Cybercrime forensics lab cinches high-profile cases

By Marcia Savage, Features Editor, Information Security magazine 15 Aug 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

From the BALCO steroids scandal to last year's contaminated spinach case, the Silicon Valley Regional Computer Forensics Laboratory has been in involved in nearly every high-profile investigation in the Bay Area.

What we're doing is pulling it all together in a very formal environment that any crime laboratory operates under. Chris Beeson, director, Silicon Valley Regional Computer Forensics Laboratory

The lab is one of 14 regional computer forensics laboratories across the country sponsored by the FBI and run jointly with local law enforcement agencies. It serves nearly 100 Bay Area law enforcement agencies, with 11 examiners conducting forensics on everything from computers and cell phones to PDAs and music players.

A majority of the cases the Silicon Valley RCFL handles involve child pornography, but it also works a high percentage of other cybercrimes, including theft of intellectual property, said Chris Beeson, lab director and FBI supervisory special agent. The lab also sees the occasional terrorism case.

Forensics help: Looking for forensics help? Advice and best practices are a few clicks away. High Technology Crime Investigation Association The SANS Institute: Offers the GIAC Certified Forensics Analyst credential. International Information Systems Forensics Association (IISFA): Offers the Certified Information Forensics Investigator certification. The CERT forensics team: CERT is part of the Software Engineering Institute at Carnegie Mellon University. International Society of Forensic Computer Examiners: A private Virginia company that offers the Certified Computer Examiner certification. U.S. Department of Justice, Computer Crime and Intellectual Property Section: Provides guidelines on electronic evidence. National Cyber-Forensics and Training Alliance: A public-private partnership that facilities training, promotes security awareness and conducts forensic analysis.

The lab's findings are a turning point in nearly every case, Beeson said: "We provide the material that puts that case together. Sometimes it's icing on the cake but a lot of times it was material that was absolutely necessary to prove the case."

Last year it processed 34 terabytes of data; this year he expects it will examine more than 50. In June, SVRCFL had about 190 open cases involving "anything from a single floppy disk all the way up to 20 servers or more," he said. One case involves more than 150 servers.

Beeson, who has a degree in mechanical engineering, declines to disclose the tools the lab uses, but says they are widely available, commercial ones. Computer forensics is about matching exceptional personnel with quality tools and techniques, he said.

"We're not doing anything super magic here. What we're doing is pulling it all together in a very formal environment that any crime laboratory operates under," he said. "If you're a lab that handles ballistics or DNA, the forensics process is very formalized….We're tried to mirror ourselves like those types of traditional crime labs."

A lot of the work at the SVRCFL involves documentation and administrative steps to ensure that material is processed "in the absolute best way possible, yielding the best results," he said.

The diligence paid off. Earlier this year, the SVRCFL was accredited by the American Society of Crime Laboratory Directors/Laboratory Accreditation Board.

Digg This!     StumbleUpon     Del.icio.us

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary