Engage

Twitter
Logo
Twitter
Logo
Twitter
Logo
Facebook
Logo
Twitter
Logo
Twitter
Logo
Twitter
Logo
Twitter
Logo
Twitter
Logo
Twitter
Logo
Facebook
Logo
Twitter
Logo
Twitter
Logo
Twitter
Logo
Facebook
Logo
Twitter
Logo
Facebook
Logo
Twitter
Logo
Facebook
Logo
Facebook
Logo
Facebook
Logo
Facebook
Logo
Facebook
Logo
Facebook
Logo
Facebook
Logo
Facebook
Logo
Facebook
Logo
Facebook
Logo
Facebook
Logo
Facebook
Logo
Facebook
Logo
Facebook
Logo
Facebook
Logo
Facebook
Logo
Facebook
2,120,830
Like Us
Twitter
451,236
Follow Us
YouTube Google+ Blog RSS Instagram

Clues in cyberspace catch criminals in the real world

LINTHICUM, Md. (AFNS) -- For many, cyberspace is a vast and intangible place. A land of green ones and zeros floating on a sea of black, where an e-mail originated in Switzerland can travel to a server in Mozambique within a matter of seconds.

In the ever-changing landscape of cyberspace, information can be hidden anywhere and information can be passed in a variety of ways. Criminals and terrorists can disguise themselves as friends and break into vital information systems and even the personal lives of anyone who ventures into the realm.

That's where the men and women of the Defense Cyber Crime Center Defense Computer Forensics Laboratory step in. Servicemembers and civilians here are trained to find the clues in cyberspace to solve crimes.

"DC3 is the national center of excellence for digital forensics, digital investigations (and) cyber crime investigations," said Jim Christy, the DC3 director of future exploration. "Almost every crime has a digital nexus. You have wrist watches that can store data, your cell phone. Just about everything you have in your life today in your office, your home or your car now collects a lot of data and captures it digitally. We need digital forensic examiners to be able to find what's relevant to an investigation forensically so it'll stand up in court."

DC3 comprises the Defense Industrial Base Collaborative Information Sharing Environment, Defense Cyber Crime Institute, Defense Cyber Investigations Training Academy, National Cyber Investigative Joint Task Force Analytical Group and Defense Computer Forensics Laboratory.

In 2010, analysts from DC3 have combed through almost 300 terabytes of information. That's 13 Libraries of Congress worth of information: more than 144,500,000 items including books, photos, audio CDs, pamphlets, newspapers, sheet music and more.

One recent triumph for the Air Force Office of Special Investigations and DC3 analysts was their involvement in an investigation that led to the trial and conviction of a spy for the Chinese government, Nashir Gowadia. He is now facing multiple life sentences.

Air Force officials and the DC3 team often work hand-in-hand on a variety of cases.

"The Air Force and (Department of Defense) are a microcosm of society," Mr. Christy said. "Unfortunately, we're going to have criminals in the Air Force and people outside the Air Force that victimize us. Whether it be a fraud case, espionage or terrorism. We (also) work with the aircraft mishap program to recover the digital video or audio tapes for the safety boards."

And when the proper technologies aren't available, DC3 teams create them.

Mr. Christy said, in 1991 he and his deputy at the time, were working on a case where they needed to retrieve some information from cut up floppy disks, but there was no process to do it at the time, so they created it.

Their innovation led to the suspect being convicted of homicide.

Just as in other forensic specialties, when a search warrant is executed cyber evidence must be handled carefully to maintain its integrity.

"The academy trains investigators . . . to maintain the integrity of that evidence," Mr. Christy said. "Then it will come here to the lab and it's processed. There's always a chain of custody, it's always under control. Unlike other forensic disciplines, we can clone evidence. We can make as many scientific clones as we need to work on. Then we do our forensic examination on that clone."

Analysts must ensure their findings follow a repeatable and sustainable process. To help with that, there are laboratory support staff members like Master Sgt. Monty St. John who works as the quality assurance chief.

"As the QA chief I have a couple different roles. My primary one is for the laboratory," Sergeant St. John said. "As our analysts and forensic scientists work through a case and they finish it, the last step before we send it to our customer is to make sure that everything is in order and also that we've met with everything they've requested. Additionally, I look at it to make sure that what we're giving them complies with the policies that we've put together both from DC3 and Air Force wise. Of course what the court requires is very important as well, so we want to make sure we meet their requirements as well."

