Digital devices – phones, computers, tablets – have become integral to our daily lives. And they have become tools for criminals. What’s found on a suspect’s digital device could make or break a case. Ask Detective Robert Weaver, who specializes in digital forensics. He has uncovered troves of damning evidence by sifting through digital data while working at the department that once employed our twin detectives, Dan and Dave. Today, Detective Robert talks about how your phone knows more than you think, when and how police can seize devices, and how digital detectives have cracked cases wide open. Oh, and they talk about Artificial Intelligence, too!Read Transcript
Dan: [00:00:04] In police stations across the country, officers start their shifts in The Briefing Room.
Dave: [00:00:10] It’s a place where law enforcement can speak openly and candidly about safety, training, policy, crime trends, and more.
Dan: [00:00:17] We think it’s time to invite you in.
Dave: [00:00:19] So, pull up a chair.
Dan and Dave: [00:00:21] Welcome to The Briefing Room.[The Briefing Room theme playing]
Dave: [00:00:36] Welcome to The Briefing Room. Today, I’ve got Dan riding shotgun and we are excited for our guest. Detective Robert Weaver has held several special assignments throughout his career, including the major accident investigation team, firearms instructor, SWAT, and domestic violence investigator. But the role he fills today is what we’re interested in. Detective Weaver is a digital forensic examiner at the agency Dan and I used to work for. A digital forensic examiner does what you’d expect. He looks through phones, computers, hard drives, and that sort of thing as part of investigations. He’s the guy cracking the code on that tricky password. He’s the guy recovering the deleted text messages off the phone. His work has been responsible for numerous convictions, including several of my own cases. Welcome to Dan.
Dan: [00:01:26] Great to be here.
Dave: [00:01:27] And a very special welcome to Detective Robert Weaver.
Robert: [00:01:30] Well, thanks for having me.
Dave: [00:01:32] It is great to see you again, old friend.
Robert: [00:01:35] Yeah. I miss you, guys.
Dave: [00:01:37] What are some myths or misconceptions our listeners might have about digital files, devices? I know lots of people think, if you delete it, it’s gone forever.
Robert: [00:01:50] Better delete it with a hammer and some fire. We can recover a lot of stuff off of devices. Everything is connected to the internet now and connected to the cloud. So, in general, we can usually find some sort of evidence somewhere. I’ve had plenty of advanced users. I’ve arrested guys that were former IT employees at a business, he thought he was sneaky, he thought he could do this or that to try to cover it up, but he wasn’t that good, and we were able to recover a whole bunch of evidence that really sunk him and was able to pinpoint him doing something specific at this exact second with this, and really tie it all together to put that nail in the coffin. So, there is a misconception about what’s out there and how to get rid of stuff. I’m fine with people thinking “I’m good. I can erase stuff. I can delete stuff.” It’s like, “Okay, yeah, sure. You go for it. You do you,” but I’ll do me and do my part.
[00:02:52] One of the other big things is the time and the money. People don’t realize how expensive this is, and how much training has to go into this, and how long it takes to really get up and going, and to even process these devices. It can take a significant amount of time. But digital devices are constantly changing. The formats are changing, the software is changing. It seems like there’s a new iPhone every few days. There’s a new iOS version, and the same is true with Android. Android is an open-source operating system.
Dave: [00:03:28] What does that mean?
Robert: [00:03:29] Basically, Android is based off of Linux and Linux is an open-source operating system. So, I can take Linux and I can actually tweak it and do whatever I want with it and make my own version of it. And so, Android is like that where if I’m Samsung, I can make Android the way I want for my Galaxy S7. I can make Android the way I want for my Galaxy S21. And then every other cell phone manufacturer is making their own versions of Android and stuff like that. And so, it becomes difficult because there are bazillions of different versions of cell phones and different versions of Android and the different operating systems. And that’s why it gets so expensive to get these different products and software that are able to break into more and more phones and extract data from newer phones. It’s constant evolution with these devices and it’s something we have to keep up on constantly.
[00:04:30] So, I’m constantly going to training. My new partner is learning that he’s constantly going to training, and so is his wife learning that he’s constantly going to training. [Dave laughs] It’s difficult to stay on top of all this stuff.
Dave: [00:04:45] I wanted you to define what a forensic computer examiner actually does?
Robert: [00:04:51] Well, in general, we don’t say computers anymore because most of the digital forensics we’re doing nowadays is the computer that everybody carries around in their pocket. So, I know guys in this business who just do cell phone forensics. A majority of the devices that I do are cell phones. Every now and then, I do a computer, the imaging and copying the data off, extracting the data and then analyzing the data that’s on there.
Dave: [00:05:19] Dan and I worked for the same department for quite a while and we didn’t have a digital forensics office. We didn’t have an investigator for years and years. And at some point, the department recognized the utility and the resourcefulness of having that kind of position. Did they approach you or did you approach them to get this program started and then about how much training and equipment costs? Does that involve standing up a new digital forensics team?
