Presented by
Heidi Estrada
Special Agent
Federal Bureau of Investigation
Austin Resident Agency
San Antonio Division

 RCFL (Regional Computer Forensic Lab)

The FBI’s Cyber Investigations
 New Legislation: Cyber Stalking




One-stop, full service forensics laboratory
Training center - to train all LEO
Devoted to the examination of digital evidence in support of criminal investigations www.rcfl.gov

 Law signed June 2003
 Physical evidence not admissible unless lab or other entity accredited
 If not accredited, need to retain sample of physical evidence
 After Sept. 2005 labs required to be accredited

 LEO and Private Entity personnel can submit electronic evidence to the RCFL to be examined
Or
 A law enforcement agency can join the RCFL:


Send an officer to become a computer forensic examiner
RCFL pays for training, equipment, space for that examiner

 Provided to any law enforcement personnel free of charge
 Use the RCFL classrooms
 For class schedule, descriptions and registration: www.ghrcfl.org
 Sign up online
 Forensic classes
 Bag & Tag class / Image Scan class

 Terrorism
 Homicide
 National Security
 Violent Crimes
 Child Pornography
 Theft or destruction of Intellectual Property
 Fraud

 Laboratory - examination of digital evidence
 Technical - advice on preparing search warrants
(digital), seizure of digital evidence, techniques for handling digital evidence
 Training - Free technical training for both forensic examiners and non-forensic LEO personnel (investigators)
 On-Site - RCFL examiners can deploy to locations to execute search warrants on site




Submit only digital evidence

Computers, hard drives, CDs, floppies, USB drives, cameras, telephones
 Separate these items from other evidence (paper documents, objects) - store in your own property room
Search warrant or signed consent to search form must be with the evidence
RCFL examiner can also go to a location and make a forensic/digital copy on site (so you do not have to take the owner’s computer)

 Services - Provided digital data processing for state, local and federal government agencies
 Program Growth - Total RCFLs grew to 9.
Available to more than 3500 law enforcement agencies in 11 states
 National Recognition - Harvard
University’s 2005 Innovations in American
Government

 Training -
 Digital Forensic tools & techniques
 Investigator tools & techniques
 Support to Major Investigations
 Increased Number of Participating
Agencies
 90 total participating agencies
 13 state agencies
 54 local agencies
 23 non-FBI federal agencies

 Cell Phone Forensic Exams
 Audio/Video Forensic Exams
 Computer Exams (Windows, Unix, Mac)
 Digital Media Exams (USB drives, flash memory, CDs, DVDs, etc…)
 Digital Camera Exams

 Created by San Diego RCFL
 Allows non-FBI RCFL Forensic Examiners to finish their tenure at an RCFL, then return to their parent agency and maintain their certification and skills
 Being implemented nationwide during
FY06

 Purpose: for investigators to use the FBI’s
Review Net system to review forensic exam results
 Review Net: a tool which allows investigators to review the forensic results of an exam via the
FBI’s Intranet
 CAIR: one-day training course, hands-on, comes with a “refresher CD” so students can refer to it after the course is finished




FBI provides:
 Funding, training, laboratory facility
RCFL Director:
 Manages the day-to-day operations. The Director is a management level individual from an RCFL member agency (state, local, federal).
Member supervision:

Remains with the officers’ or agents’ “home agency” for non-RCFL matters
 Laboratory procedures outlined by the RCFL Program
Office, FBIHQ, Laboratory Division

 Expanding the RCFL program: service area growing from 11 to 16 states during FY06 (with a total of 11 RCFLs)
 Implementing Review Net:

Currently, only people with access to the FBI’s
Intranet can access Review Net.
 Soon, RCFL participating members from non-FBI agencies will also access it within an RCFL.
 Eventually, participating members from non-FBI agencies will access it from their own office space

 ASCLD/LAB Accreditation - At least four
RCFL’s are expected to submit their accreditation applications during FY06
 Adding RCFL Personnel - Increased digital processing caseloads mean more RCFL examiners are needed nationwide

 Participating agencies and their personnel receive:
 7 weeks of forensic examiner training
 Exposure to the most technologically advanced computer equipment available
 Broad experience in a variety of digital forensics cases
 A stake in the management of the RCFL.

