FBI planning Bay Area computer forensics lab

[InfoSec News <isn () c4i org>]

http://www.siliconvalley.com/mld/siliconvalley/4286982.htm

By Sean Webby
Mercury News
Oct. 14, 2002

The FBI is creating a $3 million computer forensics lab in Silicon
Valley, using the latest imaging software and high-end computers to
sleuth for cyber-clues of child pornography, corruption, murder and
more.

The 12,000-square-foot Regional Computer Forensics Laboratory, at the
foot of the Dumbarton Bridge in Menlo Park, will be available to help
detectives from San Francisco, San Mateo, Santa Clara and Alameda
counties hunt for digital clues. Investigators can bring seized
computers and disks to be searched for incriminating e-mails,
encrypted documents and other evidence within hardware or software.

Labs like these are popping up around the country in response to what
investigators are saying is an exponentially growing mass of new case
evidence to be analyzed.

``Where we used to look at a homicide suspect's letters, now it's
evolved into an electronic format,'' said Mark Mershon, the special
agent in charge of the FBI command in San Francisco. ``This is a
quickly growing need, and law enforcement needs to pool its resources
to face it.''

The lab is expected to be operating by next year. It will be staffed
by about 15 highly trained investigators culled from the FBI and local
agencies, including the Santa Clara County District Attorney's Office
and San Jose and Palo Alto police departments.

Meanwhile, Santa Clara County is using a $250,000 state grant to start
its own six-investigator computer crime lab within a month, according
to lab director Kenneth Rosenblatt. Many of the functions of that lab,
based in the Santa Clara County District Attorney's Office, are set to
be folded into the FBI lab when it opens.

There are two regional computer labs in operation -- in San Diego and
Dallas. In the pipeline is this lab as well as centers in Chicago and
Kansas City.

``This is where everything in law enforcement is going,'' said Randall
Bolelli, director of the FBI's regional forensic lab in San Diego.  
``Almost every case these days involves a computer in some way. And as
hard drive space and capacity keeps increasing, we have more things to
look at.''

For years, police departments and prosecutors have had to rely on
computer forensics from overburdened, in-house experts. Investigators
are hoping the new Silicon Valley lab will help them keep up with the
dramatically growing need for processing criminal computer evidence.

Computer evidence has been at the heart of many of the area's child
pornography investigations, but these days, experts say, computer
evidence is involved in virtually every type of case, including
investment fraud, robbery, sex crimes, murder and terrorism.

For example:

* The FBI used computer forensics in this spring's Operation Candyman.
  Seven South Bay residents were among 40 child pornography suspects
  arrested in a nationwide child porn sweep.

* In Palo Alto earlier this year, detectives investigating a child
  molestation complaint looked in the files of the suspect's computer
  and found a journal where he expressed his love for the elementary
  school student. The man was convicted.

Law enforcement interviewed about the regional lab agreed that the
increasing workload needed to be attacked in a united way.

Jack Grandsaert, the San Mateo County deputy district attorney in
charge of computer forensics, said there are people complicit in
crimes going free for lack of trained investigators.

``Before we used to look at the typewriter ribbon. Now, think of
e-mail, who the suspects are corresponding with,'' Grandsaert said.  
``Well, we often can't find it because it is encoded. And so we miss
out on a co-conspirator that might have had a mother lode of
evidence.''

The lab is also expected to function as a training center for local
law enforcement. As investigators are rotated out of the lab, they
will return to their agencies with the latest training. Among the
skills being taught at the San Diego lab, for example, is how to
remove evidence from a computer without damaging the files, how to
find ways around firewalls and secret passwords, and how to remove
evidence from a computer without disabling it.

Although Menlo Park's regional lab will be created and funded by the
FBI, its control will be transferred to a local police agency after
two years. That agency has not been picked yet, Mershon said.

Contact Sean Webby at swebby () sjmercury com or (650) 688-7577.

 

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.