How to build stronger cases through effective communications exploitation

This article is also published on

Save time and increase accuracy using this tool for collecting and analyzing live and historical data from both phone- and Internet-based communications service providers.

The FBI and other law enforcement agencies have relied heavily on social media to identify suspects in the January 6 insurrection. Many participants posted photos and videos on social media of themselves breaching the Capitol, vandalizing offices and assaulting police officers.

The FBI put out calls for tips and digital media depicting rioting and violence at the U.S. Capitol Building – and the public answered. Posts on social media platforms like Twitter, Facebook, YouTube and Reddit have been used to identify alleged rioters from across the country.

Due to the pervasiveness of smartphones and an increase in subversive activities, terrorism and cybercrimes, there is a growing need for law enforcement to become more adept and efficient in collecting and exploiting criminal communications. According to Intrado Global Newswire, the global lawful interception market is projected to surpass $8.8 billion by 2025.

While social media data is proving to be extremely valuable in investigations, the sheer volume of data can be overwhelming. That is why law enforcement – from federal agencies like the FBI and Department of Homeland Security to state and local agencies – need tools that can help with this monumental task.


There are approximately 18,000 federal, state, county and local law enforcement agencies in America and, thankfully, very few of them have to investigate or respond to insurrections. The majority of law enforcement agencies (12,300) are local police departments tasked with enforcing all types of laws, from common disturbances to complex investigations of criminal organizations involved in drug trafficking, gang-related crimes or organized crime.

Today’s modern criminals use email, social media or instant messaging, in addition to phone calls, to communicate and coordinate their illicit activities. Tracking or tracing criminal communications is an essential part of these complex investigations.

Wiretaps are a common tool used to track targets involved in complex investigations. The federal Wiretap Act (aka Title III) requires law enforcement to obtain judicial authorization to track or trace target phone numbers, social media handles (such as screen names), messaging apps or email addresses. Besides authorization for live, or near real-time, collection of communications, law enforcement may also leverage search warrants and subpoenas to compel communications service providers of all types to provide historical communications records, which they may store in within their systems. These records may or may not, depending upon the type of order issued and the provider involved, include the actual content of the communications along with the meta data.

The investigator will then spend considerable time sorting, analyzing and linking volumes of data to the target or targets. With real-time data, such as cellphone locations, the investigator is often required to manually enter data, such as latitude and longitude, to determine where the target is. It can take hours, days or even weeks to categorize, sort and search through the data to locate relevant information to further the investigation or support additional search warrants.


These complex investigations involving collection and analysis of live and historical communications records can become more efficient and effective by leveraging PenLink’s PLX platform. In order to save investigators time and increase accuracy of information gleaned from communication records, PLX features automated ingestion capabilities from hundreds of diverse data sources, including cell phones, social media, email, web browsing, app usage, location pings, tower dumps and mobile forensic extractions. All records with location information can be mapped within PLX, providing investigators a view of target cellphone locations, social media activity, text messaging and IP addresses. Such map views of the targets’ cellphone activity also help investigators identify what locations targets frequent or where rendezvous happen, which can advance investigations or support search warrants. The PLX platform also offers advanced filtering, commonality analysis and reporting capabilities, as well as a mobile companion, PenPoint. PenPoint is a user-friendly tool to bring the insights gleaned from the data in PLX into the hands of investigators so that they can operate with detailed, up-to-date information while in the field.

The power of PenLink’s PLX platform can most effectively be viewed through the lens of a real-world scenario:


Your target is involved in the distribution of narcotics in your community. The early stages of the investigation revealed that the target uses a smart phone to text and make voice calls, send and receive emails and communicate through a common social media platform and several messaging apps. Title III authorizations, search warrants and other types of orders will allow you to obtain useful records related to social media posts, cellphone location history, and sent or received text messages and email. Once the data is obtained from the provider, the files can be loaded into PLX, where it can be searched, sorted, filtered and layered together into a wide range of visual presentations, helping investigators paint the full picture of their targets’ activities.

For example, you could conduct keyword searches for target and associate names and addresses to support link analysis. Keyword searches for deleted files can help show efforts the target used to cover their illegal activities. The analysis not only provides valuable investigative information, it can also corroborate other investigative information obtained from witnesses or confidential informants.

The sorted PLX data can easily be inserted into affidavits that support the issuance of search warrants at physical locations. For example, presume the data in PLX showed the target traveling from their known residence to the suspected drug supplier, then to the hotel where it is believed the sales were taking place. The data within PLX, along with the other investigative data already obtained, could be used to support the issuance of a search warrant at the drug supplier location or support an undercover operation at the hotel and take the target into custody while he is selling narcotics.

With PLX and PenPoint, it is no longer necessary for an investigator to manually comb through the volumes of data, create spreadsheets, manually link suspects, look up IP addresses or map out locations. The data loaded into PLX, along with traditional investigative techniques, can also help ensure that investigations are thorough, accurate, and consistent with what prosecutors and juries expect today.

Visit Penlink for more information and to sign up for a free trial.

About the author

Sgt. (Dr.) Michael Knetzger is a 28-year law enforcement veteran, currently a sergeant with the Green Bay (WI) Police Department. Dr. Knetzger is also a unified tactical trainer, subject matter expert and expert witness, law enforcement consultant, published author of six books, and a freelance writer.