Robert: [00:05:55] This department actually got into it fairly early. Originally, they were going through the state police. Once that guy retired, he was coming on and voluntarily doing our computers. The cell phones hadn’t really taken off at that point. And then once another version of Windows was coming out, he’s like, “I’m done, forget it. I’m retiring. I’m done. You’re going to have to find somebody else.” And I was kind of the techie guy here at the PD and so they approached me. I have a background that’s in electronics. I have a degree in physics, minor in math, and the emphasis was in electronics. And so, I’ve always been a techie dude, and like computers, have built computers, do a lot of stuff at home, my personal life with technology and so, it just came naturally to do the digital forensics. I love it. I think it’s great.
Dave: [00:06:47] You seem to have a gift. I’ll give you that.
Robert: [00:06:49] [laughs]
Dan: [00:06:51] So, once you guys did start this program, there’s quite a bit of training that you’ve gone through. Give us an idea. You basically have a four-year degree in computer forensics now.
Robert: [00:07:01] Yeah. I don’t know if you guys realized, but we actually brought on a second person because the workload is so intense. We could even use a third person. Even though we’re not a huge agency pretty much, any investigation nowadays has a digital element, even if it’s just an assault or a theft or something like that. A lot of times, you’ll have cell phones that are involved, so that we are bringing on a second person and we’re trying to get him into all the basic trainings, trainings for computers, trainings for cell phones. New things are coming on like drones, vehicle forensics. There’re so many different fields within digital forensics to study and to take classes in. I think I’m over 1,500 hours of trainings that I’ve gone to. Then now on the side, I teach both digital forensics for computers and for cell phones.
Dave: [00:07:54] My question is going to be, how do cases land on your desk? I know one situation is that, frequently in detectives, we had our own little section. You had one doorway in and one doorway out. So, we would see a patrol officer who was just leaving a call or an arrest and would come jogging back to the detective section looking for you to download a phone or ask questions. I know that’s one way that you get cases, but I know there’re several others. Can you walk through how you get assigned a case or how they fall into your lap?
Robert: [00:08:32] Yeah. We actually had to stop that because it was happening so much that it was pulling away from cases, just helping out patrol guys with cell phones and pulling data, because pretty much any call they would go on, someone’s like, “Here. Here’s my cell phone. Here’s the video, here’s the text messages.” The applications that have the messages, just pull it off of there and then they come and try to find me to do that. That stuff can take a long time. I’ve spent on some of the more major cases. I’ve spent like weeks processing one computer. So, we generally don’t get assigned the cases. I know a lot of places around the country, that’s the way they do it. The digital forensics person is just doing the digital forensics, not being assigned the case.
[00:09:16] So, one of the detectives will be assigned the case, and then they’ll talk to me, and we’ll work out either what needs to be done, if there’re search warrants that need to be written. I’ve gotten pretty good at writing search warrants. Sometimes, I’m writing a couple a day. So, I can spit those out pretty quick for them, and go in, get the digital devices. And then unfortunately, the way we do it now, we have to write multiple search warrants for a single device. So, I’ve gotten pretty good at it.
Dan: [00:09:44] You mentioned writing search warrants, a lot of search warrants. And I remember, as I was on my way out of law enforcement, I had written a couple of search warrants for cell phones and computers. And the feedback that I got from a judge one time was, “Think of a cell phone as a hotel. And each app on that phone is an individual hotel room. And that you would have to write a search warrant for each individual hotel room to get access to the entire phone.” Is it still the same way or have there been some adjustments made and some case law?
Robert: [00:10:21] We go through phases in our particular state. We tend to have some bad case law that really seems to restrict us. Some has come down the pipe that hasn’t been super favorable for law enforcement and there’s starting to be concerns about plain view. So, if I’m in the photo gallery looking for pictures of drugs and I find child pornography, is that stuff going to be admissible? There’s been some bad case law lately about that and I know some agencies are really hands off when it comes to additional crimes that they’re finding when they’re doing these searches. At least, in our jurisdiction, we generally have to stop, write another search warrant to expand the scope of what we’re allowed to look at and then continue on and then sometimes we write another search warrant.
[00:11:12] Working with the Department of Justice, we were trying to get almost like a statewide, not necessarily a template, but just a general setup for how these search warrants should be written, and what stuff needs to be said, what we should be asking for. So, it’s consistent across the board. And then COVID happened and it kind of got by the wayside. But I know in working with other people from around the state, we’ve tried to be consistent with our search warrants, so we can get to as many areas as we can and still be within the scope of our search warrant and try to do things properly, so they don’t get overturned later on.
Dave: [00:12:06] Robert, when we talk about devices, say that the easiest example is a laptop, a tablet or a cell phone, and the police have an interest in that device. There are plenty of times where we get pushback, where people say, “No, you can’t take that from me. That’s an illegal seizure or whatever.” Can you walk through what the legal thresholds are and what power the police have to seize devices and then search them?
Robert: In law enforcement, it’s called probable cause. So, if I have probable cause, basically, in a sense more likely than not that there’s evidence on that device, I can go to a judge and say, “Hey judge, look, here’s my probable cause. This is the story. These are the witnesses and they’ve told me this or they’ve seen this or whatever the evidence is that gives me probable cause. That evidence exists on that device and I should be allowed to take it and open it and analyze the data.” Then the judge would sign off on that and give me my search warrant.
