RCFL: Regional Computer Forensics Laboratory

Cybercrime forensics lab cinches high-profile cases

By Marcia Savage, Features Editor, Information Security magazine
15 Aug 2007

Source: SearchSecurity.com

From the BALCO steroids scandal to last year's contaminated spinach case, the Silicon Valley Regional Computer Forensics Laboratory has been in involved in nearly every high-profile investigation in the Bay Area.

The lab is one of 14 regional computer forensics laboratories across the country sponsored by the FBI and run jointly with local law enforcement agencies. It serves nearly 100 Bay Area law enforcement agencies, with 11 examiners conducting forensics on everything from computers and cell phones to PDAs and music players.

A majority of the cases the Silicon Valley RCFL handles involve child pornography, but it also works a high percentage of other cybercrimes, including theft of intellectual property, said Chris Beeson, lab director and FBI supervisory special agent. The lab also sees the occasional terrorism case.

The lab's findings are a turning point in nearly every case, Beeson said: "We provide the material that puts that case together. Sometimes it's icing on the cake but a lot of times it was material that was absolutely necessary to prove the case."

Last year it processed 34 terabytes of data; this year he expects it will examine more than 50. In June, SVRCFL had about 190 open cases involving "anything from a single floppy disk all the way up to 20 servers or more," he said. One case involves more than 150 servers.

Beeson, who has a degree in mechanical engineering, declines to disclose the tools the lab uses, but says they are widely available, commercial ones. Computer forensics is about matching exceptional personnel with quality tools and techniques, he said.

"We're not doing anything super magic here. What we're doing is pulling it all together in a very formal environment that any crime laboratory operates under," he said. "If you're a lab that handles ballistics or DNA, the forensics process is very formalized... We've tried to mirror ourselves like those types of traditional crime labs."

A lot of the work at the SVRCFL involves documentation and administrative steps to ensure that material is processed "in the absolute best way possible, yielding the best results," he said.

The diligence paid off. Earlier this year, the SVRCFL was accredited by the American Society of Crime Laboratory Directors/Laboratory Accreditation Board.

[Original Article on the SearchSecurity.com web site ]

Home | Sitemap | Accessibility Statement | Privacy Policy