How Digital Forensics Software Is Bringing ‘CSI’-Type Work to Real Life

Almost all crime is committed with some level of digital involvement, and most criminals have digital devices — whether it’s Google Maps data or a messaging app like WhatsApp — and leave digital clues.

by Eric Holdeman / May 10, 2019

As mobile phones continue to evolve to hold more data, support a larger number of apps, and increasingly utilize cloud storage, so too does the scope of crimes that can be committed using mobile technology. Digital forensics uses data from devices to help law enforcement and federal agencies solve crimes and businesses protect their data and intellectual property. Lee Reiber, COO of Oxygen Forensics, has more than 20 years of experience in the field, and he responded to a series of questions about digital forensics.

What is digital forensics and what role is it playing in our digital world today?


It is a bit like CSI work. Only instead of fingerprints, DNA and physical clues like muddy shoe prints or blood, it’s bits of digital breadcrumbs and clues. For law enforcement, this means digital evidence that can help identify or convict a suspect, and for enterprises, it can help them recover from a breach or hack, or aid in compliance and regulatory matters. For example: location data (based on GPS data from the cloud or a third-party app), messages sent and received, and thumbnails of photos taken, even if they’ve been “deleted,” are all examples of data gleaned from digital forensics.

Almost all crime is committed with some level of digital involvement. Whether it’s Google Maps data, a messaging app like WhatsApp, or photos, most criminals have digital devices like everyone else. These personal, digital devices like phones, as well as peripheral smart devices (like a smart refrigerator) play a part in our field, and all of these pieces of data can be collated and analyzed by digital forensic experts for evidence.

Forensics seems to imply that work begins “after” there is an incident. How can digital forensics be used as a prevention tool?

Digital forensics software may be used to actively track known subjects before they commit a crime, or in gathering intelligence on groups of organized crime. The Drug Enforcement Agency (DEA) uses digital forensics software to track burner phones used by cartels, which traditionally gave cover for nefarious communications and drug trafficking. As data-collating capabilities have improved, so too has law enforcement’s ability to pre-emptively track criminals and fight crime.

On the enterprise side, digital forensics can identify a breach or security lapse, uncover the reasons for it, and then make recommendations to strengthen systems so that something similar doesn’t happen again.

How can organizations, by having policies and procedures, help with being able to use digital forensics?

Well, it’s extremely important to have policies in place about device usage. If your employees, for example, have connected to your network, you need policies in place to be able to analyze that data in the event of a breach or IP theft. An employee’s use of personal phones on a company’s network becomes the responsibility of the employer as soon as they transmit and receive data on their network. This data could pose a great liability to the company, should that data be company details or other content, nefarious or not.

Briefly explain the software product that you have that assists in digital forensics and what types of organizations would be ideal candidates to use the software. Pricing is always an issue. Is it scalable based on the size of the organization?

Oxygen Forensic Detective is the ultimate platform for digital forensic investigations. It matches the changing nature of digital information and personal computing (i.e., toward cloud storage and many connected devices) by allowing users to collect, decode, parse and otherwise analyze all manner of digital bits of information.

Whereas computers used to be the primary source of digital data (hard drives, etc.), now most people work, communicate and browse online with mobile devices that are tethered to servers in the cloud. Thus, any worthwhile digital forensics tool must be able to interact with a multitude of device types (smart home speakers, wearables, drones), operating systems and apps, and then extract data from them in an organized, easy-to-interpret manner.

Oxygen Forensics software is used by U.S. state and federal agencies like the IRS, DEA and DHS, police departments worldwide, and corporate clients. For large-scale users, there is an enterprise version of Oxygen Forensic Detective.

As to what type of organization are ideal candidates for software, it comes down to a simple question: Do you or your employees do business or connect to your business network on mobile devices? If the answer is “yes,” Oxygen Forensics can do wonders for protecting you and your information.

Who uses the digital forensics information that you gather? How is it used? What specialized training, if any, is required to use your software?


Our software is used by detectives, investigators, expert witnesses, as well as corporate professionals to collect digital data that assists investigations into crime, cyberattacks, and any other activity under scrutiny that leaves a digital trace. We make it so that mass amounts of collected data can be easily collated, sorted, searched, and compared against other blocks of data.

Very little specialized training is required to use Oxygen Forensic Detective software because the user experience and interface is so intuitive, but we have a robust training process. We want our customers to be able to effectively use our software. And, oftentimes, customers come to us and ask for functionality or features, and we always work hard to incorporate those requested additions or improvements. Our customers are really our best assets for product development.

I would think that you need folks who can quickly and accurately access, parse and decode the data, but also analyze it for the necessary evidence. Cybersecurity staffing is an issue everywhere. What is the need and availability of staffing for people who can perform forensic investigations?

Many industries are facing qualified staffing shortages, including the cybersecurity space. Many are turning to AI and automation to help bridge the gap. One thing to remember is that investment in skilled labor (the long game) is very important, as well as thinking beyond the local/regional workforce. So much can be done remotely today.

For digital forensics specifically, we have strong training programs so you can use our software and apply the data, reach conclusions and take action without specialized education or technical acumen. We work with a lot of state and local law enforcement entities that simply do not have the time to teach their detectives and officers how to code, or something like that. So an intuitive software is crucial for us.

The amount of data that is being created is exploding. Even for smaller organizations, when you think of all the mobile devices, there should be terabytes of information. Is screening in real time possible?

Yes, totally. There is a ton of data being created, no doubt about that. But with powerful, comprehensive software (like Oxygen Forensic Detective), culling through mountains of data is easier because sorting, comparing and otherwise manipulating it to glean relevant insights is so user-friendly and simple.

To your point about real-time screening: Some of our clients do use our software to do things like keep track of burner phones being used by drug cartels, which is like a never-ending shell game. With Oxygen Forensic Detective, they can identify commonalities and “keep up” in real time. We have built-in filters that allow our users to narrow the focus to the data they are most interested in, show common contacts, develop watchlists and aggregate data. This helps triage the enormous amount of data found in today’s digital devices.

Is there anything else about the field of digital forensics that you would like to add?


Just as the digital landscape is evolving rapidly, so too is digital forensics. Technology is amazing, and every day it’s changing our lives for the better. But with those benefits comes the ability to exploit those technologies for criminal or negligent purposes.

The growing glut of data means investigators must be able to home in on which bits matter, faster than they have in the past. There are fewer opportunities for crime that don’t leave some sort of digital trace, and Oxygen Forensics is on the forefront of powering “the good guys” to solve crimes, understand cyberintrusions and remain on top of nefarious actors.

Bonus Question — if it applies. How might digital forensics play a role in assisting emergency management agencies before, during or after a disaster?

Digital forensics helps any investigation or operation establish the who, what, when and where of an incident, using digital clues and information from a diversity of sources. Just as it is used by law enforcement to detail a crime, the technology can be applied to disaster scenarios in order to locate missing persons, define mobile device activity in a specific area, and even track down images or video captured during an event.

Eric Holdeman is the former director for the King County, Wash., Office of Emergency Management and now blogs at www.disaster-zone.com.