Jan. 19, 2022

Home Invasion Robberies, Environmental Crimes, and Computer Forensics

Links from this episode:

US Secret Service Cyber Fraud Task Forces

The Hot Sheet - Business intelligence for career authors since 2015.


This episode would not be possible without the support of the following Patreon Patrons:




This week on the writer's detective bureau, home invasion, robberies, environmental crimes, and computer forensics. I'm Adam Richardson. And this is the writer's detective bureau. Welcome to the bureau. This is episode 116 of the writer's detective bureau. You know, that the podcast dedicated to helping authors and screenwriters write professional quality crime related fiction. And this week we are going to talk about how to link home invasion robberies across multiple jurisdictions,

investigating environmental crimes and the realities of computer forensic investigations. But before we get started, let me give, thanks to my Patrion patrons for supporting this show, especially my gold shield patrons Debra Dunbar from Debra Dunbar.com CC Jameson from CCJameson.com, Larry Keeton, Vicki Tharp of Vickitharp.com, Larry Darter, Natalie Barrelli, Craig Kingsman of CraigKingsman.com, Lynn Vitale, Marco Carocari of MarcoCarocari.com, Rob Kerns of knightsfallpress.com, Mariah Stone of MariahStone.com, and Aurora Jacobson for their support along with all of my Silver Cufflink and Coffee Club patrons, you can find links to all of the patrons supporting this episode by going to the show notes at writersdetective.com/116, and to learn more about using Patreon to grow your author business,

or to support the show, check out writersdetective.com/Patreon.

Let's jump right into our first question this week from USA today, bestselling author, Annette Dashofy who writes: Hi Adam, First, thank you so much for all you do for the crime fiction writing community. In my current work in progress, a series of home invasions have taken place.

The crew has hit three houses in one city, moved on to a different city in a different state and hit three more. And now in the third city, another different state repeating the pattern at this point in the story, two robberies have occurred in this third city. I want my police detective to discover the similarities of his city's break-ins to those of the other two.

Is there a database he might use to make the connection? If so, what database is it and what kind of information would he enter into it? Thanks for the help. Great question. And net, there are a few databases, but they aren't necessarily comprehensive. In previous episodes of this podcast. I've talked about how each department has some sort of in-house records management system or RMS that we use to type up and catalog all of our reports.

Each department is essentially a silo of in-house reports only within the last decade. I'd say maybe a little bit longer than that, but only within that last decade, have we started to connect these silos of data? Now some venture capitalists from Silicon valley would probably describe this opportunity as synthesizing data silos or proprietary SaaS solution that offers increased data analytics or some such crap,

right? This is why I'm a cop and not working in the Salesforce tower, I guess. But I digress. There are a few different services that essentially act like a card catalog going old school librarian here to search. And in some cases see the various reports of different police agencies around the country. So if you search for keywords like home invasion, robbery,

and whatever key word best describes something unique to your emo, there's a chance you may get a hit based upon whatever wordings in the report that the system can see. So you're really doing a query for words in different police departments report database. That makes sense. Now, the problem with these software solutions, sorry, programs is that a, they are only as good as the agencies that they have connected to them.

B even if the agency that needs to be in there is connected. It may be a needle in a haystack situation where you're getting too many hits in your search and paring down those results will be the key and see if the suspects change their emo or the officer doesn't mention the specific thing you're looking for in that report. You won't make that connection, which brings us to the more old school way of doing things.

And it's something that we still do to this very day, several times a day. And that's sending out a bulletin, an APB, a BOLO, a BOL, an RFI, a wander poster, a teletype, or whatever you want to call it. Even if it's just a plain old email. Now, the teletype was the original way of doing this well,

actually correction, the original ways the good old fashioned wanted poster, right? Tacked up at the town post office and outside the sheriffs single jail cell, like a real Western movie. But the teletype was the original computerized way of sending official messages between police agencies around the world, or at least around the country. And it's still done to this day using the same computer system.

