigations and how digital evidence is changing the law enforcement landscape, they expressed how important it is for investigators to keep up with technology, especially in dealing with child-exploitation investigations.
Q: How has the investigative process changed over the last three to five years?
A: The investigative process in child-exploitation cases has changed significantly in the last few years. Offenders constantly shift the platforms they use to exchange illegal content, moving from Dropbox to Mega and likely other platforms due to law enforcement interventions. Additionally, advancements in technology now enable law enforcement to access and extract crucial information from increasingly secure mobile devices. This information is invaluable in understanding not only cases but also users’ behaviors and identity. The evolving nature of offenders’ tactics and of technological advancements requires law enforcement to continually adapt their methods to keep up with these changes.
Q: What is the impact that digital evidence has on clearing your cases?
A: The sheer abundance of electronic storage devices like phones, tablets, USB drives, and more in each investigation significantly impacts case clearance. Due to their affordability, a user will often possess multiple devices, prolonging the time needed to clear or sort through those devices and extract only the necessary data. Despite efforts to minimize unnecessary seizures, the high volume of devices seized contributes to a substantial backlog in Georgia, which extends over a year. Searching these devices is akin to searching for a needle in a vast warehouse of haystacks, due to the overwhelming amount of information stored there. Investigators must meticulously target their searches to enhance efficiency; otherwise, investigations could potentially last for years. The colossal volume of digital evidence necessitates a strategic approach to manage and expedite case resolutions effectively.
Q: Research shows that investigators believe digital evidence is more important than DNA evidence. How would you compare them?
A: In the realm of cases involving Child Sexual Abuse Material (CSAM), digital evidence holds immense significance, often serving as the most compelling evidence. In other types of criminal investigations, electronic device data can place individuals at a crime scene, revealing critical information like GPS locations, incriminating text messages, or suspicious internet searches. On the other hand, DNA evidence offers a direct link between an offender and a crime scene without much room for alternative explanations. DNA found on or within a victim firmly connects individuals, leaving little room for doubt.
So both forms of evidence—digital and DNA—are pivotal in their own right. They hold equal importance but serve different purposes in criminal investigations, each contributing uniquely to the process of determining guilt or innocence.
Q: How has PenLink made your team more efficient (e.g., saved you time and/or money, prevented burnout, helped you close cases faster, etc.)?
A: PenLink (PLX) has significantly enhanced the efficiency of our team of analysts and agents during investigations by streamlining the review of extensive electronic records. Its ability to efficiently navigate voluminous records has been instrumental in expediting our processes. PenLink offers a standardized method for reviewing records, which are often produced in varying formats by different Internet Service Providers (ISPs) and are subject to frequent changes.
PenLink’s value lies in its ability to ensure that crucial evidence is not overlooked. It facilitates the identification of vital information that might otherwise be challenging to extract or decipher from the raw records provided by ISPs. By providing a more efficient and organized approach to handling diverse and ever-evolving records, PenLink has notably optimized our investigative procedures, enabling us to navigate complex data swiftly and effectively
Q: What is your favorite PenLink tip or trick?
A: A favorite PenLink feature is the search capability within the case listing for a phone number. This functionality is a game-changer for case management, as it enables us to gather various forms of communication, including the latest financial transaction data, all in one centralized location. The ability to simultaneously conduct keyword searches and target specific subscribers across every type of record loaded into PenLink is incredibly powerful.
This feature significantly streamlines our investigative analysis, saving us a considerable amount of time. It’s invaluable to have the ability to search and target specific information across diverse data sources within PenLink, because it makes our investigative processes more efficient and comprehensive. The ability to consolidate various forms of communication and conduct targeted searches in one place has been instrumental in optimizing our investigative workflows.
Q: How are the expectations for investigations evolving, and how are you preparing for those changes?
A: The landscape of investigations is continuously evolving, shaped by shifting expectations among jurors and the public. There’s an increasing demand for cases to be backed up by electronic evidence, primarily due to the widespread accessibility of ordinary individuals’ lives online. In other words, jurors and the public, accustomed to storing extensive information on their own devices, expect law enforcement to be capable of extracting similar crucial information from offenders’ phones.
To meet these evolving expectations, we are continuously trying to find new ways to stay ahead of technological advancements, and we’re focused on ensuring that we have access to the most effective tools and programs for analyzing the essential data crucial to our investigations. This proactive approach helps us to adapt to the evolving landscape of digital evidence and maintain credibility with the public and jurors alike.Thank you to the Georgia Bureau of Investigation, and especially to Elizabeth Bigham and Emily Butler for their willingness to share their experiences and opinions, as well as for their commitment to keeping their community safe.
If you would like to take part in our Q&A series, please reach out to [email protected]. To learn more about PenLink, please visit www.penlink.com.
Elizabeth Bigham
Special Agent, Georgia Bureau of Investigation