FBI Adds Two Digital Forensic Labs

coondoggie sends us a story from NetworkWorld.com, as is his wont, this one on the FBI opening two new US Regional Computer Forensics Laboratories this week. In these laboratories examiners conduct a growing number of forensic examinations of digital media in support of the investigation and/or prosecution of a federal, state, or local crime. With the addition of the new facilities in Los Angeles and Albuquerque, the FBI will have 16 RCFLs nationwide. And they are needed: "During 2007, RCFL experts conducted 4,634 exams, processing 1,288 terabytes of information. A total of 76,581 digital devices were examined (the most popular media by far — CDs, coming in at 37,424; followed by hard disk drives at 17,378; floppy disks at 11,781; and DVDs at 4,374). The number of CDs, cell phones, and flash media devices examined doubled from the previous year."

Re:Crazy math

[mikael]

Do the arithmetic. Assuming that the average size hard disk drive is 60-80 Gigabytes, then the totals add up:

CD's: 37,424 x 650 Megabytes = 24325600 Megabytes
HD's: 17,378 x 70 Gigabytes = 1245655040 Megabytes
Floppy's: 11,781 x * 1.4 Megabytes = 16493.4 Megabytes

DVD's: 4374 x 4 Gigabytes = 17915904 Megabytes

Total = 1287913037.4 Megabytes

            = 1287913.0374 Gigabytes

            = 1287.9130374 Terabytes

Re:What are all these forsenic labs being used for

[vertinox]

I know it is routine now for investigators to seize computer equipment even in drug arrests, and I wonder how much taxpayer money is being wasted so federal agents can look through internet histories and MSN buddy lists.

Speaking of which, on my latest Equifax report there was a big bold scary headline that says FBI reports that identity theft is the largest growing crime.

Rather than using these vast resources to combat IP Infringment and "Think of the Children" issues, wouldn't it be better devoted to actually fighting what more people actually have their lives ruined by?

Some guy talking nasty in a chat room or a guy hocking pirated DVDs on the corner is no where as near as a threat to me and you as someone who is going to use the lax social security and credit system to open thousands of dollars worth of loan accounts in your name forever damaging your ability to buy a house, get a job, or even get a cell phone without a $1000 security deposit ever again.

The thing is most of these types of crimes are low tech and simply going through people's trash and mailbox so this multi-million dollar system of scanning data is worthless to the real threat the average joe faces.

Re:How good are these guys?

[sirket]

They are incompetent- completely and utterly incompetent. They know only what encase or another piece of forensic software tells them. If the disk blocks have been rewritten a couple of times- they're not going to find it. They're not going to break AES unless you've done something stupid and left the key laying around.

The real bitch of it is- these guys never get challenged properly- especially in child porn cases. (Thank John Walsh- Adam's Law is absurd). They can claim whatever they want and the defense is basically helpless. The defense is not allowed to have their own copy of the drive to do forensic analysis on. They have to do it at the FBI lab with FBI equipment and with FBI goons hanging over their shoulders. If the FBI finds "overwritten" evidence- there is no good way to challenge that. It's your word against theirs.

Chain of custody? HAH! I've watched these guys leave crime scenes with drives under their arms, I've watched them run programs and click around a system they suspect of containing illegal material. No effort made to prevent trojans or other programs from covering their tracks. No effort made to preserve the state of the system. It's laughable.

And no- I wasn't a target. I did "forensic" analysis for years and got sick of watching these people make a mockery of my profession. (I put forensic in quotes because there is nothing scientific about these analyses- they are the best guesses of someone who may or may not be even remotely qualified to give an opinion).

Re:How good are these guys?

[Kjella]

They are incompetent- completely and utterly incompetent. They know only what encase or another piece of forensic software tells them. If the disk blocks have been rewritten a couple of times- they're not going to find it. They're not going to break AES unless you've done something stupid and left the key laying around. I figure you recover DoD wiped data without breaking a sweat and has AES cracked by midnight then, eh?

I put forensic in quotes because there is nothing scientific about these analyses- Well while a few of the examples you pull up sound outright sloppy, this isn't a science project either. Time and money spent in the lab is money that could be used patrolling streets, going door-to-door, interviewing witnesses, following up leads, doing surveilance or a million other good uses. Forensic analysis is about doing it cost-effective in volume, which is more like McDonalds than a fine restaurant. Sure you need some geniuses to work on the really hard and important cases, but for the most part basic knowledge of a good tool is the adequate solution. Most aren't that tech savvy and those tools have the ability to run smart searches others have thought up. As long as they work on a copy (Forensics kindergarten knowledge) they can't really do anything wrong and at worst they won't find anything. But there's countless other crimes that slip past the radar too, it's all a matter of effectiveness.

Remember that even if you're way above average skilled and interested, remember that most people are average. Would you quit your developer job because so many others suck at it? Would you quit your sysadmin job because most sysadmins are MSCE point-and-clickys? Would you quit your management job because most managers are PHBs? Smart people are a scarce resource, and in anything but niche fields in science you can be pretty sure to meet average people. Script kiddies might not be all that "cool" in the community but they do get things done with their tools they barely understand. Same with script cops, they're probably not "cool" with the people that eats bits and bytes for breakfast but they do get things done. At least as well as the rest of the police and society in general.