seal  Purdue News
____

 

VIDEO

AUDIO

Related Info

August 11, 2004

Purdue, Indiana law enforcement probe digital world of computer forensics

WEST LAFAYETTE, Ind. – Purdue University is teaming with law enforcement officers to improve investigation of the new generation of crimes, including computer-aided terrorism, espionage, bank and business fraud, and identity theft.

Indiana State Police officers
Jennifer Barnes, Dave Lloyd

Download photo
caption below

A collaboration with 20 law enforcement officers from throughout Indiana Wednesday-Friday (8/11-13) is part of a new, federally-sponsored program designed to set national standards for computer forensic education and certification. The goal is not only to increase the number of trained officers and educators, but also to ensure that the evidence found is admissible in court.

"This is a field that is not only vital to the security of our country, but also to protecting business and individuals from fraud and theft that has been made so much easier by technology advances," said Lonnie D. Bentley, head of Purdue's Department of Computer Technology. "Criminals are on the cutting edge of the new technology, and it is important for law enforcement and academia to do everything we can to catch up with them."

Marcus Rogers teaches computer forensics techniques
Download photo
caption below

The FBI estimates that cybercrime costs businesses and the government more than $10 billion a year, with computer-aided identity theft costing an additional $1 billion each year. The FBI also estimates that more than 80 percent of computer crime goes unreported, often because business leaders think law enforcement agencies will lack the resources and know-how to effectively combat it.

"As technology improves, those numbers will continue to rise," Bentley said. "Beyond that, we have to keep ahead of domestic and foreign terrorists who would use computer technology to plan and carry out attacks."

Marcus K. Rogers, a Purdue associate professor of computer technology, said computer forensics refers to retrieving and analyzing evidence from computer systems, including both individual pieces of computer hardware, electronic data on the Internet, cellular telephones, personal digital assistants or digital cameras.

"If you think of the old days of investigation, your evidence might be in a filing cabinet, and you would have to search through each file and piece of paper," said Rogers, a former police officer in Canada. "Today those filing cabinets are filled with digital information, and it’s a very different process to sort through them. We have to totally change the way we think about collecting evidence; you can't interrogate a hard drive."

This month's training session is sponsored by Purdue along with 20 partners, including the National Institute of Justice, the National White Collar Crime Center and the Indiana State Police.

Police officers participating are from the following Indiana law enforcement agencies: Indiana State Police officers from posts in Indianapolis, Evansville, Muncie, New Albany and Bloomington, Indiana Department of Natural Resources, Grant County Sheriff's Department, Indiana Attorney General's Office, Vanderburgh County Sheriff's Department, Muncie Police Department, Mitchell Police Department, and the Purdue University Police Department.

Maj. Larry C. Turner, commander of the Indiana State Police Division of Criminal Investigation, said there is a void in law enforcement's ability to train officers to investigate the increasing amount of computer evidence. Most agencies only have a very limited number of personnel who are trained and specialize in this area, he said.

"In our investigations, we keep encountering more and more computer evidence, and our trained investigators keep getting more and more backed up," Turner said. "You must have people who are getting continual training and have the newest equipment to work with. Both of those things are incredibly expensive, and most agencies just don't have the resources."

Turner said that besides crimes such as identity theft and embezzlement, where the computer is used to commit the crime, computer forensics can also play an important role in solving more traditional, physical crimes, such as assault, harassment and homicide.

"If someone sends an e-mail, if he visits a Web site, if he talks about a crime in an instant message to a friend, all of that can be traced," he said. "All of that computer activity leaves a trail that can help us build a case."

Turner said the partnership with Purdue and the National White Collar Crime Center also expands the state police's ability to turn to the university when investigators encounter a file or piece of equipment that they are not trained or equipped to handle.

Don Brackman, National White Crime Center deputy director, said the partnership is important because none of the three organizations are equipped handle every aspect of computer crime.

