Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Courts Government United States News

New US Computer Forensic Institute 131

Quincy writes "The DHS and Secret Service are setting up a new computer forensic institute in Alabama. Set to open in mid-2008, the new National Computer Forensic Institute will be able to train over 900 law enforcement officers per year. 'It will initially be staffed by 18 Secret Service agents and will feature classrooms, a forensic laboratory, an evidence vault, and server rooms. Courses will be offered in the investigation of electronic crimes, network intrusion investigation, and computer forensics... [T]he Secret Service says that it will help to bring judges and prosecutors up to speed as well.'" Maybe over time we'll see fewer botches of justice like those in the news recently.
This discussion has been archived. No new comments can be posted.

New US Computer Forensic Institute

Comments Filter:
  • I wonder. (Score:3, Interesting)

    by AltGrendel ( 175092 ) <ag-slashdot@eGAUSSxit0.us minus math_god> on Tuesday March 13, 2007 @01:51PM (#18336619) Homepage
    Do you HAVE to be a law officer, or can anyone sign up?
    • Re: (Score:3, Funny)

      A friend of mine got a job with the FBI as a network technician. He carries a badge and gun with his networking gear. I guess the gun is needed for those rare occasions when troubleshooting gets out of hand.
      • Re: (Score:1, Funny)

        by Anonymous Coward
        He carries a badge and gun with his networking gear.

        Well, that Marge from Accounting keeps on downloading that Bonzai Buddy. Something's gotta be done about it.
      • His employer supplies him with a LART? nice... =]
    • Re:I wonder. (Score:5, Insightful)

      by lawpoop ( 604919 ) on Tuesday March 13, 2007 @02:10PM (#18336947) Homepage Journal
      My hope is that more computer science majors go into law enforcement.
      • by Instine ( 963303 )
        Keep hoping. The fact is, most people who sign up to be cops, don't want to do the kind of learning that is require (not disparageing and this comes with all the caveats of any generalization). Its just not their bag...
        • Re: (Score:2, Interesting)

          by poopdeville ( 841677 )
          A bachelor's degree is a requirement to join the force in many major cities.
          • And that degree usually comes in the form of criminal justice or political science, which don't even involve any sort of advanced math, just statistics, if that. Not exactly on the same level of learning or effort as computer science.
      • Instead of the trend recently of more law enforcement happening in our computers?
      • by Stephen Tennant ( 936097 ) on Tuesday March 13, 2007 @03:03PM (#18337677) Journal
        "Oh officer, you're going to arrest me? Please, just take a look in this box first..."

        Officer, sweating, gulping, "Is that what I think it is?"

        "That's right, and if this crate of mint condition, first edition gold-embossed Call of Cthulu sets were to disappear, I'm sure no one would mind too much, as these things tend to happen..."

      • by elrous0 ( 869638 ) *
        I'd rather fight to protect people FROM law enforcement, considering their track record of late.
    • You do not have to be a cop. Any employee of the Ministry of Truth will be allowed.
    • Do you HAVE to be a law officer, or can anyone sign up?

      I strongly suspect that you'll have to be a civil servant to go and train, but probably not an official law enforcement officer (LEO).

      The federal government currently does this kind of training at the Federal Law Enforcement Training Center (FLETC) [fletc.gov] in Glynco, Georgia. I was a federal employee working for an Office of Inspector General [wikipedia.org], and I went to FLETC for 2 weeks of digital forensics training [fletc.gov] in a classroom. I was NOT a sworn LEO (i.e. couldn't take oaths, arrest people, or serve subpoenas), just an

      • I was NOT a sworn LEO (i.e. couldn't take oaths, arrest people, or serve subpoenas)

        You can make a citizen's arrest if you witness a misdemeanor or have reason to believe that someone has committed a felony.

  • by Kenja ( 541830 ) on Tuesday March 13, 2007 @01:52PM (#18336627)
    Queue the banjo music.
  • J. Edgar [wikipedia.org] no doubt ;)
  • by 26199 ( 577806 ) * on Tuesday March 13, 2007 @01:57PM (#18336721) Homepage

    Figuring out what happened in a computer system months after the fact is not easy. Most programmers have more than enough trouble figuring out what exactly happened in their own programs thirty seconds ago.

    Still -- not to say it's a bad idea. You have to start somewhere...

    • Figuring out what happened in a computer system months after the fact is not easy.

      Particularly when the adversary is purposefully taking steps to obfuscate, overwrite, and otherwise render the previous system state unrecoverable.
    • Figuring out what happened in a computer system months after the fact is not easy.