[00:13:11] We do search warrants to seize the devices first, and then I write an additional warrant to actually go in, extract the data, and look at certain data, because you may be allowed to look at text messages, but you may not be allowed to look at someone’s internet history or their pictures or something like that. Or part of the case law that’s come down as time constraints. Like, I can only look at stuff that maybe within the last week. I’m not allowed to look at stuff from two years ago that’s on that phone, because we’ve found devices that have had evidence on them from years prior.
[00:13:48] One distinct one I remember was a microSD card that was from a cell phone. It was from a previous cell phone and there were deleted videos actually on there of that gentleman abusing his foster child. This was from a couple of years back and we found that on there. So, sometimes these search warrants are really restrictive, but once we have that search warrant, I am authorized to go and seize that phone and take it by whatever means I need to take it. And sometimes, in our analysis of a device search warrant, the warrant may actually even say, you are allowed to use force to use his fingerprint or his facial recognition or whatever means reasonably necessary to unlock this phone if need be. And sometimes, we put that into the search warrants to, “If it comes down to it, and I have to hold you down and put your thumb on the phone to open it, then so be it. The judge has ordered it, we can do it and use whatever force is reasonably necessary.”
Dave: [00:14:55] So, to summarize for listeners, if a cop tells you, I am seizing your device, that is not the time to have the argument. That is not the time to start fighting, that’s not the time to try to resecure your phone and put it in your pocket. It is what it is. Fight it in court, but that’s not the time to turn that into getting yourself arrested, for resisting arrest, or tampering with evidence. If the cops say, “Hey, I’ve got probable cause. You’re going to give me that phone.” Just give it to them.
Dan: [00:15:24] Yeah. And to be clear, to seize a phone, say, I’m out on patrol or I’m a detective and I’m working a case, I can seize that phone because there’s a level of exigency. I know that there’s going to be evidence on this phone, and I seize that phone, and protect it in ways that we do in law enforcement, so it can’t be remotely wiped, and then I write a search warrant. I don’t always have to have a search warrant just to seize the phone.
Robert: [00:15:53] No. If I believe that there’s evidence on that device, it’s just that you can almost think of it. It doesn’t have to be a device. It could be a purse. If you know that there’s a gun inside that purse, you’re going to latch onto that purse and hold onto that purse and then write a search warrant for that purse. The same thing goes along with digital devices. The one thing we have seen though in the case law that’s come down the pipe recently is the necessity to write that search warrant almost immediately, because you’re taking something from somebody. If I had gone and seized your house and then sat on it for six months before I write my search warrant, that’s not going to be acceptable. And so, the courts have basically said, “No, you seize this device. It’s very important to this person and so we have to get on it right away.”
Dan: [00:16:45] I really think it shows how adaptive law enforcement is. We’re largely reactive in our jobs, but we adapt.
Robert: [00:16:53] Yeah. You look at some of the staffing levels and when detectives are slashed down to almost a third of what it was, it’s like, “Wow, how are we even doing these cases?” Patrol is short staffed. There have been days where they recruited all detectives to do patrol. I’ve been on patrol where it’s all detectives on patrol because we didn’t have the staff. That’s just one of the burdens that has come about in recent years when it comes to law enforcement is this staffing shortages that we have.
Dave: [00:17:33] Retention and recruitment is a big deal for police departments. It’s a topic we’re going to explore in future episodes. But for today, we turn to Hollywood myths. When someone gives you a computer or a cell phone, in Hollywood, we see that those phones are typically downloaded in about three minutes or four minutes. What’s a realistic timeframe for you going through a device and being able to find evidence? I know it’s not immediate, but I know it doesn’t take a month either.
Robert: [00:18:04] Yeah, it really depends on the device. But in general, back when I first started, cell phones were really small. You could actually dump a cell phone fairly quickly. Nowadays, we have cell phones– I recently extracted data from one that was 512 GB and it takes hours and hours to extract the data. If they’re locked, it may take a little bit longer. Then the analysis starts and you have to start looking through 512 GB of data and look at all this stuff. I think about my phone and the quantity of stuff that I have on my phone is just mind blowing. So, I can imagine, if someone’s trying to sift through all of that stuff to find little gems related to a case, it does take a while.
Dave: [00:18:55] Right. You’re familiar with the Internet crimes against Children Task Forces?
Robert: [00:19:00] Oh, yes.
Dave: [00:19:01] I was hoping you could talk about what their agency does and how you work with them and how cases land on your desk. I’m familiar with the process, but I think it’d be interesting to listeners to know how this stuff sometimes starts at the federal level with the National Center for Missing & Exploited Children and then filters down to the local level.
Robert: [00:19:24] Yeah. So, we’ll get referrals from NCMEC, as it’s called, the National Center for Missing & Exploited Children, and they will actually refer cases when child porn is discovered somewhere on– something on the internet. They’ll let our Department of Justice know through the ICAC folks that, “Hey, we’ve discovered some child pornography. We have a suspect that is may be abusing a child or is trading this material.” Even though these children may be adults now or they may live in Eastern Europe or something like that, you still have victims that are out there and so they’re re victimizing these kids. So, they’ve really done a great job.
