Inside the High-Tech World of RCFLs
Dusting for Digital Fingerprints
Inside the High-Tech World of Regional Computer Forensics Laboratories
In 1999, the FBI launched an innovative pilot program to help state, local, and other federal law enforcement gather digital evidence from computers, personal digital assistants, cell phones, video cameras, and other digital devices. Seven years later, the Regional Computer Forensics Laboratory (RCFL) program has quadrupled in size, now offering its services to 3,500 law enforcement agencies in 13 states. We talked with Supervisory Special Agent Gerry Cocuzzo, chief of our national RCFL program to learn about recent progress and activities. (And you can learn more by reading the just posted 2005 RCFL Annual Report.)
Q: In January, the 10 th lab—the Rocky Mountain RCFL—opened in Denver. What other milestones has the program achieved?
Gerry: Quite a few. Last year, we opened five new RCFLs and processed 457 terabytes of information for 435 different federal, state, and local law enforcement agencies. That’s a massive amount of data: the entire print collection of the Library of Congress would amount to only 10 terabytes of information. Our North Texas RCFL became the first federal digital forensics lab to be accredited by the American Society of Crime Laboratory Directors. And, out of over 1,000 applicants, the RCFL program was one of 50 semi-finalists in Harvard University’s Innovation in American Government awards. Perhaps most importantly, the RCFL program last year trained over 3,200 law enforcement personnel in computer forensics techniques. Our 153 examiners come from all of the participating agencies, not just the FBI.
Q. What are your plans for the program in 2006?
Gerry: We’ll continue to grow and establish new partnerships. This summer, we’ll open labs in Philadelphia and Buffalo. With those openings, we’ll be working side-by-side with over 100 federal, state, and local law enforcement agencies nationwide.
Q: What major cases have RCFLs been involved with in the last year?
Gerry: A lot of people assume that computer forensics only come into play when law enforcement is investigating Innocent Images cases and other cyber crimes. But digital evidence has become vital to all types of investigations—counterterrorism, public corruption, organized crime, white-collar crime, violent crime. For example, last year the in Kansas City worked with the Wichita Police Department’s Computer Forensics Unit to help capture “BTK” serial killer Dennis Rader. The RCFL conducted a forensic exam on a floppy disk Rader sent to a TV news station, revealing details such as his first name, places he worked, and his location.
Q: Last question: How do RCFLs work to protect privacy and civil liberties when they’re conducting exams?
Gerry: RCFLs protect privacy because our examiners don’t conduct unwarranted searches. Searches are conducted under two conditions: if we are granted legal authority by a judge, or if the party signs a consensus search form. We protect civil liberties mainly through our strict evidence handling procedures—which all RCFLs must follow. Any piece of evidence that enters an RCFL is cataloged and tracked the entire time it’s there. Once the data is imaged and reviewed, it’s “wiped clean” off our network and transferred to backup copies or tapes that are placed in sealed bags and kept in a secure evidence storage room. Anyone that reviews the evidence must sign a log book, which further maintains the chain of custody. It’s also important to note that RCFL examiners are impartial—they don’t conduct investigations and they don’t go fishing for information. They only search for items that the investigators specifically request.