FORT WAYNE ? They work inside a dark, cool and windowless room buried in the middle of Fort Wayne police headquarters.
Self-proclaimed lab rats, the detectives work over the soft whir produced by the five work stations within the computer forensic lab.
The department?s computer forensic unit works to uncover evidence from all types of electronic storage devices ? cellphones, computers, digital recorders and flash drives.
The investigators often undergo thousands of hours of training throughout their careers to help solve a growing number of cases in which electronic devices hold clues. Their workload continues to increase as computers and cellphones become more prevalent.
It was inside this lab that investigators uncovered documents and photos from a partly deleted flash drive ? evidence that helped a jury recently find Michael McClellan guilty of two felony counts of stalking an ex-girlfriend.
Police inspected 62 computers and 71 cellphones in 2010, according to the department?s 2010 annual report, which is the most recent data available.
The number of devices inspected is expected to go up.
Throughout the course of a homicide investigation, police will inspect between two and six cellphones on average, Detective Sgt. Doug Guiler said.
There were 24 homicides in 2011 and, based on Guiler?s estimate, there could be between 48 and 144 cellphones inspected just for homicides.
The department?s computer forensic unit is made up of three full-time detectives and a couple of part-time investigators.
?It takes time?
Detective Gary Morales made a bit-by-bit copy ? or exact replica ? of McClellan?s flash drive during the investigation. Morales has been a forensic investigator with the Fort Wayne Police Department for more than 10 years and created the department?s computer forensic lab.
In the McClellan case, he used the copied version of a flash drive to uncover information from Hushmail accounts ? a service that allows people to send untraceable emails, according to court testimony.
Morales also found an email-tracking program that was attached to many of the emails that were sent to the woman McClellan was stalking and pictures that were in her personal email account only.
?I think the biggest myth people don?t realize is that when they delete files, they aren?t really deleted and there are fragments left behind,? Morales said.
If, during the course of the investigation, a detective feels it necessary to examine a cellphone, computer or other device, that detective will ask a member of the team ? Morales, Guiler or Detective Joel Slygh ? to do so.
On a table inside the lab there are confiscated computer towers with the paneling off and hard drives ready to be removed. Forensic investigators pull the drives, make a copy and then inspect that copy for the evidence they?re seeking.
The investigator won?t turn on the suspect?s computer, because every time a computer is turned on it records the process to its hard drive, thus altering its contents. It?s necessary for investigators to be able to testify in court that they didn?t change the contents of the original hard drive, Guiler said.
Investigators will then use forensic software and equipment to examine the copy for information stored on it, which can be as varied as photos and a drug dealer?s client list.
Criminals will often change the file designation to try to fool police. For example, someone storing child pornography could change the file names from ending in .jpg, a common photo extension, to .txt, a text format, hoping investigators search only for the former.
If police investigate a child pornography case in which a suspect has eight external hard drives full of data, the computer forensic investigators must go through each drive bit-by-bit to ensure they don?t miss anything.
?We don?t solve crimes within the hour,? Morales said. ?It takes time. It may take weeks depending on the volume of evidence.?
More space coming
In 1998, Morales created the department?s first computer evidence seizure policy. That policy now instructs officers how to handle cellphones and other electronic devices that store data.
For example, he teaches fellow officers how to secure a cellphone.
?It?s placed in special bags that eliminate the ability of the phone to communicate with the network so (officers) can get it back here and we can examine it in the condition that it was collected,? Morales said.
The computer forensic lab will almost double in size when the police department moves into the City-County Building this month.
Police Chief Rusty York said the added space was imperative and an increased workload was considered to allow the unit to grow, as needed, over time.
York said 20 years ago officers would just attend the police academy and that was the only official training they received.
?We?re more focused on continued training and certainly with computer forensics, that evolves all the time,? he said. ?The training for computer forensics is pretty intense.?
Morales has spent nearly 1,000 hours in more than 30 training courses to become the lead detective in the computer forensics unit.
?We are embracing these rapid technology changes as a positive thing rather than seeing it as an obstacle to solving crime,? he said in a statement to The Journal Gazette. ?We?re seeing it as an opportunity to develop new ways of gathering electronic evidence to solve traditional crime.?
The unit?s members call themselves lab rats, and it?s not hard to see why.
They?re the only ones allowed in the lab, which has gym flooring, a high ceiling and no windows. Every inch of wall is covered with computers, and there is a raised counter in the middle of the lab that has a computer labeled ?Biohazard? and has a sign that reads ?Do Not Touch.?
But Morales, who was the only forensic investigator in the unit for a long time, said he wouldn?t have it any other way.
?I like the challenge of trying to come up with new methods of obtaining evidence from electronic storage,? he said.
dadams@jg.net
Source: http://www.journalgazette.net/article/20120304/LOCAL07/303049917/-1/LOCAL11
no child left behind no child left behind neurofibromatosis steve jobs fbi file suge knight obama birth control mortgage settlement
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.