Monday, January 7, 2013

Computer forensic delays a growing problem?

It is hard not to notice the growing number of cases that revolve around or discuss the delays associated with processing computer forensic evidence. Is there a growing problem? The short answer is yes, but it is hard to determine the scope and depth of the problem merely by analyzing disparate court opinions and news stories. It does appear to be a systemic problem, both at the federal, state, and local level. Here is some evidence:

Recent cases

(January 3rd, 2013) United States v. Montgomery, __ F.3d __ (10th Cir. 2013) - after obtaining documents through a FOIA request, the defendant alleged as part of his defense that "forensic analysis had not been done because the FBI's . . . CART . . . office in Oklahoma City was backlogged for over 6 months."

United States v. Lovvorn, 2012 WL 3743975 (M.D. Ala. April 24, 2012) - "Finally, Lovvorn argues that an unreasonable delay between the seizure and the subsequent search of his computer is a violation of the Fourth Amendment. . . . The property was taken to the Coffee County Police Station, and then turned over to the Alabama Bureau of Investigation ("ABI"). The ABI returned the results of their forensic investigation nineteen months after the seizure from Lovvorn's residence occurred. There was no evidence presented that Lovvorn sought to have his property returned or was prejudiced in any way, nor has there been any assertions against the chain of custody or the authenticity of the evidence. The ABI has only one location in the state. The court therefore finds it is reasonable to believe that the delay was caused by nothing more than a backlog of cases."

News Stories

General Dynamics Awarded $42 Million to Support FBI Computer Forensic Networks

Previous posts

Federal court holds that 15-month delay in reviewing electronic evidence was an unlawful seizure

In Paypal DDOS case, government reprimanded for failure to analyze and return data in a timely fashion - In that post, I wrote: "To me, it's hard not to wonder if there is a systemic problem going on with how the government is handling cybercrime cases and the plethora of evidence that they tend to produce - according to this transcript, there were at least 9 terabytes of data that had to be analyzed.  That is certainly a lot of data, but as the court in Metter stated, there has to be a line drawn somewhere when retention of data transforms from investigatory to a violation of the Fourth Amendment."


The underlying legal implications of such backlogs are numerous, but include: (1) the suppression of evidence (as seen in a few cases above) due to the delay, as a violation of the Fourth Amendment, (2) delay in prosecution of child pornography and similar child predator cases, which has the potential to provide time/opportunity to commit additional offenses, and (3) the likelihood that evidence in lesser cases will be skipped over for more high-profile cases, driving up the bar that must be reached to consider a case worthy of prosecution.

I'd appreciate any comments from practitioners in the field who have seen similar delays and can attest to them, or alternatively, stories indicating a trend in the opposite direction.


  1. Got federal case where agent took no notes of any searches and searched 17 months after the seizure. It's more than just backlog. Computer searches are wild west for the government right now. A treasure trove with little chance of probable cause dissipation, no judicial oversight, and endless searches.