Some of the best digital-forensics labs don't belong to the police—they're run by banks, tech companies, and retailers.
A highly secured digital-forensics laboratory sits tucked inside an enormous complex of low, boxy buildings in Bentonville, Arkansas. To get in, analysts have to scan their hands and enter a unique password. Inside, they comb through video-surveillance records and spirit data out of devices that have seen better days, like a hard drive that had been crushed with a hammer and dropped from a third-story window.
Despite the sensitive nature of their jobs, these investigators aren’t high-level FBI agents or foreign spies. They’re Walmart employees.
Walmart is one of six companies in the United States that run digital-forensics laboratories accredited by the American Society of Crime Laboratory Directors. American Express has an accredited lab; Target has two of them.
Those companies—and many others that operate labs without formal accreditation—have built up digital-forensics capabilities once limited to law enforcement. They have the tools and the know-how to investigate corporate theft and online fraud, or track a data breach to its source. That might involve extracting information from a locked, encrypted smartphone, or a damaged computer hard drive. Or it could entail analyzing network activity to figure out which employee, for example, is siphoning off sensitive data to sell on the black market.
In many cases, private companies can do this much faster than the police. “A lot of law enforcement-based digital-forensics labs are just swamped,” said Kathryn Seigfried-Spellar, a professor of computer science at Purdue University. “Almost every type of crime—whether it’s homicide, arson, or a computer crime—is going to have some sort of digital evidence associated with it.” As a result, she says, the backlog of devices and data awaiting analysis at police labs can stretch from months to years.
So businesses have taken digital forensics into their own hands. Labs have popped up in big companies across industries, said John Dayton, a forensic researcher at Carnegie Mellon University’s Software Engineering Institute. From retailers to banks, utilities, and technology firms, large companies have taken up forensics work on their own.
In-house forensics allows companies to work faster, cheaper, and potentially better than law enforcement. Labs at large companies are more likely than police labs to have high-tech tools and the latest forensics software, said Seigfried-Spellar. Forensics equipment is expensive, and is quickly and constantly surpassed by new technology. Methods for extracting data from mobile devices, for example, have to be rethought every time a new smartphone with improved security protocols is released.
But corporate labs aren’t limited to digital forensics. Some have expertise in more traditional investigative techniques, like fingerprint or photo analysis. Having capabilities in multiple fields allows companies to solve crimes that affect them, or that occur on their property. A big-box store, for example, can fight organized retail crime by investigating incidents at their stores.
Once an internal investigation team discovers an incident, it will report the case to law enforcement and walk police through the details, said Dayton, who previously worked in the now-defunct National Drug Intelligence Center, an agency in the Justice Department. If law enforcement are preparing a civil or a criminal case, officers will work hand-in-hand with analysts at the reporting company to gather and interpret evidence.
A detailed but unconfirmed post highlighted on Reddit’s official blog last year offers a look at that process. A user called “StiggyPop” wrote about getting caught after stealing about $15,000 in Blu-Rays from a Target store. Target investigators had assembled a file on him, he wrote, and figured out where he lived, what car he drove, and where he resold the stolen discs. He was turned over to the police and charged with grand larceny.
The relationship between business and law enforcement isn’t limited to cases that affect a particular company. In certain cases, Target has said it offers to help law enforcement with its forensics resources for free. Target and Walmart both declined to comment for this story, but in a press release from 2012, Target said it volunteers to get involved with with “felony, homicide, and special-circumstances cases.” In 2008, a Target spokesperson told the Pittsburgh Tribune-Review that a quarter of the cases it worked on were unrelated to the company itself.