[ISN] FBI planning Bay Area computer forensics lab

From: InfoSec News (isnat_private)
Date: Wed Oct 16 2002 - 00:22:41 PDT

  • Next message: InfoSec News: "[ISN] Bugbear side effect hits printers"

    http://www.siliconvalley.com/mld/siliconvalley/4286982.htm
    
    By Sean Webby
    Mercury News
    Oct. 14, 2002
    
    The FBI is creating a $3 million computer forensics lab in Silicon
    Valley, using the latest imaging software and high-end computers to
    sleuth for cyber-clues of child pornography, corruption, murder and
    more.
    
    The 12,000-square-foot Regional Computer Forensics Laboratory, at the
    foot of the Dumbarton Bridge in Menlo Park, will be available to help
    detectives from San Francisco, San Mateo, Santa Clara and Alameda
    counties hunt for digital clues. Investigators can bring seized
    computers and disks to be searched for incriminating e-mails,
    encrypted documents and other evidence within hardware or software.
    
    Labs like these are popping up around the country in response to what
    investigators are saying is an exponentially growing mass of new case
    evidence to be analyzed.
    
    ``Where we used to look at a homicide suspect's letters, now it's
    evolved into an electronic format,'' said Mark Mershon, the special
    agent in charge of the FBI command in San Francisco. ``This is a
    quickly growing need, and law enforcement needs to pool its resources
    to face it.''
    
    The lab is expected to be operating by next year. It will be staffed
    by about 15 highly trained investigators culled from the FBI and local
    agencies, including the Santa Clara County District Attorney's Office
    and San Jose and Palo Alto police departments.
    
    Meanwhile, Santa Clara County is using a $250,000 state grant to start
    its own six-investigator computer crime lab within a month, according
    to lab director Kenneth Rosenblatt. Many of the functions of that lab,
    based in the Santa Clara County District Attorney's Office, are set to
    be folded into the FBI lab when it opens.
    
    There are two regional computer labs in operation -- in San Diego and
    Dallas. In the pipeline is this lab as well as centers in Chicago and
    Kansas City.
    
    ``This is where everything in law enforcement is going,'' said Randall
    Bolelli, director of the FBI's regional forensic lab in San Diego.  
    ``Almost every case these days involves a computer in some way. And as
    hard drive space and capacity keeps increasing, we have more things to
    look at.''
    
    For years, police departments and prosecutors have had to rely on
    computer forensics from overburdened, in-house experts. Investigators
    are hoping the new Silicon Valley lab will help them keep up with the
    dramatically growing need for processing criminal computer evidence.
    
    Computer evidence has been at the heart of many of the area's child
    pornography investigations, but these days, experts say, computer
    evidence is involved in virtually every type of case, including
    investment fraud, robbery, sex crimes, murder and terrorism.
    
    For example:
    
    * The FBI used computer forensics in this spring's Operation Candyman.
      Seven South Bay residents were among 40 child pornography suspects
      arrested in a nationwide child porn sweep.
    
    * In Palo Alto earlier this year, detectives investigating a child
      molestation complaint looked in the files of the suspect's computer
      and found a journal where he expressed his love for the elementary
      school student. The man was convicted.
    
    Law enforcement interviewed about the regional lab agreed that the
    increasing workload needed to be attacked in a united way.
    
    Jack Grandsaert, the San Mateo County deputy district attorney in
    charge of computer forensics, said there are people complicit in
    crimes going free for lack of trained investigators.
    
    ``Before we used to look at the typewriter ribbon. Now, think of
    e-mail, who the suspects are corresponding with,'' Grandsaert said.  
    ``Well, we often can't find it because it is encoded. And so we miss
    out on a co-conspirator that might have had a mother lode of
    evidence.''
    
    The lab is also expected to function as a training center for local
    law enforcement. As investigators are rotated out of the lab, they
    will return to their agencies with the latest training. Among the
    skills being taught at the San Diego lab, for example, is how to
    remove evidence from a computer without damaging the files, how to
    find ways around firewalls and secret passwords, and how to remove
    evidence from a computer without disabling it.
    
    Although Menlo Park's regional lab will be created and funded by the
    FBI, its control will be transferred to a local police agency after
    two years. That agency has not been picked yet, Mershon said.
    
    Contact Sean Webby at swebbyat_private or (650) 688-7577.
    
     
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Oct 16 2002 - 03:03:13 PDT