October 3, 2007

Purdue's on-scene forensics model helps Indiana State Police win international award

The Indiana State Police will receive the 2007 International Association of Chiefs of Police-iXP Excellence in Technology Award during the organization's annual meeting Oct. 14 in New Orleans.

The award, open to all law enforcement agencies around the world, recognizes achievement and innovation in information technology.

The award is in the Response to Computer-Related Crime category, and Indiana State Police was recognized for its On-Scene Computer Forensics Triage. The agency is being honored for implementing this model, as well as its collaboration with the academic world for its participation in training offered at Purdue.

The model was developed by three faculty members in the Department of Computer and Information Technology: Marcus Rogers, Rick Mislan and James Goldman, along with Steve Debrota of the U.S. Attorney's Office for Southern Indiana and Timothy Wedge of the National White Collar Crime Center. Wedge also is a visiting professor at Purdue.

The computer forensics field triage process model allows investigators to accompany officers to a crime scene and find digital evidence immediately from computers, cell phones and small digital devices, e-mail, instant messaging logs, and Internet activity records. At the scene, investigators use mobile equipment the size of a suitcase, existing software and a software program developed at Purdue called Filehound, which makes it possible to mine specific digital information.

Rogers said discovering and evaluating this information quickly is vital in a variety of situations where minutes count, including kidnappings, abductions and missing persons cases.

"Our model is time-sensitive, allowing investigators to seize equipment and immediately examine and extract information from it," he said. "It's vital that this information be accessed in minutes or hours, not the days or weeks or months it takes to send equipment to a lab to be evaluated. There's no question that lives have been saved by our model."

Rogers said since the model was developed in conjunction with the U.S. Attorney's Office, its was created in a manner that makes it possible for investigators to do their work without tampering with the evidence, so there are no problems with legality.

The equipment used in the triage process allows digital information to be stored so it can be transported back to a lab for more extensive examination.

Lt. Chuck Cohen, commander of the special investigations and criminal intelligence sections of the Indiana State Police, said about 15 of the agency's officers have undergone forensics triage training at Purdue. The state police also has an RV equipped with special computer equipment that an investigator can take to a scene to perform quick, in-depth analysis of digital information.

The RV will be on display at 10 a.m. Wednesday (Oct. 3) at the Indiana State Police Post at 8500 E. 21st St., Indianapolis. Investigators with the Indiana State Police Computer Forensics Field Triage Unit and Purdue will utilize the mobile forensics laboratory to conduct an "on-scene" computer forensic investigation.

"What Purdue has developed has been invaluable to us," Cohen said. "We've use this model several times a week in all types of crimes, including missing persons, kidnappings and property crimes. It enables us to get the information we need fast and in a forensically sound manner."

One common application is in missing child cases, where officers can quickly examine where a child has been on the Internet to reveal any clues about who they may have talked to or if any online maps were accessed, leading to clues on their whereabouts.

Rogers said about 100 investigators around the country have been trained at Purdue in how to use the triage model. He said the National White Collar Crime Center is using the model in its training, and federal agencies may be considering implementing it in the future.

Rogers and other members of the Cyber Forensics Lab at Purdue are contacted several times a week by police agencies from the local to the international level for advice on conducting cyberforensic investigations and for the researchers' expertise in digital small-scale devices.

The award is sponsored by iXP, a company that helps public safety and security organizations solve emergency response problems.

Writer: Kim Medaris, (765) 494-6998, kmedaris@purdue.edu

Sources: Marc Rogers, (765) 494-2561, rogersmk@purdue.edu

Chuck Cohen, (317) 232-8309, ccohen@isp.in.gov

Purdue News Service: (765) 494-2096; purduenews@purdue.edu

To the News Service home page