- By Patience Wait
- Nov 03, 2005
Dale Pupillo of the Secret Service's Criminal Investigative Division says the extent of computer crime has made forensics training essential for agents.
Trail of evidence leads Secret Service investigations into computer forensics
'Local law enforcement can't deal with so much of this [kind of] crime because it's global. If we combine our resources, we're much more successful.'
'Michael Levin, Electronic Crimes Task Force
The reason the Secret Service puts so much emphasis on computer forensics is fairly simple: Computers are where the clues are.
'Today, just about every crime scene has some form of digital evidence,' said Dale Pupillo, deputy special agent in charge of the agency's Criminal Investigative Division.
And the types of crime that most commonly involve computer use are often right up the Secret Service's alley. In addition to providing security for the nation's top elected officials, their families and visiting dignitaries, the Secret Service is the lead agency in protecting the United States' economy against computer crimes. Its mission statement reads in part:
'The Secret Service ... investigates violations of laws relating to counterfeiting of obligations and securities of the United States; financial crimes that include, but are not limited to, access device fraud, financial institution fraud, identity theft, computer fraud; and computer-based attacks on our nation's financial, banking, and telecommunications infrastructure.'
To meet this challenge, the agency is quietly retooling its force of 3,000 field agents by training all of them in the basics of computer forensics.Laying the foundation
The initial training, the basic investigation of computers and electronic crimes, is called XF-B, a two-week course that begins with the fundamentals, Pupillo said. 'On Day One, they break down a computer and learn about what makes the computer work,' he said.
Over the remainder of the course, agents learn everything from how to secure all the different forms of digital evidence, to how to trace IP addresses, to the legal aspects of the work.
Bringing all its agents up to speed on the basics of computer forensics will take time, Pupillo said. XF-B is offered once a month, and each class has 24 students. He declined to say how far along the agency is in the training and how much money has been budgeted for the project.
But XF-B is not the only computer forensics training effort at the Secret Service, which conducts about 10,000 forensic examinations a year, Pupillo said, many of them very complex.
The agency also offers XF-Intrusion, advanced training for network intrusion investigations. This is a six-week program that provides hands-on training in hardware and software, and teaches about the trends in 'exploits,' the different kinds of attacks such as worms, viruses, Trojan horses and phishing.
Agents with these skills are dispersed throughout the United States for quick response to an incident, Pupillo said.
'We started this training this year,' he said, and added that by the end of this year they would have 32 agents trained in the subject. The agency plans eventually to have 140 to 150 agents with these specialized skills scattered around the country.
Finally, the Secret Service has one more course, XF-Computer Forensics, that addresses the actual capture of information on all the electronic media the agency seizes'reconstituting the data on hard drives, recovering deleted files, breaking passwords, cracking encrypted files and so on.
The aim of this course is to be able to provide solid evidence that can be used in a court of law.
XF-Computer Forensics is not limited to Secret Service agents, Pupillo said.Working together
'We train with the IRS and Immigration and Customs Enforcement,' he said. 'There are 24 individuals in a class, eight from each agency.'
In addition to close working relationships with other federal agencies, the Secret Service works with 15 task forces, eight working groups, and a host of state and local groups, said Michael Levin, assistant to the special agent in charge of the CID and a member of the Electronic Crimes Task Force.
'The task forces combine ... federal and state prosecutors; federal, state and local law enforcement; colleges and universities; and private individuals,' he said.
'It's a unique combination,' Levin said. 'The concept is that local law enforcement can't deal with so much of this [kind of] crime because it's global. If we combine our resources, we're much more successful. And because the technology changes so rapidly, it's important to include the private sector for their expertise, colleges and universities' for their research.
The agency also offers numerous computer forensics education tools for local law enforcement, from training classes to best-practice guides, even a first-responder DVD to teach local police very basic techniques for securing electronic evidence, he said.
And because computer crime is not limited by national boundaries, the Secret Service has extensive working relationships with sister agencies in other countries and with international organizations such as Interpol.
'We have 17 overseas Secret Service offices,' Levin said.