Regional Computer Forensics Labs Mark 10 Years
How Regional Computer Forensics Labs helped uncover a plan to bomb New York's subway.
|The duties of examiners range from collecting digital evidence at crime scenes, conducting examinations on a wide assortment of electronic devices, and testifying in court as to the results of the exams.
Regional Computer Forensics Labs
A Decade of Accomplishments
Earlier this year, Denver resident Najabullah Zazi pled guilty to—among other things—conspiring to bomb the New York City subway system. A critical aspect of this investigation was the work done by the Rocky Mountain Regional Computer Forensics Laboratory, which analyzed Zazi’s laptop, turning up bomb-making instructions and Internet searches for hydrochloric acid…and processed surveillance video of Zazi and others buying large quantities of ingredients that could be used to make explosives.
The Zazi investigation was just one the cases worked successfully by our network of 14 FBI-sponsored Regional Computer Forensics Laboratories (RCFLs) during fiscal year (FY) 2009. You can read more about the Zazi case, plus other investigations and additional accomplishments of RCFLs, in the recently-released at www.rcfl.gov.
|Bryan Tepper, Unit Chief for FBI’s Regional Computer Forensics Laboratory program, describes the role of FBI-certified examiners in 14 labs across the country.
- Listen to Podcast
The FBI, incidentally, provides start-up and operational funding, training, and equipment for the RCFLs, while state, local, and federal law enforcement agencies (including us) assign personnel to work as examiners. The duties of these examiners range from collecting digital evidence at crime scenes, conducting examinations on a wide assortment of electronic devices, and testifying in court as to the results of the exams.
Some report highlights of RCFL accomplishments during FY 2009 include:
- 689 different law enforcement agencies requested RCFL assistance.
- 6,016 digital examinations were conducted.
- 2,334 terabytes of information were processed (which is the equivalent of 230 academic libraries).
- The various media types examined included computer hard drives (15,630); CD/DVDs (14,028), floppy disks (4,104); flash media (2,820); cell phones and smart phones (1,953); CPUs (684); digital cameras (148); digital media players (95), and navigation systems (54).
During FY 2009, RCFLs across the country provided assistance on a wide variety of investigations, including terrorism, environmental crime, public corruption, homicides, rapes, crimes against children, and fraud. For example:
- The Silicon Valley RCFL supported an investigation into an oil spill in San Francisco Bay by examining the ship’s computers and discovering that navigation charts on one of the computers had been altered after the crash.
- The Houston RFCL provided assistance in an investigation involving an employee fired from a non-profit organ transplant organization who retaliated by erasing vital computer files.
- The New Jersey RCFL examined approximately 600 gigabytes of information during an investigation of a man who moderated a website devoted to child pornography and sex with children.
- The San Diego RCFL devoted hundreds of hours of staff time and participated in multiple search warrants for an investigation involving the illegal accounting practices of a software company that resulted in criminal indictments of nearly a dozen senior managers.
Aside from the operational work performed by RCFLs, they also provide valuable training to state and local law enforcement officers—who are often the first responders to a crime scene and who must take the initial steps to recognize and secure any digital evidence. During FY 2009, 5,404 officers received training in various digital forensics techniques and tools.
A side note: FY 2009 marked the RCFL Program’s 10th anniversary—a decade of raising the level of excellence for digital forensics services to new heights and providing much needed expertise to national security cases and criminal investigations.