IT Governance Business Case GrayKey Digital Forensics Tool Police Department
Background Durham Police Department (DPD) Digital Forensics Unit conducts cellphone extractions to supplement investigations by recovering potential evidence and/or leads to further the case. Not only do these extractions assist in investigations, but they can also lead to valuable intel that can link people together. Since 2008, the unit has used Cellebrite for these extractions, and is currently using the Cellebrite Universal Forensic Extraction Device (UFED) Touch 2.
Current Business Problem •
DPD's Criminal Investigations Division needs the capacity to extract evidence from as many cell phones as possible during the PD investigations.
•
Cellebrite UFED Touch 2 cannot bypass the passcode on any locked iPhones past the iPhone 4 (iOS 4.0). It also cannot bypass locked Android devices higher than 8.0 (Oreo)
•
2019: 138 cellphones examined, 26% of all cellphone platforms were unable to be extracted due to not being able to bypass the passcode.
•
2020: 103 cellphones examined, 31% of all cellphone platforms were unable to be extracted due to not being able to bypass the passcode.
•
2021: 177 cellphones examined, 32% of all cellphones platforms were unable to be extracted due to not being able to bypass the passcode.
Current Business Problem Continued •
The investigators continue to bring in cellphones into the unit, even if they know that if they cannot obtain a passcode from the device. They are still able to obtain data from the phone’s SIM cards.
•
Cellphone examinations are now one third of the unit's overall duties, and the percentage of cellphones from which the unit is unable to obtain data is continuing to grow.
•
Unable to obtain crucial information such as location data, photographs, videos, call logs, text messages, social media accounts, emails, identifiers to show who owns the phone, etc.
Current Pain Points •
Lack of having best forensic practices in cell phone extraction methods is impacting investigations.
•
Lack of having rapidly advancing technology and security measures implemented by cellphone manufacturers is also impacting investigations.
•
If an Investigator is unable to get the passcode from family for a homicide victim's cellphone, the digital unit has no way of bypassing the passcode on the phone. - Crucial information that could lead to a suspect is unable to be obtained.
Desired Business Value City of Durham’s Strategic Plan Goal: Innovative & High Performing Organization Initiative: Develop and implement a continuous improvement model that includes evaluation and process improvement to analyze and improve City • services Provide DPD with ability to extract data from 83% of cellphones obtained in
the course of investigations.
•
Find the evidence needed to arrest more offenders.
•
Solve more cases, providing justice & closure for victims of crime.
Future State Benefits •
Go back through old cases involving locked cellphones in an attempt to retrieve new information.
•
Complete extractions faster and get more thorough extractions.
•
Perform cellphone extractions with little interaction, allowing other examinations to be performed such as video retrievals (Therefore an increase in completed casework in less time.)
•
Assist Investigators in more cases involving cellphones.
•
Durham Police Department will be able to access approximately 83% of phones received for investigations.
Future State Benefits Continued... •
The ability to obtain more thorough extractions of Android and Apple devices that is not possible with current equipment. •
Such as obtaining deleted data, user passwords, location metadata
•
GrayKey makes it easier to get Android phones into "Download Mode" which enables data to be extracted from the cellphone.
•
Continuous support on new device models – GrayKey works to add extraction support as new devices are introduced.
•
Software updates come at no additional cost
•
Grayshift does market based research to see what phones are most likely to be obtained in an investigation and prioritize providing support for those devices
Recommended Solution and Analysis
Recommended Solution: GrayKey Digital Forensics Tool
Description
GrayKey is a cellphone extraction product that is designed to access locked cellular phones and mobile devices in order to extract data to be used for criminal investigations.
Pros
• Regular software upgrades continue to provide broadening extraction capabilities on a growing number of operating systems for numerous cellular phones and mobile devices. • Integrates with Cellebrite software which allows the extracted data to be accessed. • 24/7 technical support and trainings are provided with no additional cost
Cons
• Newer Apple cellular phones and mobile devices with the most recent operating systems are still unable to be unlocked.
Graykey Digital Forensics Tool: Financial Estimate COST ESTIMATES Description
FUNDING
Year 1 Costs (Hours)
Annual Run Costs (Hours)/ KTLO
Departmental Funding Amount:
$0
Labor $ (Hours) Internal TS:
30 hours
5 hours
Business Analysis
10 hours
0 hours
TS Services
10 hours
5 hours
Project One Time Costs
TS PMO
10 hours
0 hours
Project Run Costs (External)
$27,995
15 hours
10 hours
*Total Project Funding Requested for Year 1 *Recurring Costs
$28,570
Internal Department: Police External: Professional Services
$0
$0
$500
$0
$27,995
$27,995
$75
$0
Funding Requested (Y/N):
Non-Labor $ Hardware: Software: Other:
*Total Project Funding Requested (External), includes External Year 1 Run Costs and Non-Labor
Y
$575
$27,995
Risk Identification Description of Risk
Risk Impact
Mitigated (Y/N)
Contingency(Y/N)
Poor execution
Low
No
Yes
Project team turnover
Low
Yes
No
Vendor performance
Low
No
No
Cyber Security
Low
Yes
No
Mitigation Risk (Costs) •
No cost
Contingency Risk (Costs) •
No cost
Our Ask
We are asking the IT Governance Steering Committee to approve the business case for the Police Department Graykey Digital Forensics Tool for submission to the City Manager for approval and funding through the BMS department.