We use to look up license plates, run criminal histories, or add a runaway juvenile to the missing persons database. We can send entire regions a text only message that will go to every police agency in the region that you choose. So I can send out a bulletin to just the west coast, just to California, to the entire country. Like if I have that series of home invasion robberies,

I might send out a request for similar cases involving home invasion robberies, and my specific emo and someone working a similar case reaches out to me more often than not nowadays, we will also create a PDF or word doc with whatever pictures we have to create that bulletin the shortcoming of the teletype system is that it is text-based, but we will create an email essentially,

or a create a bulletin that can be emailed. And then we either use a DHS department of Homeland security fusion center, or one of the risks, net information clearing houses to send it out to their vetted mailing list of, of investigators. Now to learn more about risks, clearing houses, check out episode 70. And that episode was titled boot, deconfliction,

and pending further leads. As for the DHS fusion centers. I will go into a lot more detail about what they are and what they do in our next episode. So stay tuned for that. So, yeah, and that putting out a bulletin and a teletype would be key and yes, by all means log in and search whatever RMS linking databases your character might have access to.

And now you're like, okay, but what are those right? Examples of those would be Coplink, which is all one word links. L I N X, which is run by S yes, that same NCS and Lexus nexus has a product called accurate virtual crime center. Now not every agency will have access to all of these systems or even one of these systems because it requires the police department to agree to share their data with that service,

as well as set up the programming for the two systems that in-house RMS system and the, whatever it is, ABC Coplink or links or whatever to work together. So there is a bit of an it backend that needs to happen in order for you to essentially, as a police agency, in order for my department to get access to one of these systems,

the deal is essentially that we're going to allow our data to be part of it. So it's not just, Hey, we paid for a service or something like that, that we actually have to do some programming stuff to get these two systems to talk to one another. So that's kind of the rub, and it's the reason why that even a decade or two into this attempt to bring databases together,

it's still kind of in its infancy. And a lot of that has to do with the mandated security requirements. We have to make sure that these databases stay secure. And that's the reason why it's very slow going. And I wanted to mention that years ago, I actually had exactly this scenario that you described and that I had a series of home invasion robberies with a very specific Mo and a very specific victim type.

And that series went cold fast forward a year or two later. And I got a cold call from the FBI on the east coast, where they had picked up a guy for something completely unrelated. And he was looking to make some sort of deal to not spend the rest of his life in federal prison. And when asked what he can offer, he explained how he was part of a robbery crew that went from this city to that city,

that city. So when the FBI called and asked if I had reports on this series that match this Mo I can tell you that I was beyond deleted because it turned to turn, Hey, it turned into a federal case, but then I got to clear them off my case load as being solved. So if there is a moral to the story, it's that I would rather be lucky than good any day.

Renee Gendron asked this question in the writer's detective Facebook group, hello. I write multiple genre, romances, including mysteries and crimes. I'm writing a series where the detective leads our environmental law enforcement officers, environment, Canada ministry of Northern development, mines, natural resources and forestry province of Ontario. I was wondering if anyone could share insights into the threshold of investigating an environmental crime pollution,

illegal dumping of controlled substances, poaching, et cetera, whether in the U S or Canada or elsewhere, does it go by how many public complaints there are media environment, NGO pressure, government priorities to investigate a particular type of crime, et cetera, any insights, if there are distinctions nuances, tricks of the trade for environmental crime investigation compared to homicide robberies,

sexual assault investigations are warmly welcomed. Also any insights into staffing and resources compared to community law enforcement, RCMP, opp, local city police Sheriff's, et cetera. Thank you. Environmental crimes are no joke, Renee and your characters will think that way, too. We in the traditional police agencies face the problem of too many cases and not enough resources to work them all.

You focus on trying to solve the worst crimes, obviously. And if you lack the resources, the lesser crimes end up not being investigated, but that's usually not the case with environmental crimes. It's been my experience. Having been tangentially involved in a few EPA cases where it was federal EPA and California EPA, and even wardens and Rangers of the various agencies here in California.

I can tell you that they are seriously diligent in working any reported environmental crime, regardless of whether or not the media or NGOs or anyone like that are involved. And the prosecutors are very keen on filing these cases in court. Now, these agencies are very often smaller sized agencies compared to more traditional law enforcement agencies, but they will very often, at least in my experience with the federal EPA will come in with plenty of staff and resources on a more local level.

We thought we were being creative with this, but I can tell you that I've personally seen an outlaw biker face, stiffer fines and jail time for pouring used motor oil down the drain than for the stealing of the $30,000 Harley Davidson that that oil came out of. It's been my experience. That one complaint is enough to prompt a response out to the scene and launch a full-scale investigation back when meth labs plagued California.