[00:20:11] ICAC is an awesome group of people and the ICAC folks will receive this information. They might perform some legal demands on different companies to try to figure out where the crime is occurring and then forward that information off to the police agency. So, I’ll get notifications from ICAC that, “Hey, you’ve got a person in your jurisdiction that’s up to no good,” and then we have to go from there. What most people don’t realize is the sheer quantity of people that are out there doing this. It’s absolutely insane.
Dave: [00:20:50] Without giving too much away, I know that you have special technology, and there are times where you can see certain types of activity in real time. I know you’re proactive about just at least seeing what’s out there in our local community, what’s being thrown up onto the internet and what people are pulling down. Can you talk about kind of that scope? We live in a town with, what, 250,000 to 300,000 people between two cities or three cities. I think people don’t quite understand how prolific these people are.
Robert: [00:21:30] Yeah, it’s one of the things I really like doing is doing the proactive stuff, but we’ve been so short staffed. Like every other police agency around nowadays, we’ve been short staffed, so I haven’t been able to really focus on that like I want to. But I can look at my computer right now and pinpoint 45 people in the area just within these two towns that are active with child pornography, and that’s just one system that I have. And then you have ICAC folks notifying us about other people. And so, there’s probably 20, 30 more there. When you start doing the numbers and looking at the ratio of population compared to how many people are active, and these are just the people that we’re spotting. It’s mind boggling.
[00:22:20] Child pornography, sex abuse, child’s sexual exploitation, it runs the gamut of all the different socioeconomic classes of people. We get the random dude in their parent’s basement and then we might catch a guy. I’ve caught a guy that had a PhD in child psychology and worked for the school district at one point. So, you get educated people, you get everybody.
Dave: [00:22:48] The DOJ runs the ICAC system, correct? Throughout each region has an ICAC, but the Department of Justice on the state level handles those regional offices throughout the country?
Robert: [00:23:01] Yeah, that’s where our ICAC commander is. And then they dole out all the different cases and assign them out to the different police agencies and let us know when we have cases that are in our jurisdiction.
Dave: [00:23:13] Knowing that you have reviewed the same types of images and videos that I have in my past, child sex abuse material, child pornography, basically, really horrible stuff. I always think about when I think about the stress it caused me. I’m always like, “There’s one other guy who had to watch that and his name’s Robert and I wonder how he’s doing with all this stuff.” Where does it sit with you?
Robert: [00:23:40] You really have to be good at compartmentalizing to do ICAC child sex abuse cases, especially when you have kids. You’ll watch a video of some child crying and being raped, and you realize, that kid’s the same age as my kid. You’ll see people in this field that don’t last very long because they can’t handle that. I know some agencies have implemented regular psychological assessments. They have to go sit with a doc and see how they’re doing, check in, whatnot. I know that’s something that we are looking at implementing into our new contract is you can get a little bit of a pay bump if you regularly go and see some psychologist or psychiatrist to talk about this.
Dave: [00:24:31] I’m really happy to hear that.
Robert: [00:24:32] Yeah, it surprised me to see that showing up in the contract, but I think it’s a great idea, because I feel like I’m pretty good at compartmentalizing generally. There are days literally I am looking at child pornography all day long, five days a week, sifting through it. You have to describe it, you have to sort it, and do all the stuff, looking for local victims, and things like that. And then as soon as I walk out that door, I’m thinking about dinner, I’m thinking about the game, I’m thinking about my kids, I’m thinking about totally other stuff. I think I’ve done a pretty good job of compartmentalizing it and not turning to something like alcohol, or kicking my dog, or whatever to deal with it, but that’s really what it takes. And knowing your limits, knowing when it is starting to bother you and when you do need to talk to somebody.
Dan: [00:25:25] Absolutely. When you come across these cases, is there some advice that you can give to just regular citizens out there? If they come across a device that has child sex abuse material on it, can you give them an idea of, “This is what you should do and this is what you shouldn’t do regarding the device”? Obviously, we don’t want to delete material. So, can you give us an idea of what people need to do if they come across this stuff?
Robert: [00:25:57] When I think of the last couple of weeks, we’ve actually had where somebody has found something. One of the biggest hurdles is them confronting the suspect. That right there causes so many problems. Not only with the investigation, but from a digital standpoint, because then people start going on to their most of these devices nowadays, whether it’s Apple or a Google device or whatever, a lot of them are synced up and connected. They may be connected to cloud storage. That’s when people start deleting stuff, they start changing stuff, they start formatting things, they try to wipe their devices. They can really wreak havoc on an investigation.
[00:26:39] I know that there’s that urge, that primal urge to go and confront this person, especially if you just discovered they victimized your child or something like that, but you really have to try to refrain from that to allow the law enforcement and justice system to work its process and to deal with the offender, because they can honestly do stuff that could totally ruin and prevent a conviction.
Dave: [00:27:12] I can recall one specific case that I was called out in the middle of the night to and I met Sergeant David. Out on the east part of our city the CliffNotes version is, a group of people at a house party, small house party, maybe six or seven attendees, had come across one of their friends who has passed out, and they got into his phone, and started taking selfies. And then they went into his photo gallery and we’re like, “Ah, that was a bad photo. Let’s delete that one.” But while in there, they see a photo and videos of really horrible stuff involving this man who’s passed out and a child that does not belong to him.
