- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
The CIO-level business angle on the latest tech
Network World - Ever since the news of the massive data breach of Target Corporation, people across the country have been watching the details unfurl. Consumers want to know if their accounts are affected, IT and security professionals are waiting to learn precisely how the breach happened, and law enforcement agencies are hoping to get enough evidence to prosecute and convict someone.
With this being such a large case involving the integrity of electronic payments, both the FBI and the U.S. Secret Service are involved in the criminal investigation. Both agencies have experts with extensive training in digital forensics and how to gather evidence that can be used in legal courts to support a conviction.
But what about smaller, lower profile criminal cases that don’t warrant the resources of the FBI and Secret Service? Who investigates them, and what are the chances that the legal system can gather the digital evidence and present it in a way that judges and juries can understand it and return a conviction? Those are the burning questions behind the creation of the National Computer Forensics Institute (NCFI) in Hoover, Alabama.
I recently had the opportunity to meet with Barry Page, a prosecutor for the state of Alabama and the Deputy Director of the NCFI. He told me the story of how the federal government is providing training for state and local law enforcement officials, including judges and prosecutors, so our law enforcement system as a whole is better prepared to collect, handle and utilize digital evidence to convict criminals.
According to Page, digital evidence started to become important about 10 years ago. This evidence was not just of computer crimes such as malicious data breaches and identity theft, but also other types of situations – drug deals, murder, etc. – where digital evidence such as phone records or Internet searches could be helpful. For example, consider that geolocation data from a cell phone can help to reveal the location of a suspected criminal – or at least the location of his phone – at a particular time and date. Such information can corroborate an alibi or prove it to be false.
And so it was that investigators and prosecutors began to take notice of the potential of this type of evidence. However, few law enforcement officials knew enough about how to collect and handle this evidence such that it could legally be used to support the case work. Just as there are proper methods to work with fingerprints, DNA and other types of physical evidence, there are legally defensible ways to collect and preserve digital evidence. Unfortunately, few people across the country were properly trained in these methods, and their case loads were overwhelming.
The U.S. Department of Homeland Security stepped in with funding to establish the National Computer Forensics Institute in order to provide this sorely needed training. The institute provides training for various constituents in law enforcement and the criminal justice system.
Specialty agents from state and local police forces receive intensive computer forensics training where they learn how to extract evidence from computer systems and to detect network intrusions and virus/malware infection. They spend weeks at the institute learning how to use the tools and the proper techniques of their investigations. When these agents complete the course, they take home with them the hardware and software their agency needs to conduct their work. The equipment is actually owned by the Secret Service but it is allocated to the officer for as long as he or she is designated to perform this job.