DUSTING FOR DIGITAL FINGERPRINTS
Inside the High-Tech World of Regional Computer Forensics Laboratories
04/24/06
In
1999, the FBI launched an innovative pilot
program to help state, local, and other
federal law enforcement gather digital evidence
from computers, personal digital assistants,
cell phones, video cameras, and other digital
devices. Seven years later, the Regional
Computer Forensics Laboratory (RCFL) program
has quadrupled in size, now offering its services to 3,500 law enforcement
agencies in 13 states. We talked with Supervisory Special Agent Gerry Cocuzzo,
chief of our national RCFL program to learn about recent progress and activities.
(And you can learn more by reading the just posted 2005
RCFL Annual Report.)
Q: In January, the 10 th lab—the Rocky
Mountain RCFL—opened
in Denver. What other milestones has the
program achieved?
Gerry: Quite a few. Last
year, we opened five new RCFLs and processed
457 terabytes of information for 435 different
federal, state, and local law enforcement
agencies. That’s a massive amount of
data: the entire print collection of the
Library of Congress would amount to only
10 terabytes of information. Our North Texas
RCFL became the first federal digital forensics
lab to be accredited by the American Society
of Crime Laboratory Directors. And, out of
over 1,000 applicants, the RCFL program was
one of 50 semi-finalists in Harvard University’s
Innovation in American Government awards.
Perhaps most importantly, the RCFL program
last year trained over 3,200 law enforcement
personnel in computer forensics techniques.
Our 153 examiners come from all of the participating
agencies, not just the FBI.
Q. What are your plans for the
program in 2006?
Gerry: We’ll
continue to grow and establish new partnerships.
This summer, we’ll open labs in Philadelphia
and Buffalo.
With those openings, we’ll be working
side-by-side with over 100 federal, state,
and local law enforcement agencies nationwide.
Q: What major cases have RCFLs been involved
with in the last year?
Gerry: A
lot of people assume that computer forensics
only come into play when law enforcement
is investigating Innocent
Images
cases and other cyber crimes. But digital
evidence has become vital to all types of
investigations—counterterrorism, public
corruption, organized crime, white-collar
crime, violent crime. For example, last year
the Heart
of America RCFL in Kansas City worked with the Wichita Police
Department’s Computer Forensics Unit
to help capture “BTK” serial
killer Dennis Rader. The RCFL conducted a
forensic exam on a floppy disk Rader sent
to a TV news station, revealing details such
as his first name, places he worked, and
his location.
Q: Last question: How do RCFLs work
to protect privacy and civil liberties
when they’re
conducting exams?
Gerry: RCFLs protect privacy
because our examiners don’t conduct unwarranted
searches. Searches are conducted under two
conditions: if we are granted legal authority
by a judge, or if the party signs a consensus
search form. We protect civil liberties mainly
through our strict evidence handling procedures—which
all RCFLs must follow. Any piece of evidence
that enters an RCFL is cataloged and tracked
the entire time it’s there. Once the
data is imaged and reviewed, it’s “wiped
clean” off our network and transferred
to backup copies or tapes that are placed in
sealed bags and kept in a secure evidence storage
room. Anyone that reviews the evidence must
sign a log book, which further maintains the
chain of custody. It’s also important
to note that RCFL examiners are impartial—they
don’t conduct investigations and they
don’t go fishing for information. They
only search for items that the investigators
specifically request.
Resources: RCFL
Program |
More Lab/Operational Technology Stories