It wasn't jail time that these meth cooks were scared of. It was the hundred thousand or at least the property owners. It was the hundred thousand dollar cleanup bill that came with disassembling a meth lab. And before you even ask, I got you. Most of the meth labs are now in Mexico, at least for a, what we see here in California.

But as for working these cases, they may set up surveillance or game cameras like hunters would use in the area to see if the suspect came back. Especially if they think they're dumpsite or illegal hunting spot or whatever hasn't been discovered yet most of the time, whatever was used to damage the environment is something tangible that can be collected and analyzed. So that's always a plus for solving crimes as well.

I do think that you have an interesting story series premise on your hands, because most cops, when they encounter these kinds of cases need to call in the experts, your experts, because a lot of times these crimes aren't listed in the regular penal code or vehicle code in your experts are going to be the ones that are able to really bring the full weight of the law with them.

Just a quick war story. I was on surveillance once and saw a guy roll this. Like it was actually six of them, six red, 55 gallon size drums or bins. Really. They were just like big garbage cans, rubberized garbage cans on wheels, but they were clearly labeled biohazard and they came out of a medical clinic and he loaded them into the back of a rented moving truck.

Now I'm not going to mention the name of the company, but the truck was what you might rent to move your kids furniture out of a dorm room, not hall bio hazardous waste. Now, to be clear, this was totally unrelated to what I was doing surveillance on, but I ended that surveillance in order to follow this guy for about 60 miles before I was able to get a highway patrol officer to get him stopped.

And the only thing that chippy could, sorry, the California highway patrol officer could figure out to cite him for was the vehicle code section for using a non-commercial rental truck for hire and not having the required, like for higher number on the side of the truck. And which is what the department of transportation requires. And also not having the hazardous waste placards on the sides of the trucks.

So I used that ticket from the highway patrol officer and the pickup schedule that this guy's paper, the paperwork that this driver had, as well as photos that I took to get the state and federal EPA agencies to start looking into that company. I mean, personally, the last thing I want to worry about when I rent a truck to move my junk is if the last guy used the truck to haul a bunch of hazmat stuff,

right? So I would expect your characters, Renee, to be the experts that the local cops call when they have an environmental crime on their hands. And that the locals don't really know what to do with. And I can see you getting really creative on all the different crimes that there'll be able to encounter. And why thanks so much for the question.

Bonnie Harris also asked a great question in the Facebook group that I wanted to answer. Vani wrote, how does it work when they find a flash drive or laptop child porn? In this case, in my story, detectives hand them to the tech and the surveillance fan. They immediately find the nastiness. And then what you'd think it would be that simple,

right? Funny find contraband arrest, bad guy, right. Kind of reminds me of the arrest reports and old timer on my patrol squad used to write arrest for the example, I'm remembering is an arrest for 6 47 F of the penal code, also known as drunk in public. And it literally was narrative quote saw drunk period arrested, same period and quote would not be nice.

The reality when it comes to digital evidence on a device like a computer hard drive is that we need to be concerned with two things. One that we have a search warrant, a computer hard drive is treated just like a locked box. There's an expectation of privacy there, and we need a search warrant to get inside it or to search inside it. And number two,

the best evidence rule. When we bring evidence to court to prove the elements of a crime, we need the best evidence we need the evidence just as it was when we found it. The way we do that in computer forensics is that we make an identical copy of the hard drive. Then any searching or analysis that we do for pictures or videos or keywords or emails any searching is done on the copy,

not on the original evidence. Investigators will create a hash value for the hard drive as it was found. Now you can Google the term MD five hash to get a basic understanding of what a hash is all about, but you can think of it as an algorithm that acts like crime scene tape, tamper resistant crime scene tape, if a single bit, not even a bite,

like a bit is changed on that hard drive. Let's say you, I mean, to create kind of a, more of a mental picture. If you went into Photoshop and you changed a single pixel in a picture from the color eggshell to ECRO that little change out of this whole entire picture will completely alter the hash value. It will completely change this long string of letters and numbers,

making it immediately apparent that something was changed on the hard drive. Kind of like you put a piece of crime scene tape to seal it against tampering. This is our way of showing that the hard drive has not been tampered with. So when it comes to a jury trial and you know, if push came to shove on proving, we didn't alter anything on the hard drive.

