Investigator Spotlight

An investigative analyst from the U.S. Attorney’s Office shares how digital evidence is a lifeline for law enforcement and a game-changer for investigations.

US Department of Justice Seal

In this month’s Investigative Q&A, we spoke with Paul Swartz, a retired Sergeant from the Intelligence Division of the Newport News Police Department and currently an Investigative Analyst at the U.S. Attorney’s Office, who shared his insights into the evolving landscape of investigations driven by digital evidence. Swartz discussed dynamic shifts in investigative procedures, the rising importance of adaptations made in response to encryption challenges, and the role of PenLink in enhancing investigative efficiency.

Q: How has the investigative process changed over the last three to five years?

A: The investigative process continues to evolve, even quite significantly in the last few years. For instance, the 2018 Carpenter v. United States case mandated warrants supported by probable cause for cell-site location information (CSLI), which drastically reduces its use in investigations. Formerly, CSLI was pivotal, but now only comprises a fraction of pen registers and call detail record (CDR) requests. This change complicates early-stage inquiries lacking probable cause, hindering suspect-location determination.

Additionally, the timely availability in granting access to subscriber records and CDRs from telecom providers has transformed investigations. Before, delays in acquiring phone records stalled investigations by making it difficult to follow up on investigative leads and determine whether targets and/or witnesses were telling the truth during interviews. These delays gave an advantage to criminals, who used multiple untraceable phones. Now, automated systems provide expedited access within hours, allowing investigators to swiftly identify replacement phones used to evade detection.

These developments significantly impact investigations, making probable cause crucial for CSLI and offering rapid access to phone records to counter criminal evasion tactics.

Q: What is the impact digital evidence has on clearing your cases?

A: The impact of digital evidence on clearing cases is multi-faceted, particularly concerning different legal standards. Police agencies often consider a case “cleared by arrest” when it meets the probable cause standard, yet court systems require proof beyond a reasonable doubt for conviction. In this context, the role of digital evidence is pivotal. Obtaining, analyzing, and presenting digital evidence significantly contributes to meeting the higher standard of proof during investigations and prosecutions.

Digital evidence also serves as a crucial component in reaching the elevated legal threshold necessary for convictions. Through its presentation in court, it bolsters the case, helping to establish accountability and secure convictions against perpetrators. Tools like PenLink become instrumental in this process, aiding in the collection and analysis of digital evidence and ultimately contributing to the securing of convictions that adhere to the higher legal standard. As technology advances and digital footprints become more prevalent in criminal activities, leveraging digital evidence becomes increasingly fundamental to meet the stringent requirements of the court system and ensure that justice is served.

One key aspect is that using PenLink to aid in the collection and analysis of digital data prevents burnout. Detectives no longer have to endlessly wait, growing frustrated and losing leads. Instead, we can quickly analyze phone records, identify patterns, and gather new leads. This is especially valuable in cold cases, where we’re constantly looking for new leads to bring these cases to a close.

PenLink doesn’t just save time; it brings closure to cases. It allows us to work on solvability, increase efficiency, and most importantly, serve justice promptly. And it’s not just about time—it’s about providing answers to victims and their families, ensuring that suspects are held accountable, and making our communities safer. So digital evidence isn’t just a tool; it’s a lifeline for law enforcement that makes our job more efficient and effective. It’s a game-changer for investigations.

Q: Research shows that investigators believe that digital evidence is more important than DNA evidence. How would you compare the two evidence types?

A: While my direct involvement with DNA evidence is limited due to my focus on drug trafficking investigations, I acknowledge the critical nature of both digital evidence and DNA in successful law enforcement operations. In the current CSI-influenced environment, juries expect and value both forms of evidence. A shared challenge for law enforcement is the backlog in forensic laboratories, which leads to lengthy examination periods for both DNA and digital evidence.

DNA is typically used to link individuals to crime scenes, whereas digital evidence not only connects perpetrators to the crime but also reveals extensive details about their activities and private life. As the Supreme Court noted in Riley v. California, digital evidence can be used to reconstruct a person’s complete private life. With the vast amounts of phone call records, IP metadata, emails, CSLI, GPS data, social media content, and wiretap transcripts in T-III on offer, tools like PenLink become necessary for streamlining and enhancing the review and analysis of all that digital evidence, making investigations more efficient and effective.

In my experience, while DNA serves to connect individuals to specific crime scenes, digital evidence provides a broader scope, unveiling intricate details about a perpetrator’s overall criminal activities and personal life, which emphasizes its substantial significance in contemporary law enforcement operations.

