More law enforcement leaders are taking an active role to get the best mobile forensic tools training and support for their agencies and that is a good sign.
That statement is from a newly published interview with Greg Masterson, a former police officer and head of the Union County, New Jersey High Tech Crime Unit, now a technical sales engineer with MSAB. It’s just one of many interesting observations and insights in Greg’s interview with Forensic Focus, covering the latest trends, challenges and areas of progress in mobile forensics, and much more. Read on:
What is your background and how did you get started with Digital Forensics?
In 2002, I had been a police officer in New Jersey for nine years when I joined the Union County High Technology Task Force (HTTF). I came from a detective position so I was immediately tasked with investigating computer crimes and interacting with online predators in an undercover role. HTTF members attended computer forensics courses and completed forensic examinations on laptops, PC’s and servers. It was a growing area at the time, so the tools were basic and deep dive analysis was the norm. My assignment lasted over six months and I completed several large scale child pornography trading ring and other high profile cases. In 2003, I was hired as a detective by the Prosecutor’s Office.
A few years later, I was promoted to lead the High Tech Crime Unit (HTCU). I combined our Electronic Surveillance Unit and the HTCU was able to hire additional staff, and obtain funding for training and more forensic equipment. After some growing pains, I was able to obtain the support and additional funding from our command staff. This provided our examiners more high level training and I encouraged them to obtain recognized forensic certifications.
The next step was to address our increasing backlog of examination and technical requests. In March 2018, with the support of our County Prosecutor and Chief of Detectives, I presented the framework for a Cybercrime Task Force during a presentation to the Union County Chiefs of Police Association. The idea was met with enthusiasm and their full support.
In 2018, The Union County Cybercrime Task Force (CTF) was launched with a goal of reducing the turnaround time for forensic exams by distributing training and equipment to sworn staff from each municipal department. After two assignments to the CTF, lasting about six weeks each, the officers are trained to immediately react to technical and forensic requests after returning to their departments. This effort is ongoing. By assigning these CTF members to a frontline forensics and technical role, the goal is to have examinations completed by local officers, reducing the number of examinations submitted to the county forensic lab.
What drew you to MSAB?
When I was a customer, I had provided feedback to MSAB about XRY, their mobile device extraction platform. MSAB contacted me about the feedback via email. They followed up later with a visit from the Customer Success Team, who wanted more information about our use of their product by our front line forensic examiners. I realized that MSAB is genuinely listening and responding to law enforcement’s needs — I was impressed. A company with a worldwide footprint like MSAB that still recognizes the importance of their customer relationship was something that left a great impression with me. In July, I had completed 25 years in law enforcement and I was thinking about what I was going to do next. I had a great career and did some very interesting work but was ready for some new challenges. By October, I was working for MSAB.
What does a typical day in the life of a Technical Sales Engineer look like?
Coffee! Then a check of email to find out what new product improvements are being rolled out by our R&D team. Like mobile forensics overall, the MSAB platform is evolving, with new usability and features added all the time. It is vital that the TSE’s stay on top of changes and improvements, because we will be talking about these improvements to our customers and potential customers.
Technical Sales Engineers travel a lot and meet with law enforcement agencies. Much of our time is spent in front of forensic examiners and law enforcement supervisors during sales meetings, customer workshops, online instructional webinars and conferences. In my first four months, I have traveled to 11 US states, Canada and Europe.
The remaining time is spent following up with technical questions posed during meetings, road testing new software improvements, and completing my own examinations to keep my abilities current.
What is the most rewarding part of your job?
There are lot of rewarding parts of my job.
I really enjoy meeting with examiners who are set in their ways and their routine, but also recognize that they are losing the battle to stay ahead of the number of examination requests. I’ve been there and understand what they are facing. In those meetings, I conduct a demo of XRY and XAMN. I use our software in real time, answer their questions, and note the numerous options they have when using XRY, XAMN, and XEC Director. When the group starts to ask a lot of questions, there is often a turning point in the discussion. Something has “clicked’ – the “Lightbulb moment” or whatever you want to call it. I enjoy it when the examiners and command staff begin to see that our ecosystem can change the way they work – for the better. These aren’t just separate tools but a whole system that when combined can retrieve more data, provide a more streamlined way to review information, and make management of this huge amount of data and evidence so much easier.
Very few agencies are able to add three or four new examiners to their forensic unit staff, regardless of the workload. That leaves an increase in efficiency as the only remedy. I enjoy talking to customers about how to make their processes more efficient and help them achieve their goals using our tools.
I enjoy the case studies. These are the result of a call from an officer who has cracked a tough case using our tools. Those “wins” make this very rewarding work.
How does coming from a law enforcement background assist you in helping customers pick the best solutions/tools for their needs?