      If only there were some sort of training program to teach people what to look for...
      • by 26199 ( 577806 ) *

        The problem being, there's too much detail needed to be 100% (or even 98%) accurate. They can only teach "If X then Y" when the reality is "If X and A then B, C then Y".

        I would hate for someone to get convicted for X when A, B, and C are missing.

  • I hope they go after spam, those stock spams are the worst.
  • More of the same (Score:4, Insightful)

    by HomelessInLaJolla ( 1026842 ) * <sab93badger@yahoo.com> on Tuesday March 13, 2007 @01:59PM (#18336777) Homepage Journal

    The Secret Service has tried to produce aids like their "Best practices for seizing electronic evidence", and the National Institute of Justice has published its guide to "Digital Evidence in the Courtroom", but the need for more advanced training has been obvious in numerous recent cases
    This will consist mostly of practicing the correct SOP for the using the forklift to cart out every single piece of computer equipment on the site. I sincerely doubt that they'll be teaching any discretionary tactics or give up their current practice of confiscating everything in sight.
    • Here's a question I've been wondering: What happens to your computer in each of the following cases?

      1) Siezed as evidence, found innocent of charges
      2) Siezed as evidence, found guilty of charges
      3) Siezed as evidence, found innocent of sex-related charges
      4) Siezed as evidence, found guilty of sex-related charges

      I mean, it's not a box of pot. They can't easily take the pot out and return the box to you. Are they mandated to format the hard drive first? What about my diablo 2 single-player char!?!?
      • I mean, it's not a box of pot. They can't easily take the pot out and return the box to you.

        You wouldn't get the box back anyway if they found illegal marijuana in it. The box would be evidence. You'd be unable to claim it after conviction because you'd be sitting in prison, and it would become unclaimed property and if it was nice it would go home with some cop.

        Your computer, you will probably get back, because they've been getting more and more heat if they do something bad to your PC... as long as you

        • You wouldn't get the box back anyway if they found illegal marijuana in it. The box would be evidence.

          That seems egregiously attractive for abuse, cop theft notwithstanding.

          Step 1) Find crime (any will do)
          Step 2) Involve object
          Step 3) Profit? (or at least deny person of object)
          • That seems egregiously attractive for abuse, cop theft notwithstanding.

            Dude, they've been seizing houses for years. Even rentals! Now that is seriously fucked up. Rent your house to a grower, whether you know it or not, and you can lose it. There's no collusion there. At least, not necessarily. So why should that even be possible?

            The whole system is a fraud. The entire system is about abuse: abuse of the American people in order to make money for a select few corporations.

            During the war it was HEMP FOR V

      • All seized evidence must be properly disposed of. If it's been used in criminal proceedings, usually the prosecutor dictates what happens to the evidence. Cops don't always take computers. Often just the hard drive will do. Of course, it requires a competent law enforcement officer to make that determination at the scene, and it obviously depends upon the case. Fraud case, might not take the machine. Hacker case, might take the machine. Child porn case, might take the machine. If seized as evidence and fo
        • by KC7JHO ( 919247 )
          Err. If I find evidence of a crime I am investigating on your hard drive it can NEVER be destroyed and must be locked in the case file in case of future appeals.
    • It sounds like they'll be teaching what to do with a hard disk image, which goes beyond just "use EnCase".

      Besides, you have to seize everything unless you've got some guarantee that there's no evidence concealed on a nerdstick, an iPod, or any of a kajillion things that store more data than a high end hard disk did fifteen years ago.
    • by Roane ( 1075393 )
      Confiscating everything that can store anything is a good start. It's also important to train forensics examiners on how to effectively testify on their findings. Striking a balance between language plain enough for a jury and precise enough to CYA from the defense is not an easy task.
  • ...if they will be training the staff on Helix [e-fense.com]. I'm not in the security industry myself, but that is one helluva handy LiveCD to keep around.

