Éditoriaux Défense Sécurité Terrorisme Zones de conflits Logistique Livres de référence Liens
Terre Air Mer Gendarmerie Renseignement Infoguerre Cyber Recherche

High Tech Lab Ties Computers to Crimes

High Tech Lab Ties Computers to Crimes

By Douglas J. Gillert, American Forces Press Service, November 2, 1999.

LINTHICUM, Md. -- The airman was accused of hiring a hit man to kill his wife. He thought he would get away with murder when he literally cut the evidence to pieces.

As two Air Force Office of Special Investigations agents interrogated the suspect, he reached into his back pocket and jerked his arm forward as if drawing a concealed handgun. The agents backed off, but instead of a gun, the suspect produced a pair of pinking shears and began smugly cutting two 5 1/4-inch floppy diskettes into a pile of useless plastic. Or so he believed it was useless.

After searching for months for a means to retrieve data from the ruined diskettes, one agent suggested taping them back together. Using a magnetic spray that made the tracks more visible, the agents reassembled the diskettes.

Careful disk splicing repairs damaged magnetic media. The Defense Computer Forensics Lab in Linthicum, Md., specializes in retrieving information from computers, no matter what condition the hardware is in. DoD and service crime investigators increasingly rely on evidence contained on computers to prove crimes were committed.

"They retrieved 80 percent of the data," said Karen Matthews, deputy director of the Defense Computer Forensics Lab. On the disks: A letter the airman had written to his girlfriend outlining plans for his wife's murder, including when and where it would occur. The evidence helped prosecutors convict him.

Piecing together diskettes crime perpetrators have tried to destroy is one of the forensics lab's specialties. Today, examiners use microscopes to view the denser lines of the smaller, 3.5-inch diskettes. If the diskettes can be located, the lab most likely can retrieve the information. The examiners here also are adept at retrieving data "erased" from hard drives and defeating other attempts to conceal information.

Formerly involved in analyzing only Air Force crime data, the lab took on the job for all the services this year after the Air Force Office of Special Investigations became DoD executive agent for providing counterintelligence, criminal and fraud computer evidence processing and analysis. The lab supports military law enforcement agencies that increasingly find computers involved in breaking Uniform Code of Military Justice and civil statutes.

"We're a neutral party as far as an actual investigation goes," said David Ferguson, lab director. "Evidence comes in, we look and it and tell the investigators what it means. We aren't here to say whether the evidence is good or bad. Our place is purely to assist the investigating agency in coming to the truth."

The lab analyzes evidence only on those subject to military investigations. These subjects are active duty service members, on-duty reservists and anyone residing or working on a military installation or on DoD systems. This includes family members, civilian employees and contractors.

The lab relies on alert field investigators to provide the computer hardware, drives and diskettes for analysis. A separately functioning training program collocated with the lab in the middle of an airport business park near Baltimore is now training field investigators to always look for computer ties to crimes.

Ferguson sees computers being involved in more and more crimes, from intrusions by hackers and others intent on committing computer fraud to criminals who unintentionally leave information trails on their computers.

"We're in a growth industry," he said. "Everybody's got a computer at home or at least at work. Computers are becoming more prevalent, and our investigators are being trained to recognize that evidence. So, I think we're going to see more and more computer evidence showing up here for us to evaluate."

The lab currently handles about 30 cases at a time and is building toward a capacity of 60 active cases in-house and 400 a year. Depending on the complexity of the evidence to be analyzed, most evaluations last anywhere from a few hours to two months.

Ferguson said the simplest cases can and should be handled by field investigators -- those getting their training here in the Defense Computer Investigations Training Program. The program, he said, includes five courses and will add six more. Topics include computer search and seizure, field forensics and an overview of network and computer hardware. Future courses will include network investigations, lab forensics, intrusion techniques, intrusion analysis and a management course for supervisors of computer investigations.

Although the lab's primary customers are law enforcers, the lab also can let commanders know where their computer systems may be vulnerable to intrusions.

"If we detect vulnerabilities, we can get that information back to the commander," Ferguson said. "We can give them an analysis that lets them know what people are going after."

One area of computer use Matthews sees as particularly vulnerable to misuse is electronic commerce.

"My personal opinion is that we will see more fraud committed by computer users," she said. "You can now do 'e-commerce' over the Internet. That lends itself to abuse. More records are being stored on computers every day. So if a fraud is going to be committed, it will have to involve computer data."

"You've got all of this electronic 'stuff' that used to be on paper," Ferguson said. "Now, it's all in digits somewhere -- it's all binary. So, as more and more people have this 'stuff' on computers, more and more evidence is going to come in digital, and they're going to need a lab like this to get to it."

All that 'stuff' doesn't necessarily go away when it's erased, Ferguson added.