[00:27:51] These folks were, they’re not heavy criminals per se, but definitely it was a group of people that I was familiar with from being in law enforcement that their names used to pop up on cases. Usually, it was around like petty theft or some drug use, minor stuff in the grand scheme. But these folks did the right thing, which I remember surprising me incredibly that night that all these folks who would never want any voluntary contact with the police, much less a detective, called 911 and said, “Get somebody out here right now. Our friends passed out and we have some stuff you guys need to see.” They handled it perfectly. They even tried to get me to look through the phone and I said, “No, no, no, no I can’t be the agent. I need suspect’s consent to go through his phone.” And they’re like, “Well, it’s right here.” And I said, “No, don’t show it to me. I’m just going to go based off what you guys saw, tell me what you saw.” They handled it absolutely perfectly. And I remember scratching my head going, “Even they hate child predators. Okay.”
[00:28:59] A lot of these folks, I had never had a positive interaction with at least two people on this call and they could not have been more helpful. I regained some trust in humanity that day, but they handled it perfectly, saw it, were able to describe it, called the police immediately, didn’t even let the suspect know, “Hey, the police are coming. They’re going to wake you up.”
Robert: [00:29:20] Yeah. Honestly, that’s a perfect scenario is to let us do our thing and go from there. We can put the phone in an environment where it can’t get wiped, and then we can start dealing with him in a way that he isn’t able to access the phone remotely. Pretty much any device nowadays can be wiped remotely, and so we have to combat that and deal with it on every case. So, not letting the suspect know what’s going on or really hindering our investigation is probably one of the biggest things, and then just turning that stuff over to law enforcement. Hopefully, in a timely fashion, we’ve had some that it’s taken them a while to get to us, but it still worked out in the end.
Dave: [00:30:06] Absolutely. Can you recall some of the most impactful cases that you’ve worked in a technology space? Not just doing a major accident investigation, but I’m talking specific to your digital work.
Robert: [00:30:20] We’ve had all sorts of major crimes that ended up being very heavy with the digital forensics. We have a lot of murders that have a lot of digital forensics nowadays and we’re using the cell phones to really put the nail in the coffin when it comes to convictions. We’ll use them to track people. We’ll use them to check where their location was, if we can pinpoint them to where the crime was. There’s so much information now that people, I guess, don’t realize that their phone is keeping track of that when we can get in there and take a look at it after a crime has occurred. It really can make or break a case.
Dave: [00:31:04] Do you recall any moment where you’re sitting right where you’re at and doing the, “Oh, I got you.” Like those eureka moments?
Robert: [00:31:13] Oh, yeah. There’re times where get into a phone, the software doesn’t pluck stuff out for you the way you want it, you start digging and digging and digging, and then you find some hidden data, like, location data. Location data may be stored by all sorts of different applications or whatnot. You may find location data that puts somebody at the site of the murder at the time of the murder, and then you can see them fleeing at a high rate of speed because of their cell phone. They didn’t realize that their cell phone is keeping track of that kind of stuff.
[00:31:49] With things like Apple Watches now and whatnot, a lot of your health data is put onto your phone. So, if I get in a fight, my pulse is going to spike, that kind of stuff. There’s so much on there and you can find these little gems, and it’s awesome when you find these little gems that really sink somebody. It really makes you feel good.
Dan: [00:32:28] Lately, there’s been a lot of talk about artificial intelligence. What do you guys see on the horizon as investigators, as being potential problems or potential uses of AI?
Robert: [00:32:40] I know that and they say it’s AI, basically it’s a software that some of the digital forensic software that we use has some sort of AI element to help us with processing these devices faster and more efficiently, being able to go through tens of thousands of images and pluck out all the images that appear to be pornography or people’s faces or weapons. It’s actually surprising how well it works sometimes when you tell it, “Hey, go look through 50 some thousand images and give me all the pictures that look like weapons.” It’ll pull them up and it’s like, “Wow. All right. So, it looks like I need to go to this location on the phone and start looking at the other stuff.”
[00:33:29] It can at least point you in the right direction, if not give you the evidence on a silver platter. So, we’ve seen that. I know that they’re starting to improve some of the other imaging and video processing with that sort of technology. So, I’m looking forward to seeing software improve with the AI.
Dave: [00:33:50] With that said, if someone– You’re familiar with the term deepfake?
Robert: [00:33:54] Oh, yeah.
Dave: [00:33:55] So, there are concerns out there that somebody could just generate a surveillance video that looks like CCTV footage. It’s fake evidence. It’s contrived, it’s conjured, it’s not real. Can we have faith that law enforcement has the ability to see through that type of stuff?
Robert: [00:34:16] Yeah, I would think that for the most part, granted, I suppose someone could sit somewhere in their parents’ basement and tweak a video to the point that it looks legit. Even when you look at the byte level and look at the actual raw data, it’s like, “Oh, man, this thing looks like a legit video.” But most of the evidence we get, we like to get it straight from the source. And so, if I go and I pull it from a digital video recorder from a security system, I can tell it’s coming from there, so I’m doing it myself. It’s not somebody coming and handing me a video that they’ve tweaked, so I know where the source is, which is a lot harder to forge, if you will.