    Despite the backing of the DHS budget, they're gonna need every free piece of help they can get.
  • Huh? (Score:2, Insightful)

    by zappepcs ( 820751 )
    FTFS: " Set to open in mid-2008, the new National Computer Forensic Institute will be able to train over 900 law enforcement officers per year. 'It will initially be staffed by 18 Secret Service agents and will feature classrooms, a forensic laboratory, an evidence vault, and server rooms. "

    Holy fsck! A full year from now? In a year computers will have changed enough to cause this to falter badly from the start! It will take only one worm of the right design, one change to hard drive technology, one of any
    • Re: (Score:3, Insightful)

      Not to worry - this is brought to you by the Department of Homeland Security, whose charter is "spend all our budget on grants, ask for more next year", and whose primary product is press releases. Nothing to see here, move along.
      • That would be nice, but unfortunately, they seem to be finding ways to invade our privacy more. If I could shut down one dept of the Government, I would start with HS.
    • Theoretically the intervening time between then and now will be taken up designing a robust, in-depth curriculum and accompanying infrastructure that allows for the sort of flexibility needed to fight a "war" on the IT front. ...but why the Secret Service? This may just show my woefully inadequate knowledge of the US Government, but don't we have already have several Judicial branches designated to fight local, intra-state, and extra-country crime? I was under the impression that the primary duties of the
      • but why the Secret Service? This may just show my woefully inadequate knowledge of the US Government... I was under the impression that the primary duties of the Secret Service was the protection of high-ranking US officials and the prevention of counterfeiting US currency.

        I think you answered your own question.

        The Secret Service is one of the oldest (1865) and (by no coincidence) most technically sophisticated of federal law enforcement agencies.

      • its kind-of complicated but the basic flow is (for details see "the hacker crackdown" by bruce sterling) Secret Service is part of the treasury dept > Money > InterState Trade>
        Communications > computers involved in communications > profit !! (unless the FBI steals the show)
      • You're exactly right about the Secret Service. Keep going with that list. What is "currency" these days? Almost all the dollars in the world are computer records. Their anti-counterfeiting mission put them in the lead to deal with computer crime.

        Computer forensics has not changed beyond recognition in the last year, probably won't in the next year, and in any event a lot of investigations will on Windows 98 machines and others that are more than a year old. There will have to be continuing education classes
    • okay so what you do is build the walls (you know those CEMENT AND STEEL things) and the wiring the (10awg ,cat6, and fiberoptic stuff) and as you get closer to opening day you make sure that your actual face can handle the virtual face properly (worst case you have a BLACKBOX on call).
    • COputer will not change that much in a year.
      How much ahve they changed in the last year? in the last 3? not much, and a faster processor doesn't matter here.

      Of course, that's not the real issue, the real issue is determining how people use their computers.
  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Tuesday March 13, 2007 @02:10PM (#18336969)
    Comment removed based on user account deletion
  • The other side (Score:5, Insightful)

    by Target Drone ( 546651 ) on Tuesday March 13, 2007 @02:15PM (#18337037)

    The Secret Service says that it will help to bring judges and prosecutors up to speed as well.'"

    What about defense attorneys?

    • If you are innocent, you will not be convicted. Asking for a defense lawyer is an indication of guilt.
    • Re:The other side (Score:4, Insightful)

      by StewedSquirrel ( 574170 ) on Tuesday March 13, 2007 @02:21PM (#18337129)
      Damn good point.

      But since the prosecutorial state is interested in prosecuting and sentencing as many people as possible for as long as possible, they have no incentive to actually DEFEND people... I guarantee the tone of these classes is "how to get more convictions".... where it should be "how to better determine the truth".

      "How can we make an airtight case against the 15 year old who made a porno of his girlfriend?"

      mmmmhmmm
    • Good point. As a practical matter, this training will probably (hopefully) be available to anyone interested, particularly lawyers on both sides. Maybe the statement about prosecuting attorneys and judges was made just to show the public that the program will have value to them.

      (People being people, it is probably harder to stir up public support for programs designed to produce better criminal defense lawyers.)
    • Re: (Score:1, Insightful)

      by Anonymous Coward
      IAACFI (I am a computer forensic investigator).

      I was told that if I ever work for the defense in a criminal trial I will be banned from the main professional organization the HTCIA (High Tech Crime Investigation Association).

      I replied that doesn't make sense... in this country the accused are innocent until proven guilty, thus working for the defense is working for the innocent until proven otherwise. I said this rule and the attitude behind it assumes that everyone who has been accused is guilty. Doesn't i
  • by vinn01 ( 178295 ) on Tuesday March 13, 2007 @02:21PM (#18337131)

    Microsoft must be the biggest supporter of computer forensic investigators.

    Even since DOS 1.0, Microsoft operating systems never really erase a file. Now, they use cache, temp files, and the recycling bin to make lots of copies too. And that's only on the unerased portion of the hard drive. Chances are there are more copies on the erased data sectors.

    Most users who really want to erase a file from the file system have to erase about two or three copies (if they know where the copies are). Wiping a file only zaps the original, not the copies.

    Those investigators have it too easy.