Q: How has PenLink made your team more efficient?

A: PenLink has significantly enhanced the operational efficiency of our team. Initially, our law enforcement agency faced inefficiencies in its use of disparate systems for the collection and analysis of communication data. Acquiring the PenLink wiretap system has streamlined our processes, eliminating the need for multiple systems and providing a comprehensive solution for all communication data analysis. This integration has saved us significant time and resources, facilitating seamless collaboration among task-force members.

The transition from legacy systems to PenLink has been transformative. PenLink’s consolidated database not only combines telephone call detail records, IP metadata, emails, CSLI, GPS data, social media content, T-III wiretap transcripts, and financial data, but also offers advanced functionalities like Pen Proxy, PLX Connect, Case Overlap, and PenPoint, its mobile app for streamlined operations.

This comprehensive platform has revolutionized our investigative approach, enabling everything from efficient analysis at the inception of a case to proactive investigations and, ultimately, the presentation of compelling digital evidence in court. The consolidation of multiple agencies’ data into a singular database through PenLink makes invaluable insights and connections possible, accelerating case resolution and supporting robust criminal prosecutions. Ultimately, the implementation of PenLink has significantly optimized our investigative and analytical capabilities, enabling a more streamlined and effective law enforcement operation.

Q: What is your favorite PenLink tip or trick?

A: A valuable tip I’ve found in PenLink involves utilizing Record Flags and Labels to efficiently manage and categorize the vast amounts of evidence obtained from T-III wiretaps and digital sources like cell phone forensic files and social media data. At the HIDTA in Hampton, Virginia, customizing Record Flags beyond the default options has been instrumental. We’ve established nuanced categories such as Super Pertinent, Pertinent—Drug Amount, Pertinent—Money Amount, and No Conversation to prioritize evidence levels based on importance to our investigation and reporting needs.

Furthermore, the extensive use of custom Labels has proven invaluable to us. While Record Flags offer a broader view, Labels enable detailed categorization. In a landscape flooded with digital evidence, these Labels facilitate the identification of leads, aiding in court reporting and supporting the drafting of legal documents. Using main categories and sub-categories within Labels—like Asset, Communication, Crime, Drug, Financial, Identity, Mailing, Other, and Travel—streamlines the process by enabling a systematic approach. The search box within the Label drop-down list further expedites the process, allowing quick access to pertinent information through the simple typing of keywords or letters.

This organizational strategy isn’t just a tool for investigators and analysts; it also involves T-III monitors who tag communications with appropriate Labels, comprehending an investigation’s nuances to efficiently manage the digital evidence within PenLink.

Q: How are the expectations for investigations evolving, and how are you preparing for those changes?

A: In a career spanning several decades in law enforcement, I’ve witnessed a significant evolution in communication methods and a corresponding shift in law enforcement’s approach to criminal investigations. Since the era of analog pen registers and reel-to-reel wiretap recordings, the landscape has drastically transformed. The latest wiretap report to Congress reflects a substantial shift, indicating that the most frequently targeted communication devices are now portable, encompassing cell phones, text messages, and various application software.

However, this evolution poses new challenges. Increasingly, criminals are leveraging IP communications and encryption, rendering traditional wiretap intercepts less effective. The rise in encountering encrypted communications during federal and state wiretaps highlights the urgency of addressing these communication challenges. To tackle the encryption issue, a legislative solution involving bringing the internet service providers under the CALEA law is vital, akin to the transition from analog to digital telephony.

In response, our HIDTA Task Force in Hampton, Virginia, is adapting by intensifying the use of search warrants for historical IP records and expanding pen registers to include platforms like Facebook, Instagram, and WhatsApp. Yet this shift shows an increase in demand for funding to be able to handle our increased need for enhanced data storage and bandwidth capacities, not to mention the surge in historical IP data and the growing use of 5G devices. Preparing for these changes necessitates seeking additional resources to effectively manage the evolving landscape of communication in criminal investigations.

We extend our gratitude to the U.S. Attorney’s Office, and especially to Paul Swartz for generously sharing his insights and best practices—and to both for their collective dedication to upholding justice and seeking to keep our communities safe.

If you would like to take part in our Q&A series, please reach out to [email protected]. To learn more about PenLink, please visit

“PenLink doesn’t just save time; it brings closure to cases. It allows us to work on solvability, increase efficiency, and most importantly, serve justice promptly. And it’s not just about time—it’s about providing answers to victims and their families, ensuring that suspects are held accountable, and making our communities safer.”

Paul Swartz
Investigative Analyst, United States Attorney’s Office