Because I’m former law enforcement and because I’ve supervised a forensic team, examiners understand that I have dealt with many of the same problems they are facing. We can dispense with the rudimentary discussions and get directly to the issues they are facing and ways we can help. We get right into to a review of the products and methods that will solve their problems. Customers recognize that what I am saying is coming from a goal-oriented mentality that many of them share. They have a monumental task; we offer ways to make those tasks faster and more efficient. I’ve been on their side of this relationship, and questioned visiting vendors exhaustively. They know they’ll get a straight answer to their question.
Integrity is the key. I tell them upfront that I don’t know everything. I often answer their questions with “I don’t know, but I will get you an answer.” I follow up.
When your goal is assisting law enforcement and helping them do their job better and more efficiently, you become part of their efforts to solve crimes and make people safer.
Have there been any particular concerns within digital forensics that have been raised by users you’ve met, and why do you think that is so?
Forensic unit staff and supervisors are increasingly concerned with the integrity of evidence, not just on exam day and during collection, but over the long term. It is easy to be shortsighted, especially with a huge workload in front of you. We naturally focus solely on the examination at hand, getting it completed and moving on to the next.
Customers who test the integrity of their own data and verify their exams already understand that proving evidence hasn’t changed within their examination is the key to successful testimony for examiners.
The integrity of the extraction process, the resulting data and the training and experience of examiners will increasingly come into question as defense attorneys become more technology savvy. This will require forensic tools that have verification and logging processes in place to answer all of the questions that will be raised in court. MSAB has this covered.
What trends are you seeing in the digital forensics industry currently and how are MSAB solutions working to meet these challenges?
I see a few trends:
- The distribution of the forensic workload to investigators/examiners in the field.
- An increase in examinations by correctional facilities.
- More executive level attention to maintaining a properly run digital forensics unit.
The first is a transition that will require a rework of a lot of widely held beliefs in the law enforcement forensic field. Like many supervisors of digital forensics units, I was resistant to forensic training courses or examination responsibilities being assigned to anyone other than those permanently assigned to our forensic unit. However, not every exam requires a level of expertise you find in most labs. Every day, there are examinations being completed that require less advanced skills. A very straightforward exam requesting limited data (a request for “Calls, SMS and Email”, for example) can be completed by frontline examiners with a more limited skill set. By utilizing customized workflows on easy to use equipment, these frontline examiners can complete exams on their own. Targeted training for these examiners is a key component of this transition.
MSAB offers a comprehensive platform — the Ecosystem — that includes advanced tools for more advanced examiners with our XRY Office suite, simplified tools for the front line examiner with our tablet and kiosk products, a way to deploy these front line tools while maintaining control over access and the ability obtain real time statistics and logs for supervisory staff using XEC Director.
This model reduces the workload submitted “up stream” at the forensic unit/lab to reduce their backlog. It frees your highly trained examiners to dedicate more time to the difficult examinations. Keep in mind that unsuccessful exams by the frontline users may still be referred up to the forensic unit/lab for further work. I often use the analogy that you don’t want to pay your highly trained mechanic to change your tires. It’s inefficient. The mechanic will have someone with less training handle tire changes and oil changes so that he can work on the more difficult repairs and troubleshooting.
The second trend I see is increased forensic support in our correctional facilities and jails. Law enforcement has known the value of the information found in correctional facilities and jails for many years. I worked closely with our Intelligence Unit and the analysts who were assigned to interview suspects in jail. The amount and quality of information gathered from them was incredible. These are people who are in the system, who know the players, and know the streets. They have an understanding of crime from an inside perspective. The trend towards acquiring information from phones found in the correctional system was the next logical next step. Our kiosks and tablets are a good fit in the correctional world. Easy access, our easy-to-use interface and the automated submission of the data to a central point for review and analysis is a leap forward for these intelligence gathering efforts.
The last big change I see is direct executive staff involvement in decision making regarding mobile forensics, as many agency leaders realize the long term benefits of properly staffing and supporting these units. There is no escaping the fact that almost every investigation now has a digital evidence element. The mobile forensics team becomes a center point for many of these investigations. It’s a good sign that law enforcement executives are taking a bigger role in ensuring that their staff have the proper tools, training and support.
Retention has become a big topic of discussion among them and good leaders recognize the value of their technically trained investigators and examiners. MSAB training courses for examiners, investigators and analysts provide the knowledge to get the most productivity from your staff.
XEC Director provides oversight of our growing Ecosystem to ensure that these invested leaders can see progress and see that the goals are being reached. Easy-to-read activity reports with examination statistics and real time numbers help the supervisors justify funding for more training and equipment.
This interview was previously featured in Forensic Focus.