Tuesday, July 3, 2018

AFoD Interview with Mike Swindells

Flag of Calgary, Alberta

I met Mike Swindells through Shafik Punja and it was Shafik who had the capital idea of doing an AFoD blog interview with Mike so that AFoD readers could get an idea of what it's like for someone from a non-technical law enforcement background to takeover leadership of a digital forensics team. My career puts me into contact with many law enforcement leaders who find themselves in similar positions where they decided to take a risk with their careers and do something very difficult, but very rewarding. Many of these units focus exclusively or in part with combatting child exploitation and human trafficking so they make tremendous and life-altering differences in the lives of victims by identifying and rescuing them from further abuse. I have an immense amount of respect for people like Mike who decide to take the path less traveled in their law enforcement careers and to do something as difficult as conducting, supporting, or leading these  investigations.

Mike Swindell's Professional (Auto)biography

I’m currently a Sergeant with the Calgary Police Service and since December 2017 I have been the supervisor of our Digital Forensics Team. I have a little over 16 years experience with the CPS and have worked a combined 11 years in a front line patrol capacity both as a Constable responding to calls for service and as a Sergeant supervising various teams.  I spent 5 years working in an undercover surveillance unit where most of our targets belonged to organized crime groups, were homicide suspects or responsible for other violent crimes.

1. How did you get involved in law enforcement?

I originally worked as a Paramedic for 3 years close to Toronto prior to moving to Calgary in the summer of 2000.  When I got to Calgary I had trouble finding a job in EMS so I started looking into the other emergency services for work.  After attending some information sessions hosted by the Calgary Police Service I was interested enough to apply.  Fortunately for me, my previous work and life experience was a  great asset and I was hired by the CPS and started recruit class in November 2001.  My initial interest in joining the CPS was to have the ability to help people and make their lives better.  I really had no idea where my policing career would take me but over the past 16 years I’ve been lucky enough to work in a variety of different areas exposing me to many different sides of policing. 

2. How did your law enforcement career develop once you joined the Calgary Police Service?

From talking with colleagues and friends over the years I think my experience and career development has been very similar to other police officers.  I left recruit classes full of confidence and knowledge of what I had learned and hoped to apply my new skills in real life scenarios.  However I quickly learned that classroom policing is much different than policing in the real world!  The first team I joined had a very experienced group of officers and a Sgt with over 30 years of policing.  I would say my first officer coach was very intense, had high expectations of any recruit and was very good at her job.  I learned a lot from my first officer coaches and was exposed to many different scenarios.  I quickly learned that I enjoyed being what I refer to as a ‘calls for service’ police officer.  I liked attending calls, dealing with them at the time and moving on to the next call.  I think with most police officers you become very proficient and capable of attending any type of call within your first 3-5 years of policing.  I enjoyed working in a front line patrol capacity, but as I got more experience and exposure to the different units we have I began thinking of what I wanted to do next.

So after spending the first 6 years of my career as a front line patrol officer working in 2 different Districts I applied to work in an undercover surveillance unit.  At the time, it was the only dedicated surveillance unit in the service and it was highly sought after and very well respected within the CPS.  Lucky for me, I applied and was successful and began a new chapter in my career.  In order to work in surveillance I had to pass a very intense 3 week surveillance course which was very challenging but fun at the same time.  I spent a little over 5 years working in surveillance and I had some fantastic experiences and learned a whole new skillset.  When new members joined our team I began to enjoy mentoring and helping them become proficient at surveillance.  I also had the opportunity to fill in for my supervisor in an Acting Sgt capacity, something I really enjoyed doing.  The extra responsibility of running a team, dealing with any issues that would come up was challenging but rewarding at the same time.  Eventually I decided that applying for promotion to the rank of Sgt was what I wanted to do.  I enjoyed supervising people and was at a point in my career where I wanted a new challenge and opportunity.  Unfortunately the first time I applied for promotion I was unsuccessful but I didn’t let that stop me from continuing my personal growth and development.  I returned to patrol and was promoted 18 months later and began supervising front line patrol members.   One of the best things about our job is that constant opportunity to try new things and work in different areas.  So after almost 4 years of being a front line patrol supervisor I began looking at where my career would take me next.  Enter the wonderful world of Digital Forensics!  I had heard rumours that a Sgt position within our Cyber/Forensics Unit was going to become available so I reached out to former colleagues and friends who currently worked in that area.  Not knowing a thing about Digital Forensics I began asking questions and visited our lab a few times.  Still, with very little knowledge I applied and got the job, which is where I find myself now.  The past few months have been very challenging at times however when it comes right down to it, I still supervise people and manage calls.  I don’t need to know how the guys do what they do, I just need to know what they are capable of doing.  And I must give credit to the group of police officers that I supervise now, they have all been excellent and patient when explaining things to me and when I ask ‘simple’ questions about forensics!