"Today’s environment presents a kaleidoscope of cyber issues and prospective solutions that require a collaborative approach," Brackman said. "The partnership of Purdue University, Indiana State Police and the National White Collar Crime Center is a giant step forward in developing and maintaining training programs, sharing resources, expertise and technology to combat this growing problem."

Rogers said this month's training will focus on providing first responder police officers with the training to deal with an initial examination of computer evidence at a crime scene. James E. Goldman, a professor of computer technology, and Scott L. Ksander, a senior inforensics analyst and engineer, will also teach the seminars.

"These are the officers who would be the first to investigate and secure a crime scene, or would execute a search warrant," Rogers said. "No one would ever step in a puddle of blood if they were trying to preserve evidence, but this is essentially what could happen if someone tries to work with computer evidence without the proper training. Something as simple as moving a mouse can corrupt the evidence."

Rogers said proper training can also help a police officer to serve a search warrant on computer data without inadvertently infringing upon someone's civil rights, making the evidence inadmissible in court.

In addition to police, Rogers said, members of the judicial system are concerned about what computer forensics training should include. Currently, there are no agreed upon professional standards or certifications for the emerging field.

"We have been in a position where vendors selling analysis products have set the standards based on the technology they sell," Rogers said. "With no set standards, there is no way to guarantee that evidence collected will be admissible in court or will not be compromised while it is being collected.

Purdue's Department of Computer Technology also is focusing efforts on developing computer forensics curriculum for students at Purdue and across the country. The department already offers graduate classes in computer forensics and is planning to add undergraduate classes as well.

Research is another component of Purdue's computer forensics mission.

One research project will develop techniques for profiling behavior of offenders based on their computer-use habits.

"If we can develop profiles, then we can to determine whether Internet activity that appears threatening was undertaken by a terrorist or a teen-ager," Rogers said. "That will help us focus our energies on the most important cases."

In related research, Purdue will try to identify "digital fingerprints" for computer users.

"In many instances, more than one person has access to a computer," Rogers said. "If a computer is used by more than one user to commit a crime, it's important to be able to establish who entered information."

In addition to collaborating with and training the state police this month, Purdue also was host to a computer forensics workshop this summer for educators from universities throughout the country who are developing their own classes. The workshops were offered in conjunction with Purdue's Center for Education and Research in Information Assurance and Security, a Purdue-based, internationally recognized leader in the field of computer and network security.

Writer: Matt Holsapple, (765) 494-2073, mholsapple@purdue.edu

Sources: Lonnie D. Bentley, (765) 494-4545, ldbentley@purdue.edu

Marcus K. Rogers, (765) 494-2561, rogersmk@purdue.edu

Maj. Larry Turner, (317) 232-4338, lturner@isp.state.in.us

Don Brackman, (317) 933-3361, dbrackman@nw3c.org

Purdue News Service: (765) 494-2096; purduenews@purdue.edu

PHOTO CAPTION 1:
Jennifer Barnes and Dave Lloyd, both Indianapolis-based officers with the Indiana State Police, use computer forensics software during a training session at Purdue University. At the training, about 20 officers from law enforcement agencies around the state worked with Purdue instructors to learn to use software and hardware designed to gather and preserve evidence. (Purdue News Service photo/Mark Simons)

A publication-quality photo is available at http://news.uns.purdue.edu/images/+2004/rogers-forensics2.jpg.

PHOTO CAPTION 2:
Computer technology Professor Marcus Rogers (standing) teaches computer forensics techniques to Isaac Ghansah (clockwise from Rogers), professor of computer science and engineering, California State University, Sacramento; Chen-chi Shing, associate professor of computer science at Radford University; Mario Garcia, assistant professor of computer science at Texas A&M University-Corpus Christi; and Qing Yuan, associate professor of computer science, East Tennessee State University. The techniques are similar to the ones law enforcement officers will learn at a computer forensics training session on Aug. 11-13 at Purdue, the latest step in Purdue's efforts to advance the growing field. (Purdue News Service photo/David Umberger)

A publication-quality photo is available at http://news.uns.purdue.edu/images/+2004/rogers-forensics.jpg.


* To the Purdue News and Photos Page