    My wiping program is made by Craftsman Tools (claw or ball-peen configuration)
    • Re: (Score:3, Informative)

      by mandelbr0t ( 1015855 )

      My wiping program is made by Craftsman Tools (claw or ball-peen configuration)
      So violent! A powerful electromagnet should make any data recovered from the HDD suspect at best, and most likely non-existant. The electomagnet has the advantage of requiring only a single switch, and it can be flicked remotely.
      • From a previous discussion of 'securely erasing a HD' ISTR that 'powerful' is an understatement. You pretty much need an MRI scanner to be sure your data is dead. Consumer-grade magnets won't do.
    • And then the name of the file is in several places in the registry, and linked to from the \Recent directory.

      I've told clients that using Windows is like being stalked by paparazzi.
    • Really erasing a file takes a long time. The computer doesn't really erase memory either when it's freed up it just marks the space as free, it doesn't zero it (does on allocation though). There's no good reason to have an erase by default option, and many good ones not to. Hell, Vista even takes it a step further and uses your free space for old versions backups. No surprise, there's people who make big money (NetApp) selling things like that as a feature.

      If you want a secure deletion, well then install a
      • by vinn01 ( 178295 )
        "most people don't want to wipe their data out..."

        Are you aware that paper shredders are very common in a business setting. For the same reason, business users, very much do want to wipe their data out. Forever - with no copies or hidden backups.

        I can cite many cases (Google them yourself) of business data falling into the wrong hands because of the "undelete" or "unformat" commands that make "file > delete" in Windows a joke.
  • 'It will initially be staffed by 18 Secret Service agents and will feature classrooms, a forensic laboratory, an evidence vault, and server rooms.
    No water slide? Those republicans sure know how to "starve the beast"...
  • Computer forensics, and Alabama??

    Am I the only one here who got a laugh out of this?

    Redneck #1: (pokes computer with a stick) "dang, can't say ah evah seen one of dem der thangs b'for"

    Reneck #2: (spits out chewing tobacco) "Well, ah dunno wut dat der thang is, but I rekon we oughta be shootin' it bout now"

    Redneck #1: (opens beer from 6-pack holster on belt) "hmm, watchu say we take dis inta town here, and seeif summun'll know what it is?"

    Reneck #2: "boy.. are you kiddin? We's the smart ones in dis he

    • No, based on the other comments, you are not the only prejudiced person here.
      • you are not the only prejudiced person here.

        1) Well, you're definitely new in town, aren't you. Classical "you must be new here" bait.

        2) You need to ease up a little. Everybody knows they have six-pack holsters as standard accessories in Alabama, your trying to deny it is no good. Next thing you'll be saying they have a computer forsenics lab over there, or something.

  • quoth the grunt "me have baaad feeling about this".

    isnt it always these people who are supporting the RIAA/MPAA/BSA/etc in open memos to congress and various other bodies.

    I'd rather we "bring judges up to speed" by sending them to their local state u for a crash BA in computer science, where they will get "enough" of the theory they need to make judgments that are not incompetent, but without the bias from an organization which by its nature attracts inflexible authoritarians.
  • if (this_player()->query("made a mistake"))
    {
        if (criminal(this_player()))
            this_player()->retribution();
        if (oneofus(this_player()))
            this_player()->rehabilitation();
    }
  • We're all fucked. (Score:1, Informative)

    by Seumas ( 6865 )
    It is commonly known that the majority of police officers know absolutely nothing about civil liberties, right to privacy or any other constitutional or legal rights. This is why you are never supposed to argue with an officer. Their job is to arrest you when they think you're doing something wrong and let the law sort you out. This is also why they frequently infringe on a number of your rights. Either out of lack of concern or simple ignorance.

    Likewise, one should be incredibly frightened at the concept o
    • by Ogive17 ( 691899 )
      This really annoys me. You hear about a few bad cops in the news and suddenly the majority of police officers know absolutely nothing about civil liberties, right to privacy or any other constitutional or legal rights.

      My dad is a retired cop who now teaches academy classes on top of his new job. Granted we live in a somewhat rural county (2 cities of 25k, a few other smaller ones around), but he would actually get letters written to him praising his work and professionalism from people he gave a ticket
      • by Seumas ( 6865 )
        This isn't about your dad or television news. A cop's job is to arrest people. Their job isn't to be concerned with their civil liberties and they are not typically educated (as part of the job, at least) in civil liberties and privacy rights. This is why when your rights are violated, you just eat it and deal with it later via a lawyer.

