FBI Struggles to Pull Criminal Data from Digital Devices
Non-traditional communications devices such as smartphones and game consoles pose a particular problem to law enforcement agencies trying to milk them for forensic data that reveals criminal activity, attendees were told at the 2010 Computer Forensics Show in New York City.
"Forensic tools for cell phones are in their infancy," says Stephen Riley, a forensic examiner with the FBI's Computer Analysis and Response Team. "There's lots of different carriers, different phones, different cables – just try to keep up."Smartphones can communicate via SMS, MMS, mobile e-mail, mobile internet access, VoIP and traditional cellular voice networks, Riley says, making each machine a potential treasure trove of information but also a nightmare maze of possible proprietary technologies to unlock it.
Retrieving SMS messages can depend on the model of phone, the carrier, the time of day, even the country in which the phone is used. SIM cards removed from phones carry potentially useful forensic information, but unless it is associated with a particular phone's PIN, it's inaccessible. Perhaps the personal unlock feature controlled by phone manufacturers could release the data, but that requires knowing the make and model of the phone, he says.
The ready availability of cell phones is also a problem. Searches of suspects' residences can turn up drawers-full of cell phones that are no longer used but never thrown out. Yet they can demand valuable forensic time.
Game consoles pose a separate problem. They can be used to send e-mail and connect to the Internet but have very little internal memory so whatever is on the drive can be quickly over written and therefore gone forever, he says. "You can take a Wii onto the Internet and it doesn't save sites or browser history," he says. "If you type in a Web address and surf, 10 minutes later there's no record of it."
That means users can send Web-based e-mail and leave no trace. "This is a problem," Riley says.
Meanwhile, the FBI continues to seek help from the private sector to protect critical infrastructure, hoping that IT professionals can act as eyes and ears to detect the activities of terrorists before they can carry out their plans.
Infragard, the FBI-business/academia alliance to protect U.S. infrastructure from terrorists, sought this help at the 2010 Computer Forensics Show where professionals and students who are likely to have an interest in law enforcement came for seminars gathering evidence for legal cases.
"It's all about critical infrastructure," says Joe Concannon, president and CEO of New York Metro Infragard, one of 56 chapters around the U.S. that have a total membership of about 36,000.
The value to the FBI is that it gets information from individuals that may point to criminal activity that might otherwise go undetected or go undetected until it's too late, he says.
The FBI doesn't report back about what comes of the information the individuals share, says FBI Special Agent Jim Capozzi, who is assigned full-time to promote the program to business groups, building owners' associations, cultural centers and universities, among others. But those who participate in Infragard get the satisfaction of knowing they help.
He says the New York City FBI bureau has 1,100 staffers enforcing 400 different violations, plus seeking terrorists. "How can we protect it unless we have people going along with us?" he says. "If you see something we should know we can be proactive."
Concannon says the New York area Infragard chapter offers educational seminars online during weekly podcasts.
Read more about wide area network in Network World's Wide Area Network section.