"It depends on how good they are at erasing," he said. "If they're real good with a computer, they can hide it. If not, they may think it's gone but we can still recover it."

Matthews said the evidence the lab produces stands up well in court, including military courts.

Defense Computer Forensics Lab examiners carefully record and track all evidence brought to the lab for analysis. The lab, in Linthicum, Md., helps field investigators uncover evidence of crimes on military installations or involving DoD systems. Strict procedures help the evidence stand up in courts of law.

"We have not had a whole lot of challenges," she said. "I think the reason for that is thorough training and procedures. We try to be very careful in our forensic procedures, and we keep the thought foremost in our minds when we're doing a process that someday it's going to be in court and we have to defend that process.

"DoD takes those things very seriously, and whether it's a military court or federal court, there should be no difference in our practices. The analysis we provide should stand up in either judicial system."

For more information, visit the Defense Computer Forensics LabWeb site.


Derniers articles

Verdun 2016 : La légende de la « tranchée des baïonnettes »
Eyes in the Dark: Navy Dive Helmet Display Emerges as Game-Changer
OIR Official: Captured Info Describes ISIL Operations in Manbij
Cyber, Space, Middle East Join Nuclear Triad Topics at Deterrence Meeting
Carter Opens Second DoD Innovation Hub in Boston
Triomphe de St-Cyr : le Vietnam sur les rangs
Dwight D. Eisenhower Conducts First OIR Missions from Arabian Gulf
L’amiral Prazuck prend la manœuvre de la Marine
Airmen Practice Rescuing Downed Pilots in Pacific Thunder 16-2
On ne lutte pas contre les moustiques avec une Kalachnikov...
Enemy Mine: Underwater Drones Hunt Buried Targets, Save Lives
Daesh Publications Are Translated Into Eleven Languages
Opération Chammal : 10 000 heures de vol en opération pour les Mirage 2000 basés en Jordanie
Le Drian : Daech : une réponse à plusieurs niveaux
Carter: Defense Ministers Agree on Next Steps in Counter-ISIL Fight
Carter Convenes Counter-ISIL Coalition Meeting at Andrews
Carter Welcomes France’s Increased Counter-ISIL Support
100-Plus Aircraft Fly in for Exercise Red Flag 16-3
Growlers Soar With B-1s Around Ellsworth AFB
A-10s Deploy to Slovakia for Cross-Border Training
We Don’t Fight Against Mosquitoes With a Kalashnikov
Bug-Hunting Computers to Compete in DARPA Cyber Grand Challenge
Chiefs of US and Chinese Navies Agree on Need for Cooperation
DoD Cyber Strategy Defines How Officials Discern Cyber Incidents from Armed Attacks
Vice Adm. Tighe Takes Charge of Information Warfare, Naval Intelligence
Truman Strike Group Completes Eight-Month Deployment
KC-46 Completes Milestone by Refueling Fighter Jet, Cargo Plane
Air Dominance and the Critical Role of Fifth Generation Fighters
Une nation est une âme
The Challenges of Ungoverned Spaces
Carter Salutes Iraqi Forces, Announces 560 U.S. Troops to Deploy to Iraq
Obama: U.S. Commitment to European Security is Unwavering in Pivotal Time for NATO
International Court to Decide Sovereignty Issue in South China Sea
La SPA 75 est centenaire !
U.S. to Deploy THAAD Missile Battery to South Korea
Maintien en condition des matériels : reprendre l’initiative
La veste « léopard », premier uniforme militaire de camouflage
Océan Indien 2016 : Opérations & Coopération
Truman Transits Strait of Gibraltar
Navy Unveils National Museum of the American Sailor
New Navy, Old Tar
Marcel Dassault parrain de la nouvelle promotion d’officiers de l’École de l’Air
RIMPAC 2016 : Ravitaillement à la mer pour le Prairial avant l’arrivée à Hawaii
Bataille de la Somme, l’oubliée
U.S., Iceland Sign Security Cooperation Agreement
Cléopatra : la frégate Jean Bart entre dans l’histoire du BPC Gamal Abdel Nasser
Surveiller l’espace maritime français aussi par satellite
America's Navy-Marine Corps Team Fuse for RIMPAC 2016
Stratégie France : Plaidoyer pour une véritable coopération franco-allemande
La lumière du Droit rayonne au bout du chemin

Directeur de la publication : Joël-François Dumont
Comité de rédaction : Jacques de Lestapis, Hugues Dumont, François de Vries (Bruxelles), Hans-Ulrich Helfer (Suisse), Michael Hellerforth (Allemagne).
Comité militaire : VAE Guy Labouérie (†), GAA François Mermet (2S), CF Patrice Théry (Asie).