3. So you’ve entered this wild and wonderful world of digital forensics.  As you have settled into your new role leading a digital forensics team, what are some of the things that surprised you about the digital forensics world?

I think the biggest surprise was how much information and data is actually contained within digital devices and how much critical evidence can be found.  Coming in to this world I thought it would all be about recovering deleted texts, emails and call logs from devices by simply plugging them in to a computer.  Not so simple as it turns out and so much more information can be found.  Not being exposed to digital forensics before I never really thought about how much data can be found on devices.

Next was the cost of running a digital forensics lab.  Software renewals and equipment are not cheap, and when certain companies are the only ones who can provide their service they can set their price wherever the like.  We all know that technology is always evolving and becoming better so new tools, software and training are required to keep up with change.  Courses are also so expensive!  When our members have completed their ‘basic’ courses at the Canadian Police College and are looking at maintaining and increasing their skillset we (in Canada) generally have to send our members to courses in the US.  Factor in the cost of travel, the exchange rate and the cost of courses we can only afford to send our examiners on 1 course a year.  We are very lucky though, as the CPS has committed to giving us a healthy yearly training budget so our examiners do have the opportunity to attend various training courses.  (generally in very nice warm places J)    

Another pleasant surprise, which in hindsight is not surprising at all is the level of commitment and knowledge that our examiners have.  All our examiners have such a passion for their jobs and really enjoy doing what they do.  Much like other specialty areas within our police service, our digital forensic examiners are just as passionate about their jobs as the members of K9, Tactical Team, homicide investigators or any other specialty area are.  They train and work just as hard as anyone else, they just happen to do it from behind a keyboard as opposed to a Glock.  If someone recognizes that we could be doing something better or that an app can be created to make our end product better, they will.  Everything our examiners do on a day to day basis is in an effort to make our lab more efficient and be better than the day before. 

As the months go by I’m still amazed by the work our examiners do but as I get to know them better and how smart they actually are I will be less and less ‘surprised’ with their brilliance!   

4. What does an average week look like for you in leading your team? What do you find yourself spending the most time on?

The majority of my time is focused around managing our Intake Queue and deciding which files should be assigned next.  When I first started back in December 2017 we had around 20 files waiting to be assigned, currently we’re at 45 with close to 100 exhibits requiring our attention.  The majority of our files come from our Major Crimes Section, those being Homicide, Sex Crimes and Child Abuse.  Some files only have 1 or 2 exhibits while others can have anywhere from 10-15.  Our in house Intake Queue was designed by one our tech’s and provides a lot of information that helps me decide which files are assigned next.  One of the biggest factors involved in deciding when a file is assigned is if there is a search warrant attached to it and when it expires.  More than 50% our of files have search warrant time frames so I always have to be aware of when they expire so that I don’t have to tell the investigator that they need to request an extension if we are unable to examine their device within the initial time frame requested.  Crimes against people often take priority over property or drug related files, however I still thinks it’s important to have those files/devices examined so I try to alternate assigning major crimes files with the other ones that come in.  I also feel strongly about assigning files from our front line patrol members as quickly as I can.  Our front line officers are so busy and overworked that if one of them has taken the time to seize a device and write a search warrant then I think it’s very important to show them that we are willing and capable of helping them out when they need it.

