Chapter 1: Introduction

It is unlikely a connected person can conduct many activities in their day without technology accumulating and storing data created by their activities and online interactions with other people. Technology is a driving feature of many individuals’ lives, but few users understand what is happening behind its functional level. Large amounts of personal data are being generated from the multitude of technological devices we interact with each day that are stored by manufacturers and service providers and used for profiling and sale. Once this data is generated and stored, evidence of activity remains on the devices and/or corporate servers where it can be used to build a profile on an individual including their personality which becomes more accurate as more data is accumulated.

Where people forget what they have done, technology never does.

This is the environment we live and work in and it shows no signs of changing in the future. Consumers embrace technology with a limited understanding of how it works beyond its features and how it can enhance their lives. Choice is made for personal reasons including its usability, brand, style and price. We live in an “always connected” culture where purchased devices are often set with all features ‘on’ by default, logging the user’s activities and movements with the producer’s intention to share that information buried in a long policy document.  Data collection may be the primary objective of the manufacturer and the device is the portal to obtain user data without much concern for user privacy.

Today the thought of not being connected causes anxiety and stress amongst many consumers; such is their reliance on technology and ‘Fear of Missing Out’ (FOMO) on what is happening on social media. When social media platforms such as Facebook or Instagram cannot be connected, consumers turn to Twitter (or X as it is now known) to express their concerns and seek information as to when these sites will be back online. As consumers submit more of their lives to technology, personal barriers, such as deciding when not to use technology or share personal information about their lives, are broken down and technology in turn becomes more useful and invasive. Some generations know nothing else other than being fully connected.

Law enforcement, government and private investigators will benefit from understanding the quantities of data being generated through the multitudes of technology in our society which in turn becomes digital evidence in their investigations should they be able to gain lawful access to it. Individuals will also benefit from understanding what the technological devices they interact with on a daily basis collect, what data is stored about them and how, when combined and analysed across other digital devices, this data can provide an accurate profile as to who and what they are as a person.

This mass accumulation of data can be used by investigators in the same way as fingerprints, photographs and DNA technology (which were also new innovations in their time) are used by investigators to solve crimes. What was once cutting-edge technology is now standard investigation strategies used without a second thought.

There is so much technology blended into our lives and environment, that much of it is seen but not understood. That is, it is so common that we do not accept it as anything unusual. To the investigator, if a device or form of technology is collecting potential data, they are open to using it and learning its relevance to the investigation. If you are an investigator, incorporate technological data into your investigation and see where it leads you as it has as much relevance as any physical object left at the crime scene.

It is becoming rare that a criminal or civil offence does not contain digital evidence of some description. The homicide scene can be analysed using the multitude of digital devices within a smart home, the bank robber can be investigated using digital analytics of the getaway car and the professional fraudster cannot operate without using the multitude of technology available to them. Criminals have knowledge about the uses of technology, however, with the rapid evolution of technology they leave many traces of evidence which can be used to identify and hold them accountable for their actions.

This book will identify and discuss many different forms of technology that can be used by the detective or civilian investigator. Some of these will be basic items investigators have been using for years such as computers and phones, however, we will analyse these devices and see what potential evidence there is that we may not have known existed and how it can be used.

We will also introduce many of the smart devices that are in homes, businesses and cities which may be as useful as a CCTV pointed into the crime scene at the crucial time. These devices record a wide range of activity within their scope, which will provide the investigator with a lot of material that would have previously been unknown. The individual seeking an understanding of the technology they are welcoming into their homes and lives will learn about what these devices are collecting that they may be unaware of.

We will also pay particular attention to the motor vehicle which is becoming as much a computer as the desktop sitting in the office. Smart motor vehicles are the forerunner to autonomous vehicles and accumulate much of the activity of the vehicle and occupants. With a fully computerised smart car, there is little an occupant can do in the vehicle, which is not recorded and, in many cases, transmitted to the vehicle or component manufacturer. This data is also potentially valuable evidence available to an investigator depending upon the circumstances of their case.

With the accumulation of so much data, much of it is available to the investigator without a search warrant as it is in plain view on the internet through social media or the numerous other sites where personal, government and corporate data resides. This is called open-source intelligence and is a rapidly growing area of interest to law enforcement and civilian investigators, even involving specialist investigators.

As we observe in our personal lives, technology evolves at a rapid pace. New devices emerge and existing devices migrate to updated features and technology. The evidence available from a device today may not be available tomorrow as a new update may have removed the pathway to the evidence. Alternatively, the evidence that was not available today, may be available tomorrow for the opposite reason. Device models change annually, sometimes more quickly, and new market entrants emerge. What was new today could be in a landfill (or, hopefully, a recycling centre) in several years.

The contents of this book can be used only as a guide. It is not presented as the definitive final version of digital evidence as technology evolves so quickly. It will allow the investigator to understand the forms of evidence that may be available from devices and different forms of technology and expand the understanding of how technology can assist in investigating crime scenes. It also allows them to expand their knowledge with informed questions they may ask of their digital forensic investigators and technology experts and how to apply this new knowledge to their investigation plans.

This book is designed not only for the cybercrime investigator but every detective and civilian investigator who is conducting an investigation where digital devices and potential digital evidence are resident within the scene. In some instances, the chapters introduce specific brands of technology. This is not to indicate a brand is linked to any form of criminal behaviour or dishonest activity but shows the common features of technology across our society. The purpose of discussing specific brands is that they are common and widely accepted across many areas of society.

To help assimilate technology into an investigation, a scenario has been written involving a suspect and many different forms of technology in the scenes. Experienced investigators will quickly identify it as an oversimplification of the process of solving a crime, especially when compared to the cases they have investigated. However, it is written this way with the purpose of showing how technology can be of assistance and what features can provide breadcrumbs of evidence to direct the investigation towards solving the crime.