        Your response is like saying that because one person is good at their job that everyone is. Further, whether people write your father letters about what a great job he does
        • by Ogive17 ( 691899 )
          So something that happened 15 years ago makes you claim that all cops NOW are ignorant?

          I said there are always a few bad cops, but to say the majority are clueless really irks me. We aren't living in the times of Andy Griffith, most cops have college degrees now. At least in my area, competition is high for any open positions on one of the forces.

          Sure what happened to you sucks, but you branded an entire segment of society based on one event. You wouldn't be too happy if I insulted what your dad did
      • by Seumas ( 6865 )

        And what worries me is you get modded insightful for contributing nothing useful. Best way to karma whore is blame the man! (or microsoft)

        Oh, and what worries me is that you might get modded insightful for contributing nothing useful. Best way to get people to coddle you or share your viewpoint is to say "my daddy is a cop" or "my mommy is a teacher" or "my brother is in the military". As if having a family member in any of those fields of employment somehow validates every statement you make regarding them and nullifies those of everyone else contradicting you.

  • by commisaro ( 1007549 ) on Tuesday March 13, 2007 @02:56PM (#18337579) Homepage
    But will this computers have the ubiquitous CSI "Picture Enhance" feature?
  • The following are requirements to get your BoCF (Bachelors of Computer Familiatrity)

    First Term: The Computer and You.

    - You will learn the basics of which components contain any data. Certain peripherals are not useful when seeking evidence. After this course; you will be able to identify the CPU during searches and also learn which components commonly have fingerprints on them.

    Second Term: Basic Computer Handling.

    - You will learn the basics of how to "unplug" (don't be scared, the class come

  • Right, because when I think of cutting edge technology I think of Alabama!
  • "There must be an on button somewhere? Did you press the apple thing?"

    ...

    "Did you find the files?"
    "I don't even know what they loo-- What do they look like?"
    "They're in the computer."
    "They're in the computer?"
    "Yeah, they're definitely in there. I don't know how he labled them."
    "I got it."
    "You gotta figure it out. We're running out of time. You gotta find them and meet me at the show."
    "Roger. In the computer. It's so simple."

    ...

    "We got 30 years of files right here in this computer that are gonna bring you down!"
    "Oh, no."
    "Down! (He smashes the computer) Where did all the files go?"

  • On the positive side, I'd rather have the FBI/Secret Service/etc. reading my e-mail than a private contractor who might also be my competitor on various contracts.

    On the negative side, law enforcement has a pretty bad case of tunnel vision when it comes to looking for crime. Store any p0rn on the server and they'll sniff it out like bloodhounds. Evidence that friends of the current administration might be moving assets illegally to Dubai. Sorry, we didn't notice that.

    • It comes down to social priorities.

      If someone wanks to something that disgusts other people, they better damn well watch out because politicians and prosecutors make a living prosecuting you. Most of you are average middle class sorts and don't stand a snowball's chance in hell.

      However, if someone launders hundreds of millions of dollars into overseas bank accounts, everyone secretly thinks "damn, I wish I was him, he's really lucky" and prosecutors think "crap, he can afford a dozen high priced lawyers.
  • The Secret Service is a very effective police agency, and they'll probably do a good job of it. On the other hand, the DHS runs the TSA and the immigration service and has an appalling civil rights record. I can only hope that the Secret Service prevails in the operations of the Institute.

    Links
    Secret Service press release [secretservice.gov] (PDF)
    DHS copy of press release [dhs.gov] (HTML)
  • This isn't really new... anyone that has read Sterlings' "Hacker Crackdown (http://www.mit.edu/hacker/hacker.html [mit.edu]) will know about FCIC and FLETC and their role in giving some structure to the 80's/early 90's law enforcement personnel (mostly Secret Service). Actually, I'll go slightly offtopic - and only slightly, since the chapter "Law and Order" goes directly to the topic at hand - and recommend taking an hour to read the mentioned book, *tremendous* insight on the relation between law, technology and c
  • I pity the fool who chose to work in computer forensics. 99% of standard law enforcement computer forensics is watching millions of images and movie clips of infants getting raped. Not my idea of a work environment suited for maintaining mental stability. If you wanna be a "anti-hacker superhero" then go work for the NSA. Outside NSA there really are only a few positions at the FBI, CIA and Secret Service that fits that description. Oh, and CTU Los Angeles.
    • Although if you think about it... if there weren't lots of people to whom this sounds like a dream job, they wouldn't need the institute in the first place. Gotta wonder about the sort of people who sign up.

Some people claim that the UNIX learning curve is steep, but at least you only have to climb it once.

Working...