Another big part of my job is offering advice when it comes to safely seizing, storing  and how to write a search warrant for an electronic device prior to it coming to our office for examination.  I also find myself having to  explain to investigators why it takes so long to examine and extract data from devices.  Currently we ask for a 6 month time frame to examine devices, which can be frustrating for investigators especially if they need evidence from a device prior to laying charges.  Everyone’s file is very important to them and want as much information or evidence that is available to them and sometimes having to wait months isn’t what they want to hear.

When I first started in DFT I wanted to expand my technical knowledge base around computers and cell phones but I had no idea where to turn.  Thankfully I was directed to your organization and I started taking the on-line courses that NW3C provides to the LE community.  So the first few weeks of supervising the members of DFT I completed at least one or two on-line courses so I had a better understanding of what they guys were talking about!  Since then I’ve moved on to taking on-line Comptia A+ courses to expand my limited knowledge base further.  I have to admit that even though I was never close to being a ‘computer geek’ or even interested in the internal workings of computers I’m really enjoying learning about these things and think I’ll continue taking courses and seminars when time permits.  With my increased knowledge base I also like shadowing the guys in the lab and watching them work and have them explain what and how they are doing things.  Lately I’ve been trying to help out by starting the initial exam process by doing the relatively simple things like photographing the exhibit and extracting the SIM card information so when the file is assigned the guys can get straight to the examination process.  

Other typical supervisor things I do on a weekly basis include managing time off, vacation requests, approving time sheets and advocating to my bosses that we are working at over- capacity and need more tech’s.  I hope this gives a brief glimpse into our lab in Calgary and what my typical work week looks like.

5. What sort of cases does your team get involved with?  

Our team examines devices from almost any criminal offence you can think of.  The files that take up our most time however are generally homicide files that can have anywhere from between 1-15 exhibits that require examination.  Currently our intake queue has 45 files waiting to be assigned and they include homicides, sexual assaults, aggravated assaults, child abuse, fraud, criminal harassment (stalking), drugs, voyeurism, extortion, stolen property and break and enter files.  Occasionally we are asked to attend crime scene locations to examine devices on site or attend search warrants for the same reasons.  When time permits some of our techs also get involved in R&D to create app’s or trouble shoot problems that come up.  One recent example of this is one of our tech has written a script to help decrypt secure notes found on an iPhone that were extracted by our Graykey for another local police agency.  The app he created is now being shared with a Detective from Nashville investigating a child abuse case where potential evidence is located in the secure notes feature of an iPhone.  Unfortunately our guys are so busy that not enough time can be dedicated to R&D which is unfortunate since they create very useful app’s that make their jobs easier and more efficient.  Historically they have also been asked by other work areas within the CPS to create databases to help those areas track their files.  For now though, until our work area is better staffed the R&D work they do has to take a back seat so that we can keep up the work we get on a daily basis. 

6. What advice would you give someone else who found themselves in charge of a similar unit without having done digital forensics work prior to that assignment?

Good question.  I think the biggest thing to remember is to not get to hung up on the technology side of things and remember that you are first and foremost a supervisor and not a digital forensics tech.  For me it was very important to begin by understanding what the tech’s on our team are capable of doing but not necessarily understanding how they do it.  This is still a work in progress but they guys are very supportive and patient with my questions.  I know that I will never come close to having the same level of computer/technical knowledge or experience the guys have and I accept that, which goes back to my first point of realizing that I’m a supervisor and my job is very different than theirs.  I would encourage anyone thinking of taking on this role to attend their lab, speak with the techs and actually see what their jobs are all about, it might surprise you.  Be prepared to say ‘no’ as well.  Software, hardware and training are all very expensive, and as nice as it is to have every tool at your disposal it’s just not financially feasible for tech’s to have everything they want, not necessarily need, especially for a municipal police service like ours.  Looking back I would also consider completing the Comptia A+ course prior to managing a lab.  Although it’s not necessary, and I still firmly believe a supervisor does not need previous computer or tech experience, it would definitely help especially if you could speak a little bit of computer language with your techs.  Not to belabour my first point but I think the most important thing to remember is that you are a supervisor and it’s your job to supervisor the people in your lab.  Everything else will fall in to place if you keep that your priority.  The past 6 months have definitely been eye opening for me, especially on the technical side of things, but overall supervising a digital forensics lab with no previous experience has had its challenges however is very rewarding and enjoyable.