With more than 20 years of experience investigating homicides and crimes against children, author and retired detective Chad Gish understands the importance of digital evidence all too well. Reflecting on the past decade of  his career, it’s difficult to remember a single criminal case that wasn’t solved outright or significantly aided by digital data. Assistant District Attorney (ADA) Jan Norman, a senior prosecutor in Nashville, Tennessee renowned for her tenacity in the courtroom, agrees. She was recently asked by Jad Saliba of Magnet Forensics about changes she observed in the importance of digital information over her 16-year career, particularly in relation to violent crimes. ADA Norman responded,

When I came in, there were very few cases that had digital evidence. Most of our cases were about DNA and it was all physical evidence. Now I feel like every single case is a case where I need to go meet with our digital forensics experts.

After describing a murder case where digital evidence was critical, ADA Norman quipped, “The only thing I don’t want to happen is for suspects to not have cell phones.” For those familiar with her reputation as a hard-hitting prosecutor, this statement carries immense weight.

Today, digital information often takes precedence over physical evidence with investigators quickly seeking cellphones, doorbell camera footage, cloud account data, vehicle infotainment records, CCTV recordings, and more. Investigators depend on this “digital gold,” often to the extent of making it their primary resource. This increasingly complex array of digital evidence can cause challenges if agencies are not equipped to keep up with the ever-changing digital landscape.

A significant obstacle in creating and maintaining a well-equipped laboratory can be the expense of specialized software, hardware, and training. Acquiring and maintaining these tools can be expensive, and although ongoing training is essential for personnel to obtain the necessary education and certifications, it too can be costly. Additional expenses are related to data storage and maintaining a lab’s infrastructure. However, when compared to other investigative methods such as DNA analysis, a digital lab is relatively affordable and an essential investment. This is particularly true since nearly every victim, suspect, and witness carry a computer in their pocket—their mobile phone.

Staffing a lab can also be challenging given the current lack of interest in policing. Prospective candidates may opt out of a career in policing for various reasons, including perceived danger of the job, lower salaries when compared to the private sector, and the demanding nature of police work. Police leaders often wrestle with staffing challenges in various sections of their agencies such as patrol and violent crime units. As a result, digital labs are sometimes relegated to a lower-priority status because of higher demands in what may be seen as more essential areas.

The forward-thinking leadership of the Metro Nashville Police Department (MNPD) has long recognized the importance of digital evidence and provides continuing support in maintaining and updating its two labs. In 2005, Chief Ronal Serpas approved and built the first lab when digital forensics was in its infancy. Chief Steve Anderson continued this support by updating our state-of-the-art lab and adding a second lab in the Specialized Investigative Division to help with the influx of devices. Chief John Drake continues this legacy by ensuring the agency’s labs are continually updated with the latest and most advanced technology, as well as ensuring the investigators who work in the labs have cutting-edge training. MNPD serves as a benchmark for police digital forensic operations. To illustrate MNPD’s successes, the following are just a few cases that were either solved or significantly aided by digital forensics:

• Aggravated rape at Vanderbilt University
  • Murder of NFL Quarterback Steve McNair
  • Covenant School shooting/murders
  • Murder of Laquisha Terrell and her unborn child
  • Waffle House active shooting/murders
  • Nashville Christmas Day Bombing
  • Murder of 11-month-old Roger Harris, Jr.
  • Murder of Tiffany Ferguson
  • Murder of Caitlyn Kaufman
  • Murder of Will Warner
  • Attempted murder of Gracey Perryman
  • Murders of Jamie Sarrantonio and Bartley Teal
  • Murder of 17-month-old Eloise Costanza
  • Murder of 9-month-old Jream Jenkins
  • Murder of 3-year-old Lalani Tamkin
  • Theft of laptops from the Nashville Election Commission
  • Murder of Veronica Bozza
  • Murder of 8-year-old Sam’marie Daniel and her 5-year-old sister Samaii
  • Murder of Robert Payne
  • Murder of Teddy Grasset
  • Murder of Louis Lisi
  • Murder of Robert Darden
  • Murder of Jeremy Green
  • Murder of Eric Jackson
  • Hundreds of crimes against children