Dave: [00:35:00] That’s typically the patrol officer or detective would be going out to a convenience store at 8 o’clock at night and say, “Hey, can I get the security footage?” And they say, “Well, my manager’s got the password in their office, we can’t.” Can you overcome that? Can you just plug in and do a hard pull of all the data or do you actually need that type of access?
Robert: [00:35:22] Well, it depends. If we don’t want to shut the business down and shut the security system down with most of that kind of stuff, we can just bring it back to the lab and deal with it, I don’t care if I have the password or not. But for businesses, in general, we like to be kind to our businesses, and we want them to cooperate with us, we want them to like us. So, we try not to disrupt their flow of business and shut down their video system or their servers or anything like that. So, we try to work with them and get the passcode, so I can just extract what I want and leave everything up and running.
Dan: [00:35:59] With younger officers, I imagine that when they’re going through the field training program that there is now a section in that book. It’s a huge book. I remember you had to check off all these different boxes in this book. But are there areas of that book now that deal with collecting digital evidence?
Robert: [00:36:23] I don’t know, if they’ve specifically put it in there or if the training officers are just explaining it to them. I know I’ve put out some information out to the troops and said, “Hey, if you’ve got this, let’s collect it this way. If you’ve got this, let’s collect it that way.” There’re ways of collecting these devices that actually make it way easier to extract the data to get the evidence off of there. If they do the wrong thing at the front end, it can make my life so difficult or it could even make it almost impossible to get the data off. So, I know I’ve put some stuff out there. We’re putting together some department wide training, because it’s been a while since we’ve done it, probably been several years since we’ve done department wide training with digital forensics. But we try to do it every once in a while and explain to the folks how we should be handling this stuff.
Dan: [00:37:16] To kind of piggyback off of that, I recall when I was working with you that you quickly gained a reputation as being pretty resourceful and talented at what you were doing, and we had a lot of outside agencies reaching out to you to see if you could help them. Is that something that continues? I know a lot of the smaller departments around our state probably don’t have someone like you. So, are you being farmed out frequently?
Robert: [00:37:44] Yeah, we do. Currently, the sheriff’s office doesn’t have somebody, he up and retired. So, I’ve taken on their digital forensics. And then every now and then, I’m helping out other agencies. It’s a pretty tight knit community. So, if somebody comes to me with a problem, I’ll try and help them out as best I can. Or, if not, I can direct them to somebody, maybe somebody closer that can help them out. Everybody I know in the state that does digital forensics is super eager to help out other law enforcement agencies. So, in general, it’s not a problem to find somebody that’s willing to help an agency out if they need help.
[00:38:21] But at some point, it reaches a point where it’s like, you guys have enough cases. You’re big enough. You have a big enough budget. You need to really look at taking that leap and invest in the money and invest somebody into the digital forensics program. I know it’s expensive, and I know it’s time consuming and all that, but at some point, you got to take that leap.
Dan: [00:38:47] You mentioned money. About how much does it cost to get a program like this up and running and maintaining it? Because there’s training costs, there’s equipment costs, there’s obviously the salary of the investigators who are working that caseload. So, what does that look like budget wise fiscally for a jurisdiction?
Robert: [00:39:08] Oh, you could easily, easily spend $100,000 a year, easily. I don’t want to brag, but I just got a new computer, and it was close to 25 grand for a processing computer just to process this workstation to work on these cases. When you start talking about some of the proprietary devices and software for cell phones or for security systems or for vehicles, some of these things cost $10,000 plus a year just to have them and be able to use them. And some of the equipment can be astronomical.
Dave: [00:39:54] Dan was talking about how you assist others with investigations, but at the same time, you assisted me on plenty. I remember when you were first selected and going through all the trainings, and I was thinking, “Okay, I am going to work him to death because we have all this ICAC stuff.”
Robert: [00:40:12] [chuckles] You were kind of needy. [laughs]
Dave: [00:40:15] Well, I needed you to explain to certain people, the usefulness of having a digital forensics guy. But I remember one particular case that you and I had worked on together. We ended up at an apartment complex. We served a search warrant on the house. I remember it was a family that had several friends. There’re probably five people or six people in this three-bedroom apartment, but I remember we kind of rounded everybody up and said, “Here’s why we’re here”. We read the search warrant. We had this whole family of people in the living room. I remember while it was being read, just scanning the room, who’s going to have a reaction when they hear what this search warrant is all about? And there was one guy in the back.
Robert: [00:40:55] Oh, yeah, you always get that one guy. [laughs]
Dave: [00:40:57] He shrunk, his head went down, and I think both you and I at the same time said, “There he is. We got him. You guys can go back to bed. We need to talk to you.” But the usefulness of having you, the expert on the digital side of that, was these guys typically are pretty super users. They’re usually pretty well versed in software and how to be sneaky about their activity. It’s useful to have a digital forensics person in there who can wade through the bullshit and go, “No, I know that’s not true because you’re not talking to some dumb cop or dumb Detective Dave over there. You’re talking to me.” Those types of situations where you get in the interview room with these guys, do you enjoy that? Is that a moment where you’re looking forward to those types of cases?
Robert: [00:41:52] Oh, yeah. Because there’s some times where it’s like, “I didn’t do that.” And you’re like, “Well, this photograph was taken with a Samsung A32, this model of phone. Do you have one of those?” Being able to really get into the weeds and get those details and all those extra details can really sink somebody. And honestly, we get confessions because of it, because they know they are sunk, and so they’ll admit to certain things.
