August 11, 2004
Purdue, law enforcement probe digital world of computer forensics
WEST LAFAYETTE, Ind. Purdue University is teaming with law enforcement officers to improve investigation of the new generation of crimes, including computer-aided terrorism, espionage, bank and business fraud, and identity theft.
A collaboration with 20 law enforcement officers from throughout Indiana Wednesday-Friday (8/11-13) is part of a new, federally-sponsored program designed to set national standards for computer forensic education and certification. The goal is not only to increase the number of trained officers and educators, but also to ensure that the evidence found is admissible in court.
"This is a field that is not only vital to the security of our country, but also to protecting business and individuals from fraud and theft that has been made so much easier by technology advances," said Lonnie D. Bentley, head of Purdue's Department of Computer Technology. "Criminals are on the cutting edge of the new technology, and it is important for law enforcement and academia to do everything we can to catch up with them."
The FBI estimates that cybercrime costs businesses and the government more than $10 billion a year, with computer-aided identity theft costing an additional $1 billion each year. The FBI also estimates that more than 80 percent of computer crime goes unreported, often because business leaders think law enforcement agencies will lack the resources and know-how to effectively combat it.
"As technology improves, those numbers will continue to rise," Bentley said. "Beyond that, we have to keep ahead of domestic and foreign terrorists who would use computer technology to plan and carry out attacks."
Marcus K. Rogers, a Purdue associate professor of computer technology, said computer forensics refers to retrieving and analyzing evidence from computer systems, including both individual pieces of computer hardware, electronic data on the Internet, cellular telephones, personal digital assistants or digital cameras.
"If you think of the old days of investigation, your evidence might be in a filing cabinet, and you would have to search through each file and piece of paper," said Rogers, a former police officer in Canada. "Today those filing cabinets are filled with digital information, and its a very different process to sort through them. We have to totally change the way we think about collecting evidence; you can't interrogate a hard drive."
Law enforcement agencies and other agencies are increasingly partnering with universities to combat computer crime. Besides Purdue, the National White Collar Crime Center is partnering with several other universities including Florida State University, Northeastern University and Arizona State University.
While Purdue's focuses on education and certification, forensic software and hardware development and the development of standards and protocols for investigators, each of the other universities has been assigned a different mission. Other universities also among leaders in computer forensics are Carnegie Mellon University, Dartmouth College and the University of Central Florida, Bentley said.
Maj. Larry C. Turner, commander of the Indiana State Police Division of Criminal Investigation, said there is a void in law enforcement's ability to train officers to investigate the increasing amount of computer evidence. Most agencies only have a very limited number of personnel who are trained and specialize in this area, he said.
"In our investigations, we keep encountering more and more computer evidence, and our trained investigators keep getting more and more backed up," Turner said. "You must have people who are getting continual training and have the newest equipment to work with. Both of those things are incredibly expensive, and most agencies just don't have the resources."
Turner said the partnership with Purdue and the National White Collar Crime Center also enables the state police to turn to the university when investigators encounter a file or piece of equipment that they are not trained or equipped to handle.
Don Brackman, National White Crime Center deputy director, said the partnership is important because none of the three organizations are equipped handle every aspect of computer crime.
"Todays environment presents a kaleidoscope of cyber issues and prospective solutions that require a collaborative approach," Brackman said. "The partnership of Purdue University, Indiana State Police and the National White Collar Crime Center is a giant step forward in developing and maintaining training programs, sharing resources, expertise and technology to combat this growing problem."
Bentley said one of the reasons that Purdue is well-placed to become a leader in computer forensics is because of the university's Center for Education and Research in Information Assurance and Security, an internationally recognized leader in the field of computer and network security. He said the work that the center does to prevent crimes compliments the department's work to help solve crimes that do happen.
In addition to police, Rogers said, members of the judicial system are concerned about what computer forensics training should include. Currently, there are no agreed upon professional standards or certifications for the emerging field.
"We have been in a position where vendors selling analysis products have set the standards based on the technology they sell," Rogers said. "With no set standards, there is no way to guarantee that evidence collected will be admissible in court or will not be compromised while it is being collected.
Purdue's Department of Computer Technology also is focusing efforts on developing computer forensics curriculum for students at Purdue and across the country. The department already offers graduate classes in computer forensics and is planning to add undergraduate classes as well.
Research is another component of Purdue's computer forensic mission.
One research project will develop techniques for profiling behavior of offenders based on their computer-use habits.
"If we can develop profiles, then we can to determine whether Internet activity that appears threatening was undertaken by a terrorist or a teen-ager," Rogers said. "That will help us focus our energies on the most important cases."
In related research, Purdue will try to identify "digital fingerprints" for computer users.
"In many instances, more than one person has access to a computer," Rogers said. "If a computer is used by more than one user to commit a crime, it's important to be able to establish who entered information."
In addition to collaborating with and training the state police this month, Purdue also was host to a computer forensics workshop this summer for educators from universities throughout the country who are developing their own classes. The workshops were offered in conjunction with Purdue's Center for Education and Research in Information Assurance and Security.
Writer: Matt Holsapple, (765) 494-2073, firstname.lastname@example.org
Sources: Lonnie D. Bentley, (765) 494-4545, email@example.com
Marcus K. Rogers, (765) 494-2561, firstname.lastname@example.org
Maj. Larry Turner, (317) 232-4338, email@example.com
Don Brackman, (317) 933-3361, firstname.lastname@example.org
Purdue News Service: (765) 494-2096; email@example.com
PHOTO CAPTION 1:
A publication-quality photo is available at http://news.uns.purdue.edu/images/+2004/rogers-forensics2.jpg.
PHOTO CAPTION 2:
A publication-quality photo is available at http://news.uns.purdue.edu/images/+2004/rogers-forensics.jpg.