Collaboration among police agencies, subject matter experts (SME), and prosecutors is crucial for maximizing engagement and support for digital forensics efforts The following are five helpful strategies for enabling this collaboration and tips for establishing a new lab or expanding an existing one:

1. Cost-Sharing: Explore initiatives where agencies can share resources or equipment for digital investigations. Cost-sharing initiatives can allow leaders of smaller agencies to collectively combat crime while easing the financial burden by sharing the expenses associated with a digital lab. Establish joint task forces that can combine resources to address specific cases, promote collaboration, and improve communication channels, enabling everyone to work seamlessly as a unified team. Consider partnering with a federal agency and assigning personnel to become federal task force officers (TFO). The U.S. federal government has extensive resources, including considerable financial assets, a highly trained workforce, and advanced technological infrastructure. Additionally, some devices will be extremely challenging to extract data fromor s may be badly damaged, often requiring assistance from advanced labs. The high-end labs operated by the Federal Bureau of Investigation, Homeland Security Investigations, U.S. Secret Service, and the Bureau of Alcohol, Tobacco, Firearms, and are often a necessity in these more difficult scenarios.

2. Mutual Aid Agreements: Formalize assistance procedures during complex digital forensics investigations by establishing mutual aid agreements between agencies. These agreements should outline terms such as resource and expense sharing, role clarification, and jurisdictional coverage. Having agreements in place can facilitate effective cooperation, especially during major cases such as active shootings, bombings, or terrorist threats.

3. Grant Funding: Grant funding is a valuable resource for acquiring equipment, training, infrastructure, and other necessities for digital forensic investigations. While larger grants like the Justice Assistance Grant (JAG) and Internet Crimes Against Children (ICAC) are well-known, there are also lesser-known grants that can help. Companies such as Magnet Forensics offer significant assistance in identifying, writing, and obtaining grants for digital forensic platforms and technologies through grant assistance programs.

4. Technical Guidance: Create relationships with respective organizations in the digital data realm who can help establish best practices or are universally respected. Organizations such as the Scientific Working Group on Digital Evidence, National Institute of Standards and Technology, International Association of Computer Investigative Specialists , High Technology Crime Investigative Association, and the National White Collar Crime Center play essential roles in the advancement of digital forensics through standardization, training, certification, and collaboration among professionals.

5. Regular Training Workshops: For established labs, plan regular training sessions, workshops, and seminars involving examiners, investigators, prosecutors, and front-line supervisors. These sessions provide opportunities for knowledge exchange, skill development, and staying updated in emerging technologies and the best practices in digital forensics. Consider inviting software vendors and SMEs to these workshops for more in-depth training and conversations. Even though this is the last on the list, it could be the most important as it helps share the burden of analysis with front-line investigators who often need to place eyes on the data immediately.

Fifteen years ago, digital forensics was considered “nice to have.” Today, it is a necessity. By implementing these strategies, strong partnerships can be built to maximize the effectiveness of digital evidence analysis among agencies. The importance of digital evidence gains increasing recognition with each passing year. Organizations such as the International Association of Chiefs of Police  have long understood the impact of digital data and have actively emphasized its value through seminars, presentations, and discussions with police leaders around the globe.

The crime scene perimeter of a digital investigation far exceeds the physical boundaries marked by yellow tape. Evidence can originate from an array of sources, including mobile devices, computers, external storage devices, social media providers, cloud services, email servers, internet service providers, “smart” devices, corporate networks, and servers, among others. Each piece of evidence must be sought out, as even a seemingly insignificant clue could lead to a wealth of previously undiscovered information. It’s crucial that investigators possess the capability to access it. But successful implementation requires support from leadership—without this backing, the field may miss opportunities to unlock the immense power of digital forensics.

Please cite as

Chad Gish, “The Power of Digital Forensics,” Police Chief Online, December 3, 2024.