Dave: [00:42:26] That can be corroborated with evidence.
Robert: [00:42:29] Exactly. And a lot of times these guys, it’s true in all gamuts of law enforcement, they won’t admit to anything unless you basically show them, just point-blank show them evidence that says, “Look, right here, this is you doing this.” And they’re like, “Okay, you got me.” And to do that in the digital world is kind of awesome.
Dave: [00:42:51] Have you ever had any suspects, any opponents, adversaries outsmart you? You weren’t able to break them or figure out what they were doing?
Robert: [00:43:00] I’ve had people that made my life very difficult, but I’ve still managed to find ways to get my convictions. So, whether they try to encrypt a bunch of stuff and then it takes me forever to decrypt it, whether they try hiding stuff and I have to do a bunch of extra legwork to find it or to track stuff down on the internet with different companies. But for the most part, we generally can get where we want to get to for the most part.
Dave: [00:43:34] Is that like a challenge accepted-type moment for you?
Robert: [00:43:38] Sometimes, it takes a while. Sometimes, you’ll have some brand-new phone with some brand-new operating system. It takes quite a bit of effort to finally get into it, but it’s almost guaranteed, eventually, you’re going to get into it. It just takes time and effort and money.
Dan: [00:44:09] Looking back, I remember the San Bernardino active shooters, the husband-and-wife team, where they shot up a Christmas party that he was an employee at. I know that they had a lot of information on their cell phones and that there was a battle back and forth between Apple and law enforcement of trying to get into that phone. Has Apple and these other companies come to the table and talk to law enforcement about, “Hey, in certain cases, we’re going to help you, but in these cases, it’s got to rise to a certain degree before we give you any assistance.” What does that landscape look like?
Robert: [00:44:49] Yeah, Apple’s special. You have to realize they’re a business and part of their business model is based on security. That’s one of their selling points. If they didn’t have security, then their sales would be impacted. So, they’re totally fine with being as secure as possible, even if that means that it’s secure from the government. It almost seems like at some point, the government might have to step in and say like, “Look, you need to figure out a way to allow us into a phone or something like that, if we have a search warrant.”
[00:45:26] I know with that San Bernardino case, Apple’s like, “Ah, sorry, we can’t help you. The way it’s set up, it uses the passcode and causes the encryption,” and blah, blah, blah. They basically said they couldn’t help them. It took a private company, one of the major companies, that does cell phone forensics, to say, “Here’s how to get into it.” They actually helped them unlock it. And then I think there was some sort of action after that where Apple was trying to– They wanted to know how that company had gotten into that phone. It’s like, “Hey, tell us how you did that.” So, that’s one of those things.
[00:46:04] These companies are spending a lot of time reverse engineering these phones and these operating systems, and they get these proprietary ways of getting into these devices, and they don’t want to let that stuff out. And so, they’ll do the best they can to try to keep Apple or Google or whoever from learning how they are able to crack into these devices.
Dave: [00:46:28] I love that. If you’re not going to give us secrets, why would we give you ours?
Robert: [00:46:33] Yeah.
Dave: [00:46:34] It seems like common sense. What advice do you have for parents with kids who are either in possession of or approaching the age where they’re going to get a digital device? What are the things you see when you’re dumping these phones and getting all the info? What can parents do to better arm themselves for what’s happening in 2023?
Robert: [00:47:02] It boggled my mind when I started dumping teenagers cell phones, what was on there, and the amount of stuff that they were sharing, like, personal photos and the stuff they were saying and who they’re talking to and all that stuff. And most parents, they don’t keep up on what the latest chat applications are or what their kids are doing on their phones. My kids are starting to get to that age where I’ve actually given them some old phones to play on and do FaceTime and stuff like that. And so, I’ve made it a point to really be in control of what applications are being installed on there, be in control of the internet browsing, and there’re restrictions on what they can look at and stuff. Luckily, they haven’t tried to push the boundaries yet, but really being in the know of what’s going on that device. And the problem is, once they put their own password on there, their parent is locked out and they can’t get in there and actually see what’s going on on all these different applications.
[00:48:07] A lot of the applications themselves, whether it’s Signal or whatever, a lot of these applications can have their own password. Snapchat have its own password to log in to then be able to see the messaging. So, there can be a couple of layers where a kid can hide who they’re talking to, whether it’s an adult or other kids or whatever. So, you really have to make sure that you can get in there and see what your kid is doing. Honestly, just knowing what your kiddo is doing and maybe having restrictions in there to prevent them from doing stuff and know if somebody– maybe somebody a lot older is reaching out to them or somebody pretending to be their age is reaching out to them.
[00:48:56] The other thing I always tell parents is to really stress to their kids that anything they do in terms of the digital camera on their phone is going to exist forever. If they take a picture on their phone, it better be a picture that they’re okay with the rest of the school seeing, because we’ve had countless cases of teenagers at the high schools that they get a naked picture of some girl and they are passing them around like trading cards. Next thing you know, the entire school has seen that photo. And so, really stressing to kids like, “Hey, any picture you take and any picture you send off to somebody is now going to be out there in the public and everybody’s going to see it.” A lot of times, that’ll scare the kids into not taking certain pictures.
