Improving the way investigators discover and subpoena digital evidence

Overview

We live in a society with a dependency on technology that grows exponentially as the number of electronic devices increases. It has become convoluted for criminal investigators to efficiently acquire necessary digital evidence from third-party providers (such as Facebook, Google, and Uber) to prosecute a criminal case. This difficulty in the acquisition of evidence arises as a result of third-party providers each having unique requests and specific procedures to collect information. This acts as a roadblock as many third-party providers offer valuable data that can be pivotal to the outcome of an investigation. Investigators currently request data using methods based on the anecdotal experiences of other investigators which may be incomplete or inaccurate. This makes it particularly challenging, especially for seasoned investigators, to request and collect this data, know which data is available and apply the appropriate warrant to the request. This often results in investigators needing to sift through incomplete information from various disparate sources. Investigators are deprived of a streamlined and unified user experience when performing an investigation or prosecuting a case. This makes it extremely difficult for experts to stay up-to-date on the correct evidence collection procedures.

Approach

The California Attorney General Office’s E-Crime Unit approached California Polytechnic State University’s Digital Transformation Hub (DxHub) powered by Amazon Web Services, with the intention of reinventing the methodologies investigators use to find and acquire digital evidence. To find a solution this problem, the E-Crime Unit team participated in the DxHub’s innovation process which utilizes Amazon’s Working Backwards methodology. After identifying and defining the problem, two main focuses of the theoretical fix were determined. Firstly, the solution would be most effective if it could be used by any professional including under-resourced investigators with little exposure to digital evidence training. It was also crucial that the solution would have intuitive searching mechanisms focusing on both the crime and data type for a case. The DxHub would build a prototype using AWS technology that would allow investigators to quickly and clearly understand what data is available from different popular technology platforms. In addition, the solution would assist investigators through the appropriate steps needed to issue a search warrant while providing resources to make that process easier. The platform is based on investigators using details of the investigation such as crime or desired type of information to determine the best course of action when collecting evidence. It is important to note that the investigator is still responsible for correctly tailoring a warrant to the individual case, as these recommendations are based on general legal practices.

Innovation in Action

The portal contains two parts; the first maps different digital data types to specific third-party technologies. Using input from the community of investigators, officers can share their discovery of new digital evidence types used by new third-parties in a digital forum. The second section assists investigative officers in understanding how to best request evidence from a particular third-party provider. This application will allow users to add new third-parties to the database by providing URLs to third-party provider Terms of Service and Privacy Statements to automatically collect and record data types for those entities. The system will then use AWS Lambda to parse and store the resulting meta-data using Amazon’s  .  The information is reviewed by a team of moderators and then passed to the user community who can curate and improve the system. The serverless web application was built with AWS Simple Storage Service and Amazon’s API Gateway. The user interface uses a React application and AWS Amplify to manage resources. The system can store opinions and other community feedback and ranks each warrant page using AWS CloudSearch. A composite relevance score is calculated that is based on historical usefulness and the CloudSearch metrics to assist investigators in quickly finding the information they need to get a subpoena.

Next Steps

The DxHub team is continuing to work closely with the California Attorney General’s Office E-Crime Unit and have begun to build a pilot version of this application to evaluate the effectiveness in the field. The development of this pilot demonstrates the effectiveness of the Working Backwards innovation process and will assist investigators in discovering and requesting information from third-party technology providers.

Supporting Documents

Amazon’s Working Backwards process results in several artifacts that help inform and guide the end result. Below is a description of each and their purpose in the process:
Press Release & Frequently Asked Questions During the Innovation Workshop, a fictional Press Release and nonfictional Frequently Asked Questions are drafted. This is a tool that is used to define the solution and why it matters to the customer.
Storyboard A series of frames designed to illustrate the problem and the impact of the solution visually.
Source Code Source code for the front end Web Application that allows users to interact with warrant data.
User Interface View the initial design in this interactive mockup.

About the DxHub

The Cal Poly Digital Transformation Hub (DxHub) is a strategic relationship with Amazon Web Services (AWS) and is the world’s first cloud innovation center supported by AWS on a University campus. The primary goal of the DxHub is to provide real-world problem-solving experiences to students by immersing them in the application of proven innovation methods in combination with the latest technologies to solve important challenges in the public sector. The challenges being addressed cover a wide variety of topics including homelessness, evidence-based policing, digital literacy, virtual cybersecurity laboratories and many others. The DxHub leverages the deep subject matter expertise of government, education and non-profit organizations to clearly understand the customers affected by public sector challenges and develops solutions that meet the customer needs.