Assistant District Attorney Peter Kennedy, left, chief of the Technical Investigation Bureau, and Selena Ley, right, laboratory director of the Digital Forensics Laboratory. Photo: Ryland West/ALM

At a secret location in the Bronx, an army of specialized computers sit, strobing a neon rainbow while technicians work behind locked doors. But this isn't some classified development division of a high-tech titan, or a video game publisher's satellite office. It's the Bronx District Attorney's Digital Forensics Laboratory. Digital forensic investigation is the future of law enforcement, and many district attorney's offices across the country have labs with similar goals. But the Bronx DA's lab is the first accredited digital lab in a prosecutor's office in New York State, and only the fourth nationwide. The accreditation means the lab operates under international and secondary standards and is subjected to audits, peer review and other rigors. The lab is helmed by Assistant DA Peter Kennedy, and Laboratory Director Selena Ley. "Digital evidence bears upon practically every case we handle as an office," said Kennedy, who also serves as chief of the Bronx's Technical Investigation Bureau. "So that's exactly the kind of expertise we add." Both Kennedy and Ley were honored this year for their work on the lab. Kennedy was awarded the Robert M. Morgenthau Award in February, and Ley in March received the NYC Hayes Innovation Prize. Ley oversees the day-to-day operations of the lab while Kennedy describes his job as "bridging the gap between the technical folks and the lawyers." As bureau chief he also oversees other units, including the video and body worn camera units. "Our kind of mission statement is to follow the evidence wherever it takes us," Kennedy said. "We make a really good team because we each bring different skills to the enterprise." From a young age, the prosecutor said he's had an interest in technology and computers and even as a trial attorney always had "one foot in the forensic world." He can't recall if there was a specific case that inspired him to set out to build the forensics lab, but knew the office would need one if it wanted to step into the modern world. "When I first proposed the idea of a digital lab to the district attorney and we discussed the pros and cons of pursuing accreditation or not, we made the decision to pursue accreditation," he explained. "I believe that at some point in the future, it will be mandated that digital labs are required to be accredited. Since we were building a lab, basically from the ground up, it was going to be easier to bake in the accreditation protocols at the beginning of the process." Ley is not an attorney and worked at Merrill Lynch right after college. She was inspired to do something more "impactful" after 9/11. So she went back to school. "At that point in time, there were no computer forensics majors," she recalled. "There were either computer science degrees or legal degrees. And so after a little bit of research, John Jay had the first computer forensics program available. I applied, went to that program, and received my master's." Afterward Ley worked at the Manhattan DA's Office in its computer laboratory, then went to the private sector. She joined the Bronx lab after Kennedy reached out in 2017. The lab initially was built with asset forfeiture funds, and some federal grant money. Since then, they've folded their budget into the DA's Offices' budget, though they still seek outside funding opportunities wherever possible. Since its inception more than five years ago, the lab has tested almost 1,000 devices, Kennedy said. Digital evidence is everywhere, and the lab aids in the prosecution of both street and white-collar crimes. It analyzes a variety of materials, including phones, computers and cloud data. Kennedy and Ley explained their office takes specific steps to avoid compromising evidence. Once devices are transported to the lab they are powered off and sealed in anti-static bags. The lab will not touch the item until the office receives proper legal authority, such as a search warrant, to analyze it. "The last thing we want to do is kind of compromise the integrity of the evidence," Ley said. The device will be placed in a Faraday box, which blocks electromagnetic signals such as Wi-Fi, cellular service and Bluetooth. The top of the box contains a clear window, and the user can then slide her hands into built-in gloves to work inside the box while it remains closed. The technician will then power the device on, and make a copy of its contents. "We're essentially taking a snapshot of that device," Kennedy said. "What I mean by a snapshot is the phone or the tablet or whatever it is should be frozen in time. We don't want to be in the middle of performing forensics and have new text messages or emails coming in." The contents will then be sorted by software and digital forensic examiners who work in the lab. Kennedy described the process as sorting information into "buckets," with emails in one bucket, photos in another, and so on. If the program doesn't recognize something, such as a Starbucks app, Ley said the examiner is there to catch it and write new scripts to parse that information if it's relevant to the investigation. The office uses gaming computers because they're fast, but also cheaper than their forensic counterparts. "The gaming machines were half the price or less of what you would pay a forensic company, and they do basically the same thing," Kennedy said. "So that's part of the reason for all the fancy lights and stuff, but basically they're just very, very powerful computers." Kennedy added that the office keeps very meticulous chain-of-custody records, and to this day has never lost a piece of evidence. In addition to working with mobile devices and computers, Ley said they also process and analyze search warrant returns for cloud information from Apple or Google. While the lab is in a secure location, all of the work is additionally protected. "We are cautious that none of our tools, unless it's designated to reach out to the internet, touches the internet," Ley noted. That is not only to safeguard the process but to ensure that certain contraband evidence, such as anything involving child sex abuse, known as CSAM, is contained. Kennedy and Ley said one of their biggest ongoing challenges remains the constant evolution of technology. "It's important for us to stay on top of changes in technology, both in terms of the way that people are using technology, and the kinds of information that we can get from the devices that we analyze in the lab," he said. They continue to confront perpetrators "going dark," a term that's come to describe impediments law enforcement face in obtaining evidence from devices due to encryption. While the office may have the legal authority to analyze devices in certain cases, the ease with which users can now encrypt communications means that often investigators are left with little more than "gobbledygook," as Ley put it. Still, there are workarounds.

Journalist Emily Saul demonstrates how to use a Faraday box for extracting evidence. Photo: Ryland West/ALM

Ley said that while they may not have one device or have access to that device, if they know the phone number of that device, they can subpoena call detail records and cell site location information to show whether a device was or was not in the area of a crime. "There have definitely been times during the course of our work where we came across pieces of evidence that broke a case open, or maybe encouraged a defendant who was otherwise not inclined to plead guilty to plead guilty because they saw that we had very compelling evidence against them," Kennedy said. While they declined to cite specific cases, both recalled instances in which evidence obtained by the lab exonerated and inculpated people. In one instance, a woman was cleared because the metadata from photos she took on her phone showed she was not in the state at the time of a robbery. In another, a voice memo recovered from a defendant's phone undermined the defense theory of the case and strengthened the prosecution's case. Kennedy said the lab also occasionally uncovers evidence of other crimes while analyzing devices and winds up back before a judge seeking additional warrants. "So say, hypothetically, we have legal authority to search a device for evidence of a robbery, and as we're searching the device we come across CSAM or other contraband, such as evidence of identity theft," he said. "We would have to go back before a judge to get a new warrant to search for that particular evidence." Looking forward, Kennedy said he expects the cat-and-mouse game between technology companies and law enforcement to continue. "It's always a back-and-forth between the technology companies, who make things like smartphones—your Apples, your Google—and the security measures that they put on their devices, and then the forensic community, whose job it is to try to gain access to those devices," he stated. "But that's one of the reasons we created our digital lab in the first place: to help get that evidence when we can and then aid the office in managing it. We have to be able to do that in order to pursue the fair administration of justice."