Dave: [00:49:46] I recall so many cases– Dan, I’m sure has heard this on plenty of calls you as well, where a parent asks police, “Do I have the right to take my kid’s phone away? Do I have the right to look in my child’s phone? Do I have the right to monitor what apps? Do I have the right to have the passcode to the phone?” And my answer always was yes, yes, yes, yes, yes. Until that child is 18 and out of your house, you’re responsible for them. We have crimes in our state that parents can be charged with for failing to supervise their children. So, if it gets out of hand, then parents can be on the hook for whatever their child’s doing. Do you run into that still where parents don’t understand that they are the king of the castle and the kids don’t run the roost?
Robert: [00:50:38] Yeah, we have a lot of parents that are really hands off and the kiddos become so entitled. “This is my brand-new iPhone 14 that costs $1,000.” It’s like, “Well, did you pay for that? Are you paying for the service?” “No.” But they’re so entitled and the parents just back off and let some of these kiddos really rule the roost. You almost have to start from the very beginning and make sure that the kids understand that, “This is a privilege and I’m letting you use this phone, but I need to be aware of what you’re doing on there. And at any point in time, I can go in there. If you start locking stuff down, then I’m taking it away.” Because if they’re not doing anything wrong, they’re not really going to care if you’re looking at it or whatever.
Dave: [00:51:27] Right. I stress the contract between parents and their kids with digital devices. The main message to parents is, be nosy and take charge of your child’s device. If they’re not playing by the rules, they lose it. It’s a privilege. It’s not life or death. It’s your job to steer your child around the potholes that none of us as adults now. We never had to deal with this back in our teens. So, it’s a different landscape, but we really want to empower parents. There are ways for you to overcome this and reduce your own stress. Just be vigilant. You have to stay on top of it and be observant.
Robert: [00:52:09] Really start when they’re young, so they understand, “This is a privilege and I’m going to let my parents look and I’m not going to hide stuff from my parents.” And so, it doesn’t reach a point where it’s like, “Oh, gosh, I have never looked at my kiddo’s phone, but now that they’re 16 or 17, I’m going to look at their phone.” That’s probably not going to–
Dave: [00:52:27] That’s going to start a fight.
Robert: [00:52:29] Yeah.
Dave: [00:52:30] I think my big takeaway here is the volume of phones that land in your office, and that you and your partner, Justin, download and review. I think it’s really impactful for parents to understand that even innocent little Johnny, he might have some fairly suspicious, concerning, sometimes criminal photos, information, conversations, those types of things. I think it’s an eye opener to parents that just in our little small town that you’re seeing dozens of these a month, probably, you’re getting at least a couple of phones a day, not necessarily from kids. But this is nonstop and this stuff spreads like wildfire.
Robert: [00:53:14] Yeah. If you think about the people that like to prey on kids, they’re going to find the way that’s most effective. If that means I’m going to be super nice, I’m going to offer them things, I might even pretend to be younger than I am, things like that. I think of my kids and they’re naive. They would totally fall for things that, as an adult, you’re like, “How in the world does somebody fall for that?” But kids do. And so, you really just have to be in the know and be nosy about what’s going on in their digital world.
Dave: [00:53:50] Robert, I wanted to thank you for your time. I know it’s precious and I know you guys are stretched pretty thin currently, so I greatly appreciate the time. And please pass that along to command staff there.
Robert: [00:54:03] Yeah, good to see you, guys. I miss you, guys. People don’t realize, and maybe they do. But people don’t realize how much fun you guys were to work with. Honestly, it was a blast. I’m 25 years and retirement is not too terribly far off. I start to think back about the people that I worked with that were memorable, and you two were definitely memorable and fun to work with. We had a lot of good cases, caught a lot of bad guys, and did good stuff, and had fun doing it.
Dave: [00:54:33] Well, we appreciate that.
Dan: [00:54:34] Great to see you again.
Dave: [00:54:37] On the next episode of The Briefing Room.
Forensic Interviewer: [00:54:39] As a forensic interviewer, we want to give a chance or an opportunity for a child to be able to tell about events experienced in the past from their perspective in a way that it comes from the child’s voice kind of building that credibility of a child, because children already start out at a lower sense of credibility in our society. And so, we want to make sure we give them the opportunity to talk about what they have experienced.
Dave: [00:55:07] That’s next week on The Briefing Room.
Yeardley: [00:55:10] The Briefing Room is produced by Jessica Halstead and co-produced by Detectives Dan and Dave. Executive producers are Gary Scott and me, Yeardley Smith. Our production manager is Logan Heftel. Logan also composed the theme music. Soren Begin is our senior audio editor. Monika Scott runs our social media, and our books are cooked and cats wrangled by Ben Cornwell.
[00:55:35] Thank you to SpeechDocs for providing transcripts. To read those transcripts or to hear past episodes, please go to our website at thebriefingroompod.com. The Briefing Room is an Audio 99 production. And I cannot go without saying thank you to you, all of you are fans, you are the best fans in the pod universe. And I can say with complete confidence, nobody is better than you.
[Transcript provided by SpeechDocs Podcast Transcription]