FBI Adds Two Digital Forensic Labs

coondoggie sends us a story from NetworkWorld.com, as is his wont, this one on the FBI opening two new US Regional Computer Forensics Laboratories this week. In these laboratories examiners conduct a growing number of forensic examinations of digital media in support of the investigation and/or prosecution of a federal, state, or local crime. With the addition of the new facilities in Los Angeles and Albuquerque, the FBI will have 16 RCFLs nationwide. And they are needed: "During 2007, RCFL experts conducted 4,634 exams, processing 1,288 terabytes of information. A total of 76,581 digital devices were examined (the most popular media by far — CDs, coming in at 37,424; followed by hard disk drives at 17,378; floppy disks at 11,781; and DVDs at 4,374). The number of CDs, cell phones, and flash media devices examined doubled from the previous year."

Re:How good are these guys?

[Kjella]

They are incompetent- completely and utterly incompetent. They know only what encase or another piece of forensic software tells them. If the disk blocks have been rewritten a couple of times- they're not going to find it. They're not going to break AES unless you've done something stupid and left the key laying around. I figure you recover DoD wiped data without breaking a sweat and has AES cracked by midnight then, eh?

I put forensic in quotes because there is nothing scientific about these analyses- Well while a few of the examples you pull up sound outright sloppy, this isn't a science project either. Time and money spent in the lab is money that could be used patrolling streets, going door-to-door, interviewing witnesses, following up leads, doing surveilance or a million other good uses. Forensic analysis is about doing it cost-effective in volume, which is more like McDonalds than a fine restaurant. Sure you need some geniuses to work on the really hard and important cases, but for the most part basic knowledge of a good tool is the adequate solution. Most aren't that tech savvy and those tools have the ability to run smart searches others have thought up. As long as they work on a copy (Forensics kindergarten knowledge) they can't really do anything wrong and at worst they won't find anything. But there's countless other crimes that slip past the radar too, it's all a matter of effectiveness.

Remember that even if you're way above average skilled and interested, remember that most people are average. Would you quit your developer job because so many others suck at it? Would you quit your sysadmin job because most sysadmins are MSCE point-and-clickys? Would you quit your management job because most managers are PHBs? Smart people are a scarce resource, and in anything but niche fields in science you can be pretty sure to meet average people. Script kiddies might not be all that "cool" in the community but they do get things done with their tools they barely understand. Same with script cops, they're probably not "cool" with the people that eats bits and bytes for breakfast but they do get things done. At least as well as the rest of the police and society in general.