Teams at DC3 also handle a more tangible side of cyber crimes. Agents at the center received a computer hard drive that had been thrown into the Potomac River and lay in there in the murky water for months before it was recovered. The credulous suspect thought the information on the computer would not be retrievable from the water-logged machine. But the experts at DC3, after months of gently removing debris using an alcohol bath and sonic vibration machine, are almost ready to be put the drive into a new machine to retrieve the information.

But the mission of the team at DC3 is not to prove people guilty. It's to unveil the truth.

"What we do is more than looking for the 'bad guy', to coin a term," Sergeant St. John said. "We're also trying to make sure that the people that we're looking at, there's not a chance that we can exonerate them, that they're actually innocent of everything that's being put against them as a charge. We scrutinize to a very detailed level that that's actually the case. So if there's an allegation against someone, we make sure there's evidence to back that up."
USAF Comments Policy
If you wish to comment, use the text box below. AF reserves the right to modify this policy at any time.

This is a moderated forum. That means all comments will be reviewed before posting. In addition, we expect that participants will treat each other, as well as our agency and our employees, with respect. We will not post comments that contain abusive or vulgar language, spam, hate speech, personal attacks, violate EEO policy, are offensive to other or similar content. We will not post comments that are spam, are clearly "off topic", promote services or products, infringe copyright protected material, or contain any links that don't contribute to the discussion. Comments that make unsupported accusations will also not be posted. The AF and the AF alone will make a determination as to which comments will be posted. Any references to commercial entities, products, services, or other non-governmental organizations or individuals that remain on the site are provided solely for the information of individuals using this page. These references are not intended to reflect the opinion of the AF, DoD, the United States, or its officers or employees concerning the significance, priority, or importance to be given the referenced entity, product, service, or organization. Such references are not an official or personal endorsement of any product, person, or service, and may not be quoted or reproduced for the purpose of stating or implying AF endorsement or approval of any product, person, or service.

Any comments that report criminal activity including: suicidal behaviour or sexual assault will be reported to appropriate authorities including OSI. This forum is not:

  • This forum is not to be used to report criminal activity. If you have information for law enforcement, please contact OSI or your local police agency.
  • Do not submit unsolicited proposals, or other business ideas or inquiries to this forum. This site is not to be used for contracting or commercial business.
  • This forum may not be used for the submission of any claim, demand, informal or formal complaint, or any other form of legal and/or administrative notice or process, or for the exhaustion of any legal and/or administrative remedy.

AF does not guarantee or warrant that any information posted by individuals on this forum is correct, and disclaims any liability for any loss or damage resulting from reliance on any such information. AF may not be able to verify, does not warrant or guarantee, and assumes no liability for anything posted on this website by any other person. AF does not endorse, support or otherwise promote any private or commercial entity or the information, products or services contained on those websites that may be reached through links on our website.

Members of the media are asked to send questions to the public affairs through their normal channels and to refrain from submitting questions here as comments. Reporter questions will not be posted. We recognize that the Web is a 24/7 medium, and your comments are welcome at any time. However, given the need to manage federal resources, moderating and posting of comments will occur during regular business hours Monday through Friday. Comments submitted after hours or on weekends will be read and posted as early as possible; in most cases, this means the next business day.

For the benefit of robust discussion, we ask that comments remain "on-topic." This means that comments will be posted only as it relates to the topic that is being discussed within the blog post. The views expressed on the site by non-federal commentators do not necessarily reflect the official views of the AF or the Federal Government.

To protect your own privacy and the privacy of others, please do not include personally identifiable information, such as name, Social Security number, DoD ID number, OSI Case number, phone numbers or email addresses in the body of your comment. If you do voluntarily include personally identifiable information in your comment, such as your name, that comment may or may not be posted on the page. If your comment is posted, your name will not be redacted or removed. In no circumstances will comments be posted that contain Social Security numbers, DoD ID numbers, OSI case numbers, addresses, email address or phone numbers. The default for the posting of comments is "anonymous", but if you opt not to, any information, including your login name, may be displayed on our site.

Thank you for taking the time to read this comment policy. We encourage your participation in our discussion and look forward to an active exchange of ideas.
comments powered by Disqus