Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

FBI Adds Two Digital Forensic Labs

Posted by kdawson on Wed Apr 30, 2008 04:34 AM
from the put-a-spike-through-it dept.
Government News Technology
coondoggie sends us a story from NetworkWorld.com, as is his wont, this one on the FBI opening two new US Regional Computer Forensics Laboratories this week. In these laboratories examiners conduct a growing number of forensic examinations of digital media in support of the investigation and/or prosecution of a federal, state, or local crime. With the addition of the new facilities in Los Angeles and Albuquerque, the FBI will have 16 RCFLs nationwide. And they are needed: "During 2007, RCFL experts conducted 4,634 exams, processing 1,288 terabytes of information. A total of 76,581 digital devices were examined (the most popular media by far — CDs, coming in at 37,424; followed by hard disk drives at 17,378; floppy disks at 11,781; and DVDs at 4,374). The number of CDs, cell phones, and flash media devices examined doubled from the previous year."
+ -
story

Related Stories

Submission: FBI bulks up digital forensic network by coondoggie (973519)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

FBI Adds Two Digital Forensic Labs 35 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
  • Check out the huge DFLs on that one...
  • I sincerely doubt there was 1288TB of data. Thats 284GB per article. If significant numbers of them were CDs or flash storage the numbers start looking fishey very fast.

    Its hard to believe they examined that much storage capacity, let alone that much data.

    • Re: (Score:3, Informative)

      by mikael (484)
      Do the arithmetic. Assuming that the average size hard disk drive is 60-80 Gigabytes, then the totals add up:

      CD's: 37,424 x 650 Megabytes = 24325600 Megabytes
      HD's: 17,378 x 70 Gigabytes = 1245655040 Megabytes
      Floppy's: 11,781 x * 1.4 Megabytes = 16493.4 Megabytes

      DVD's: 4374 x 4 Gigabytes = 17915904 Megabytes

      Total = 1287913037.4 Megabytes

      = 1287913.0374 Gigabytes

      = 1287.9130374 Terabytes

    • I sincerely doubt there was 1288TB of data. Thats 284GB per article. If significant numbers of them were CDs or flash storage the numbers start looking fishey very fast.

      Not to suggest that the FBI would never lie about details [slashdot.org], but I fail to see your mathematical concerns here. How exactly did you come up with your numbers? The summary says that 76,581 digital devices were examined, including 37,424 CDs, over 17,000 hard drives, and 4,300 DVDs. That averages out to only 16 to 17 GB per device. CDs account for almost 30 TB of the data. Taking them out leaves you at about 32 GB per device, which seems reasonable considering that over half of the remaining devices are h

      • Well I'd be concerned about the veracity of TFA. 11000 Floppy disks? Are criminals using PCs from the 1990's? Or are they just backlogged to hell?

        Seems odd.

      • Looks like they are just adding up the raw theoretical capacity of every device. They would have to perform a complete scan of every disk block to see if anything was there or not.

        From the article, there were 4634 exams, and 11,781 floppy disk. That amounts to just under 3 floppy disks per case. It wouldn't be too difficult to imagine that anyone with a computer might just have a few floppy disks lying around which originally came from hardware purchases (device drivers, software upgrades, freebie applicati
  • I'm sure they're locating to L.A. because it's a great place to fight kiddie porn, not because the MPAA and RIAA are headquartered there.
  • "During 2007, ROFL experts conducted 4,634 exams, processing 1,288 terabytes of information."
  • In the article they provide a short list of some high profile cases in which digital forensics played a role, but I'd like to see a rough breakdown on what type of investigations the FBI was scanning through 1,288 terabytes of information for.

    I know it is routine now for investigators to seize computer equipment even in drug arrests, and I wonder how much taxpayer money is being wasted so federal agents can look through internet histories and MSN buddy lists.

    • Re:How good are these guys? (Score:5, Informative)

      by sirket (60694) on Wednesday April 30 2008, @10:19AM (#23251162)
      They are incompetent- completely and utterly incompetent. They know only what encase or another piece of forensic software tells them. If the disk blocks have been rewritten a couple of times- they're not going to find it. They're not going to break AES unless you've done something stupid and left the key laying around.

      The real bitch of it is- these guys never get challenged properly- especially in child porn cases. (Thank John Walsh- Adam's Law is absurd). They can claim whatever they want and the defense is basically helpless. The defense is not allowed to have their own copy of the drive to do forensic analysis on. They have to do it at the FBI lab with FBI equipment and with FBI goons hanging over their shoulders. If the FBI finds "overwritten" evidence- there is no good way to challenge that. It's your word against theirs.

      Chain of custody? HAH! I've watched these guys leave crime scenes with drives under their arms, I've watched them run programs and click around a system they suspect of containing illegal material. No effort made to prevent trojans or other programs from covering their tracks. No effort made to preserve the state of the system. It's laughable.

      And no- I wasn't a target. I did "forensic" analysis for years and got sick of watching these people make a mockery of my profession. (I put forensic in quotes because there is nothing scientific about these analyses- they are the best guesses of someone who may or may not be even remotely qualified to give an opinion).
        • I have several certifications from comptia and other places (Sun, Cisco, MS), and I would not consider myself competent for this kind of forensic work. Got a nasty virus or think you've been hacked, format and re-install.

          Best they could do is pass their educated guesses on to people who say them as fact in court.

      • Re: (Score:3, Insightful)

        by Kjella (173770)

        They are incompetent- completely and utterly incompetent. They know only what encase or another piece of forensic software tells them. If the disk blocks have been rewritten a couple of times- they're not going to find it. They're not going to break AES unless you've done something stupid and left the key laying around.

        I figure you recover DoD wiped data without breaking a sweat and has AES cracked by midnight then, eh?

        I put forensic in quotes because there is nothing scientific about these analyses-

        Well while a few of the examples you pull up sound outright sloppy, this isn't a science project either. Time and money spent in the lab is money that could be used patrolling streets, going door-to-door, interviewing witnesses, following up leads, doing surveilance or a million other good uses. Forensic analysis is about doing it cost-effective in volume, which is more like McDonalds than a fine restaura

    • I just hope that these are for real crime, like murder, fraud, and corporate tax evasion and not just for RIAA/MPAA/Kiddie-porn/Terrorism scaremongering.
      I don't know about you but all of those "RIAA/MPAA/Kiddie-porn/Terrorism" sound like criminals to me.
  • There is no funds or agents available to check our food supply, not enough to examine bridges and buildings, not enough, apparently, to investigate crimes of politicians and arrest them.

    But hey, we have Billions of $ for making sure that people don't pirate MP3 files.

    I can understand that there are a lot more computers seized in drug raids. For one -- why are we still making drugs illegal? Are they dealing with identity theft or something that I as a citizen actually are about? Is kiddie p0rn going to magic
  • Gary Dourdan [cnn.com] might be looking for a new job pretty soon.
  • During the recent Hans Reiser trial it was absolutely obvious that the "expert" examiner was completely lost when it came to discovering what was in Hans's Reiser4 file-system. All for want of a boot disk costing $0.89, and the ability to use the mount, find, and grep commands. It's laughable, and it's told be never ever to set foot in that jurisdiction as long as I live.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.