A+
Certification
Training (2 weeks)
Commercial
Vendor
 Training culminates in taking nationally recognized A+ certification test
Basic Data
Recovery Analysis
(BDRA)
(1 week)
Net+
Certification
Training
(1 week)
FBI Boot Camp
(2 weeks)
National White
Collar Crime
Center
 Training culminates in end-of-course test
Commercial
Vendor
 Training culminates in taking nationally recognized Net+ certification test
Moot Court
(1week)
FBI
 Following the course, examiners
 Defense attorneys query participants conduct on their competency examination examination on results test hard drive and send results
 Oral presentation to training test coordinator
Examiners must also conduct five searches and five exams under the supervision of an FBI-certified forensic examiner
To maintain certification :
 Complete one advanced FBI-sponsored class per year
 Complete two additional outside classes per year
 Pass yearly proficiency test

 North TX RCFL
(Dallas)
 Dallas PD
 FBI - Dallas Division
 Garland PD
 Grand Prairie PD
 Plano PD
 Richardson PD
 TX AG
 US Attorney - NDTX
 Greater Houston
RCFL
 FBI - Houston
 Harris County - Pct 4
Constable’s Office
 Harris County - Pct 5
Constable’s Office
 Harris County SO
 Houston PD
 Pasadena PD
 Tomball PD

 North TX RCFL
(Dallas)
 Chicago RCFL
 Heart of America
RCFL (Kansas City)
 New Jersey RCFL
 Silicon Valley RCFL
 Greater Houston
RCFL
 Intermountain West
RCFL (Salt Lake City,
Utah)
 Northwest RCFL
(Portland, OR)
 San Diego RCFL

 Rocky Mountain RCFL - Denver, CO
 Miami Valley RCFL - Dayton, OH
 Philadelphia RCFL - Philadelphia, PA
 Western New York RCFL - Buffalo, NY

 Training Portal - course descriptions, schedule, registration
 National Program - employment opportunities, accreditation, locations
 Virtual Newsroom - Annual Report,
Resource Kit, speeches, statements

Dennis Williams, Director
Greater Houston RCFL
713-316-7878 www.rcfl.gov

Block 2 begins
10:00 am
The FBI’s Cyber Investigations
New Legislation: Cyber Stalking

Types of Cyber Crimes the FBI investigates
 Counterterrorism Intrusions
 Counterintelligence Intrusions
 Crimes Against Children / Exploitation
 Intellectual Property Rights Violations
 Identity Theft / Fraud

Is the computer a target ?
Intrusions
Or…. is the computer a tool ?
Computer Facilitated Crime/
Internet Fraud

 Intrusion
 Motive:
 To impair, damage, alter the computer system
 To steal valuable data (credit card #s, SSANs)
 Can evolve into other substantive violations
 An intrusion into a bank for the purpose of stealing $$$
 An intrusion into a business or university database for the purpose of stealing SSANs

 A convenient way to commit a host of crimes
 Examples include:
 bank fraud
 phishing
 credit card fraud
 child pornography
 identity theft
 theft of intellectual property

 Student
 Employee
 Adolescent
 Parent
 Competitor
 Foreign government

 47 United States Code 223 telecommunications harassment statute
 Amended January 5, 2006
 Section 113 of the Violence Against
Women Act - addition to 47 USC 223

 Prohibits anyone from using a telephone or telecommunications device without disclosing his identity and with intent to annoy, abuse, threaten, or harass any person
 Penalties: Up to 2 years imprisonment or fines



The new law is intended to curb free speech
Has a “chilling effect” on First Amendment rights
 ACLU: subjective nature of the word
“annoy” means law too vague, thus unconstitutional

 Internet users: blogs, online bulletin boards/opinion sites, message boards
 Advertisers
 Political Activists

Heidi Estrada
512-794-3102
Hestrada@leo.gov
Austin Resident Agency/San Antonio Division

Return at 1:30
Next Session