Cracking phones, solving crimes: How crime solving has advanced with cell phone tech

GILLETTE — There’s an evolutionary component to crime.

The never-ending game of cops and robbers has always had a back-and-forth nature, with both sides trading leads as they learn how to one-up the other while avoiding that same fate.

But as technology, including cell phone technology, has advanced, so have the digital and cyber elements of crimes and investigations into those crimes.

“It’s always a foot race,” said Gillette Police Detective Cpl. Dan Stroup. “But it’s a foot race with us and the bad guys, and it’s a foot race with us and the tech companies.”

As crimes have evolved, so have the investigations into solving them. 

Technology has always played an important role in that evolutionary process. As cell phones have become further ingrained in day-to-day life, their omnipresence has helped law enforcement solve crimes through evidence once unattainable.

Information from phones could guide the inquiry into simple, but often hard-to-answer questions of who, what, when, where and why. Maybe a photo proves a person was or was not at a particular location at a precise time. Or, maybe that photo’s geolocation contradicts an alibi.

Maybe, like in a series of robberies that occurred in Gillette in 2016, the suspect’s phone could provide the Google search history that revealed he looked up “Gillette Police Department Domino’s robbery” soon after the crime occurred, but before it was publicly reported.

“We were able to say ‘We don’t know if he was there, but we know his phone was there,’” Stroup said. “No one goes anywhere without their phones.”

Or in the homicide case of a 3-year-old from 2016, when cell phone data showed that the suspect made Google searches around the time the crime occurred, asking detailed questions about specific potential injuries.

While investigators may know that crucial information sits inside the memory chips and cloud-based servers associated with a cell phone, gaining permission to search and having the ability to break inside complicate the task.

Stroup began working with the computer forensics unit of the Gillette Police Department when he joined the force around 2008. Since then, the role of cell phones in committing and solving potential crimes has changed drastically.

“As time has gone on, it’s kind of been simpler and harder at the same time,” Stroup said. “Back when we started doing all of this, there were umpteen different kinds of cell phones.”

The Motorola, Kyocera, Blackberry and numerous other phone brands came with their own proprietary protections, making accessing each its own unique puzzle to solve but also far less complicated than modern phone security.

Now there are two, much more sophisticated, phone systems: Android and iOS.

“While that’s gotten simpler, the devices themselves have gotten more complex,” Stroup said.

When he began working in computer forensics, which encompasses cell phone forensics, the information available from cell phones was relatively rudimentary.

Phone records could provide call logs, text messages and contact lists that helped with drug investigations and some other crimes, but fell far short of the informational wells people carry in their pockets now.

It’s just a matter of tapping into them.

“On the old phones, there was no such thing as a lock,” Stroup said. “Now, with some of the devices, they’re virtually uncrackable. Gaining access to devices has been a real big challenge.”

For law enforcement, there are multiple hurdles to gaining access to the contents of a suspect’s cell phone.

Gaining permission to search phone records is the first hurdle.

Detectives have to build a nexus of probable cause, providing reasons to explain why they believe the phone contains evidence connected to the alleged crime at hand.

“The way that (phones) are now, you’re packing around a filing cabinet, your gun safe, all your photo albums — you’re packing everything into this phone,” Stroup said. “The intrusion on the privacy really, really needs to be examined.”

Search warrants are sought on the majority of major cases that come through the Gillette Police Department, Stroup said.

“And we’re very careful about that,” he said. “We don’t want to lose any evidence, because there’s such good evidence on some of those phones.”

Then there’s the challenge of entering the locked phone itself.

“I can get a warrant all day long, but if I can’t unlock the phone, there’s not much I can do with it,” he said.

Stroup referenced a 2015 terrorist attack in San Bernardino, California, where Apple denied federal law enforcement access to the iPhones belonging to the perpetrators. That served as an early example of the ongoing dilemma of balancing the protection of personal privacy with what may at times be a matter of public safety.

Hence the foot race between criminals, law enforcement and technology companies.

While they may not get much help from the technology companies, the advancements in privacy protection and encryption have been met with growing knowledge and ability to get past those barriers.

“There’s a lot of different ways other than just a password to get into a phone,” Stroup said.

Past the officer and detective cubicles housed within the Gillette Police Department, a soft humming sound comes from behind an inconspicuous door.

The room behind that locked door looks like a closet, sounds like a fan and is home to the high-end computing power and sophisticated software that cracks open and filters through the thousands of pieces of information contained within phones and hard drives.

“This is where everything happens,” Stroup said.

Stroup and Officer Jeremiah Wagner, both of whom man the computer forensics team, are the only ones with keys to the unassuming lab where a large computer tower and two monitors sit on a table. The rest of the room is storage for older machines, filled and almost-full hard drives and aged computer manuals for older versions of Windows and iMac.

Once they get the phone and permission, they start to figure out how to sift through all of its contents.

“Most of the time, you’re not attacking the data from the front,” Stroup said.

First they migrate the phone’s data onto the computer, the Forensic Recovery Evidence Device, or F.R.E.D., then it’s a matter of sifting through what can at times be hundreds of thousands of nuggets of information. Those nuggets, known as “artifacts,” include everything from phone contacts and pictures, to past Bluetooth networks and geolocations from photos taken.

Even the ridiculous cartoon avatars from cell phone games downloaded, deleted and forgotten about make their way into the ocean of intel pulled from the device.

It’s a mountain of work for the detectives trained in processing it, which makes it even more daunting for the other officers or detectives working the case. Before it makes its way back to them, it goes through Stroup first.

“I’m the filter,” he said.

But he has help.

The software they use, from Magnet Forensics, collects those artifacts and creates a searchable database to narrow the field down to points of interest for the investigation.

Stroup and Wagner view and categorize the information from a desktop monitor display. The software is able to filter the information and data points into all kinds of buckets, flagging artifacts recognized by keywords such as “gun” or “drugs” or “bedrooms.”

“It’s scary accurate,” Stroup said.

There’s a keyword function to narrow down relevant messages or even credit card numbers, and a filter that checks for flesh tone colors, pulling photos that may be relevant to child exploitation cases.

Once compiled, the vetted information can be condensed into “portable cases” given to the officers working the case or to be presented as evidence. “Portable cases” can print as paper reports or display similarly to websites, to present videos or other pieces of evidence.

Criminal cases have been won and lost based on the tedious search through those thousands of pieces of information, often collected and stored unknowingly while sitting in someone’s pocket.

Both criminals and cops have adapted to the fast-tracked rate technology has evolved over the years. Meanwhile, as cell phones have become more integrated into daily life, they have doubled as repositories for the minute details of their users’ existence.

Whether on the cloud or on the phone, that information is hard to conceal.

“More often than not, the adage of ‘Once it’s out there, it’s out there,’ is true.” Stroup said.

In time that adage has evolved. It’s true that once digital information is created, it’s often out of its originator’s control.

But now more than ever, once it’s out there, it can be found.