The detective could demonstrate every step of the investigation to the jury and have the same results. Every time they could run the hash value on the hard drive that's in evidence and see that it hasn't changed since it was originally seized and hashed. And then they could make copy on a blank hard drive, and then they could run their searches on that copy and show the jury just what was found.

And they could do that over and over again, and still get the same result. One of the more popular digital forensics tools in use when I was dealing with our high tech crime investigators was a program called encase made by guidance software. I don't know if that's still the tool of choice, but that might get you started down the research rabbit hole. If you need it.

I should also mention that the folks that work these cases are most often detectives that have been trained to do computer forensics. They are not the it department that keeps the computer on your desk working. And the reason for that is they have to testify in all sorts of criminal cases. They write police reports as to their findings, and they have to understand all of the applicable rules of evidence and search and seizure.

One of the key things that these detectives do in their searches is look for files that have been deleted. Now, when you and I use our computers and drag something to the trash or hit the delete key, and then click, yes, I really want to like double delete it. Or you accidentally double deleted your entire manuscript and you can't find it anywhere on your hard drive,

right? Nine times out of 10, the file is still on your hard drive. When we, the normal computer users of the world hit delete, it's like going to the library and it's not that we went and pulled the book off the shelf and threw it in the trashcan. It's that we've removed the card from the card catalog that points to the book.

It's the one little thing that tells us where it is on the shelf. So when we hit the delete key, it's like removing the card for the book we want from the card catalog, but we leave the book on the shelf. We've removed the way that our computer can go find it, but it's still there to go back to the library analogy.

It's still there until the remodel happens, right? And they remove all the books in that section in order to store new ones there, which would be the equivalent of overwriting, that section of a hard drive with new data. So I hope this is making sense. I know it kind of mushed my metaphors around, but if you deleted a file and you go into finder on a Mac or windows Explorer on your windows machine,

and it isn't there anymore, it just means that the computer can't point to it anymore. But our trained computer nerds, I mean, detectives has the tools to go in and see everything still on the hard drive, regardless of whether we think we deleted it. I hope that makes sense. Now, if you're writing about a smaller police agency, it's very probable that they do not have a digital forensics lab,

the United States secret service. It does have taskforce style, computer forensics labs throughout the country that are staffed by secret service agents working alongside local detectives. I should also mention that these computer forensic or digital forensic searches are often seriously backlogged and getting a result back will likely take longer than your wait for DNA results from the crime lab. I will link to the us secret service page on cyber investigations and their cyber fraud task forces in the show notes,

which you can find by going to writers, detective.com forward slash 1, 1 6, the way these investigations usually unfold when it comes to the child porn stuff, is that the detective somehow learn of the existence of child porn or CP is the way that we usually abbreviate it on the suspect's computer. If that info is credible enough for a judge to believe we have probable cause the judge will sign our search warrant.

And then we go to where the suspect's device or devices are. And we seize them pursuant to that search warrant and then arrange for digital forensic examination of the device or devices to occur pursuant to that search warrant. Copy following me. And then a prosecution is only going to happen if we find evidence of CP on the device. And we won't know that for sure until the high-tech crime lab completes that exam,

which may take weeks or even months, which means no one usually gets arrested until the exam is completed. The reason why I bring this up is that in two cases that I have firsthand awareness of once the investigator served the search warrant and sees the computers and phones and stuff and left those suspects decided that they'd rather not wait to be arrested, go to trial or see the inside of a jail cell.

All right, before I go, I want to mention one of my favorite newsletters that I've paid to subscribe to for several years now, it's called the hot sheet. Their tagline is business intelligence for career authors since 2015, if your new year's resolution had anything to do with treating your writing as a business this year, I highly recommend subscribing to the hot sheet.

In my humble opinion. It's pretty much the trade magazine for self-published authors covering top headlines in publishing relevant to writers. In-depth articles that offer insight for authors, trends, summaries, and even announcements of new publishing imprints, literary agents, reviewers podcasts, you name it. It's $59 a year, and the hot sheet hits your inbox every two weeks. If you'd like to check out a recent issue for free and get two free issues,

if you sign up, you can use my affiliate link to check it out. By going to writers, detective.com forward slash hot sheet. This is the year to level up your writing business. And there's no better way to stay on top of this business than the hot sheet. Thank you so much for listening this week. This show is powered by your questions.

Send them to me by going to writers, detective.com forward slash podcast. Thanks again for listening. Have a great week and write well