Did you know that every document from every inkjet printer is embedded with tiny yellow dots — virtually invisible to the naked eye — that identify the serial number, make and model of that printer?
Did you know that I-PASS transponders enable the state to track (and log) vehicles not just at the toll booths but also at the thousands of other locations throughout each state, on all of the highways, on all the major roads within the cities, where they have set up a transponder reader?
Do you carry around a device that allows the government to track your location within a couple hundred feet? If you’ve got a mobile phone, the answer is yes, you do. And all of that location data is logged and stored by the phone-service providers. It’s also quite accessible, generally speaking, to law enforcement upon request — no “probable cause” or search warrant required.
“These are the fun things we bring up in the forensics class,” said Professor Glenn Mayer, who teaches the Introduction to Computer Forensics class at Elgin Community College. “So even though it’s a class targeted for forensics people, I’ve got graphic design majors, and all that, who are taking the class and having a good time with it, because they’re finding out about the technology they use every day and some of the things that go on that they may not be aware of.”
Take mobile phones, for example: “When a cell phone call comes in for you, it has to know where you are, it has to know which tower it has to transmit your call on,” Mayer said. “If you’re in the Chicago area, there’s ten thousand cell phone towers. As you travel from place to place, your phone talks to all the towers, saying ‘OK, I’ve moved, I’m over here now.’ That’s constantly going on. And it’s all logged.”
Such data can be an invaluable tool for law enforcement. Mayer gave this example showing how such data is used to solve crimes — say, a string of burglaries: “What they’ll do is, they’ll go to the cell providers and say, ‘We’d like to know which cell phones were on this tower from two to four o’clock on Thursday; we’d like to know which cell phones were on this tower from three to four in the morning on this day, [etcetera].’ And they take all those lists and they cross-reference them, and they can usually find one phone number that’s common. Now, if there’s only one number that pops up, that’s probable cause. They can go to a judge and get a search warrant.”
“Now, that’s not widely advertised,” Mayer said. “There are many things not widely advertised.”
But to all those would-be criminals, don’t think leaving your phone at home will keep the finger of suspicion from pointing toward you: “Leaving your cell phone at home, or turning your cell phone off, is considered a suspicious activity if you do not normally do that,” Mayer said. “Most people leave it on, day and night — when it’s charging at night, it’s on.”
The field of Computer Forensics is as old as the computer itself. But it wasn’t until the mid 1990s — when people began, in droves, to buy computers just to get onto the Internet — that the field really took off and became more or less mainstream. “Now when [authorities] are doing a criminal investigation, there’s more likely than not a computer involved,” Mayer said.
But mainstream public understanding of computer forensics seems to be lagging behind the technology. Although Computer Forensics is a relatively young art and science, it’s no different, really, from traditional forensics in its purpose: to examine evidence in meticulous detail to uncover clues that reveal the who-what-where-when-and-how of an event. If your computer gets captured, it will sing like a canary. Like the worst of accomplices, it will surrender a virtual treasure trove of sensitive and potentially incriminating data easily mined in a forensics lab. Including stuff you would have never even thought to hide.
Because you should know, there’s little that a computer forensics expert can’t uncover or recover, even when files are deleted or written over, or heavily encrypted and password-protected. Even in the toughest cases, it’s often just a matter of money and resources — which local authorities often lack (the Elgin Police Department hired its first full-time computer forensics expert just two months ago, Mayer said). But when a case is high-profile, or of great importance to investigators, hundreds of thousands of dollars, or even millions, may be spent on data recovery — they’ll even send the computer’s hard drive to Fort Meade (the headquarters of the National Security Agency) for analysis, if necessary.
Keep in mind, also, that Computer Forensics is not limited to just desktop or laptop computers. Mobile phones, PDAs, iPods, digital cameras, flash drives — they all work the same way, from a forensics perspective, and all the same principles apply. “You use the exact same tools to recover files,” Mayer said. And increasingly, mobile devices “are where the information is migrating towards.”
Which is why even Detective Keith Smith, the computer forensics expert for the Kane County Sheriff’s Office, wants to get his hands on an iPad: to get practice on how to do a forensics analysis on it, Mayer said. “At a couple of conferences coming up this summer, that’s the hot topic: forensics analysis of iPads.”
Keeping up with the explosion of new technology is one challenge for investigators. Another is the shortage of people trained in computer forensics.
That’s why the career prospects for those trained in the field are bright: “This has the real potential for being a good, solid career,” Mayer said. “You can work in law enforcement. You can work in the corporate arena. Large companies — Lucent, Motorola, GE Medical — those large companies employ computer forensics people who investigate cases of employees stealing, allegations of sexual harassment — you know, they have to go and do the analysis of all the emails and everything — or an employee misbehaving, surfing the internet when they’re supposed to be working, or running their home business from their office at work. All those things happen, and happen frequently, in the corporate world. Most large companies have, on staff, forensics people that can go in and find that stuff.” Also, opportunities abound in the legal field, where the electronic discovery of evidence (also known as “e-discovery”) is widely used in cases ranging from divorce to criminal matters to corporate litigation. And, “there’s great opportunity in the federal government.”
Because apparently, a shortage of trained experts threatens our national security as well. Forget nuclear bombs: In this post-Cold War era, security threats such as terrorism, espionage and even war are increasingly being waged via computers and over the Internet.
“I’ve talked to a couple of people from the National Security Agency at several conferences, and it was scary,” Mayer said. “As far as they’re concerned, we are currently engaged in a full-blown cyber war. China is launching attacks daily against our government and industry, and trying to get industrial and military secrets, trying to glean information about our critical infrastructure. So as far as [our government is] concerned, that is the real war, and that is where they are focusing their funds. I would not be surprised if the NSA’s budget greatly exceeds that of Los Alamos now.”
Clearly, a new generation of cyber warriors is needed. And computer experts like Mayer will be the ones training that new generation.
Still, Mayer has his worries: “I worry about computers just kind of depersonalizing everything,” Mayer said. “Everybody’s firing off these emails, and nobody’s got the time to really read through them, and they’re missing all kinds of contextual information, and everybody’s making important decisions based on them. Something is getting lost along the way.”
Hardly the statement you’d expect from a man who has built his entire 20-year career around computers, as both an educator and a computer programmer. But then, “[t]his is a man who, because he’s built his career around computers, feels a touch of guilt,” Mayer said. “That the world we’re in is partly the world I created.”
It’s a Braver Newer World he’s helped to found — no doubt about that. The only question is: Are you prepared? If not, you just may want to give that Introduction to Computer Forensics class some serious thought…
