To Deschutes County Sheriff’s Sgt. Tom Nelson, Bend was primarily a prime fishing spot.

It was 2002 and Nelson was planning to retire from the Portland Police Bureau after nearly 30 years of service. But then he was recruited by then-Sheriff Les Stiles to head a new computer forensics unit for the sheriff’s office.

“It was clear to me in 2002 that cybercrime was going to become an increasing problem in law enforcement, and we needed somebody who knew how to address those issues,” Stiles, now the interim police chief in Prineville, said Monday.

It was the year of the second-generation iPod. Since then, computers and smartphones have become ubiquitous, to the point where they can become valuable evidence in many criminal cases, ranging from property crime to domestic violence, wallet-sized vaults of valuable information.

“They’re useful really in any kind of investigation, depending on the pertinence to the case,” Nelson said Monday. “Every time (people) have a stray thought they write it down, so there’s a lot of information on cellphones.”

Twelve years later, Nelson now supervises two detectives at the Deschutes County Sheriff’s Computer Forensics Lab. Together, Nelson estimates they investigate more than 100 cases a year. Their work spans computer operating systems, hardware, cellphones and surveillance tape — any medium that can store digital data.

Cellphones can help Nelson and his team to more quickly make profiles of homicide, rape and abuse victims. Rather than interviewing the victim’s family and friends, a process that can take a whole day, police can glean preliminary information in a matter of minutes by combing through phone contact lists, messages and global positioning history. But the speed of technology doesn’t mean they can handle the volume of cases that may benefit from digital investigations these days.

One such example is the case of Michael Bremont, the former Redmond Proficiency Academy principal convicted of sexual abuse and first-degree theft in 2012. He returned to county custody this fall after a high-speed chase on U.S. Highway 26 and eventually pleaded guilty to attempting to elude police and identity theft.

Chief Deputy District Attorney Mary Anderson said earlier this month that she’d wanted to investigate Bremont’s computers because the 2012 theft had involved stolen items Bremont resold online. But she said after Bremont’s sentencing Dec. 16 that she couldn’t complete it because the county has limited resources.

“This was a lower-level property crime,” Anderson said. “When you have person crimes and child abuse cases and things like that, they have to prioritize.”

It’s a funny problem for Nelson, a veteran homicide detective who didn’t think there would be much crime in Bend. “I had visions of being bored over here with nothing to do,” said Nelson. “But once I started the unit and got it going here, more and more stuff started coming in.”

Nelson said the group performs triage whenever a case comes in: priorities include crimes involving children, homicide and rape, followed by drug crimes and then property crime. The group also takes on cases from Jefferson and Crook counties, Nelson said, and has investigated cases for the Central Oregon Drug Enforcement Team, Klamath County, the FBI, Bureau of Land Management and the U.S. Forest Service. He estimates about 60 percent of the cases the lab investigates originate in Bend.

In 2008, Bend Police Det. Jerry Hubbard joined Nelson after becoming certified by the International Association of Computer Investigative Specialists, followed by Sheriff’s Det. Zach Neeman in 2012. At any given moment, Nelson said, two or three investigations are underway. This year, they got some help from Bend police officer Tyson Poole.

Poole investigated the computers seized during search warrants in the case of Richard Gustafson, the former gymnastics coach found guilty in November of sexually abusing students at his gym. Poole found multiple instances of child pornography.

Much of the lab’s work involves finding media — messages or otherwise — that the computer or cellphone’s owner has deleted. In drug cases, cellphones often reveal contact information for customers, meeting locations, even pictures of particularly robust growing operations, Nelson said. That data can be sought with a search warrant.

Computer forensic examiners have to take precautions when handling digital evidence. They use software to make an exact copy of the material, then examine the file structure for evidence. They can run additional software that can automatically determine what has been deleted. Though a user may delete content, it can be recoverable, Nelson said. If they’ve found incriminating evidence, he or one of his detectives will check manually to verify the file was deleted. “You need to know the tool’s working right,” Nelson said.

“If it’s stored in the cloud, that’s another warrant,” Nelson said, explaining authorities need an additional search warrant or language in the original search warrant approved by a judge to access user names and passwords for social media, email and other cloud-based accounts.

The detectives keep an exact copy of the media in storage until the case is adjudicated, Nelson said, at which point the file is destroyed. Hardware where illegal contraband, such as child pornography, is found is also destroyed, Nelson said, unless the court approves forfeiting it to the state. In that case, though, any content remaining on the device is wiped clean.

Meanwhile, technology continues to develop at warp speed.

“It’s like being a physician or airline pilot,” Nelson said. “New devices come out every day.”

But morale at the little lab remains high.

“It’s the best job in the sheriff’s office,” said Neeman, grinning.

— Reporter: 541-383-0376, cwithycombe@bendbulletin.com