Time progresses and many things in life may change but, for the most part, crime remains constant. Law enforcement agencies must pursue new and different ways to combat the crimes that plague their communities, and they must continually acquire new knowledge and skills to do so. With the advent of computers and the evolution of technology that has unfolded, over time, opportunities for more sophisticated means and methods of committing crimes have resulted. Consequently, law enforcement agencies must be cognizant of the need to implement specialized units with personnel trained and equipped to investigate and handle these new challenges that interface with various facets of crime through technological advances.
The Arlington County (Virginia) Police Department, on the outskirts of the nation's capitol, is one department that has done just that. The Computer Forensic Unit (CFU) was established approximately 12 years ago and serves as a support unit. It has played a critical role in solving diverse crimes. The unit is involved in the collection and analysis of digital media including computers, cell phones, digital cameras, digital storage devices, thumb-drives and other technological devices for evidence pertaining to a variety of cases. The unit has often worked cases that include stalking, homicides, suicides, child pornography, domestic violence and burglaries, among others. The unit is supervised by Sgt. Stuart Ellis and includes Detective Luis Ordonez, Detective Daniel Gillenwater, and Detective Darrel Taber.
As a support unit, the detectives often work in conjunction with other divisions in the department as well as detectives in the Special Victims Unit (SVU) who rely on them to obtain vital information they may need for their cases that are time sensitive. The CFU is also part of the U. S. Secret Service Task Force in the Washington D. C. Metropolitan region whose function is to assist respective agencies with the investigation of electronic crimes.
The detectives in the Arlington County Police Department CFU are highly skilled and well trained. For example, Detective Ordonez, a 15-year veteran of the police department with significant street experience, who has been in the unit for 2 ½ years, previously worked as an Electronics Technician for several private companies prior to beginning his career as a police officer. In his current position, he has acquired advanced training. From May - July 2008, Detective Ordonez attended the national Computer Forensics Institute in Hoover, Alabama. This training is a collaborative effort sponsored by the U. S. Secret Service that has a partnership with the National District Attorney's Association and the U. S. Department of Homeland Security to implement this cyber crimes training program for local and state law enforcement, prosecutors, and judges.
"It's a resource multiplier for us," says Michael Stenger, Assistant Director of the U. S. Secret Service. "We put 240 people through it last year and 280 this year," he says. Stenger explains that in addition to offering basic, intermediate, advanced, and refresher training, they also provide equipment to these professionals to utilize in their agencies.
"Having a well trained staff to do computer forensics is an investigative necessity in today's world. Every well staffed police department should be actively engaged in computer forensics. One of the challenges of staffing a CFU is the amount of training and equipment needed to keep the staff in a position to maintain pace with the evolution of changing technology," says Chief Douglas Scott of the Arlington County Police Department. "Chiefs and sheriffs need to carefully choose and screen potential members of a CFU that are willing to commit to this assignment for multiple years because of the extensive training and certifications needed to be successful in the position," he says.
Detectives in the Arlington unit, as well as other professionals who engage in this type work, must possess an aptitude to understand computer file systems, the bilateral numbering system, and the concepts of magnetic and non-magnetic storage. It is important, as well, that they possess a substantial degree of patience, attention to detail, and some street experience in order to effectively perform their tasks.
Working in a unit of this nature, however, differs from working the street and becomes more of an investigative dynamic. "If you are somebody that likes working the road, you're not going to be on the road anymore chasing bad guys. While in the unit, your days of car chases will be over," says Det. Ordonez. Instead, a detective will become an expert witness for the prosecution and will explain the findings of a case in layman's terms. For professionals, like Ordonez, this work can be rewarding because it brings evidence into a case that, oftentimes, suspects are unaware of, do not believe exists, or think they have been clever enough to outsmart detectives who can discover and obtain evidence from their computers or electronic instruments.
Though detectives are sometimes able to obtain, by consent, the necessary equipment they need for their investigation, there are occasions in which they must obtain a search warrant. In order to do this, detectives must show probable cause to seize the equipment as well as the legal basis to actually gain access to the internal structures. Once they have legal ingress, they can utilize two valuable and commonly used software programs available to law enforcement professionals - Encase and Forensic Tool Kit - both of which are generally accepted by court systems. These programs allow detectives to make a forensic image of the hard drive of a computer without altering any of the data and enable them to search for and locate deleted files or remnants of files in the free space area that Windows cannot find.
Detective Ordonez relates a case that involved a violation of a protective order. The defendant had been arrested for stalking his former girlfriend after she broke off the relationship with him. He was sending her emails in violation of a protective order that emanated from the stalking case. The defendant attempted to commit suicide as a means to take revenge on his former girlfriend. When Detective Ordonez arrived on the scene of a hotel room where the defendant was located, he observed a laptop computer under the chair and noted the Wi-Fi was turned on. Ordonez took a photo of the computer, opened it, and detailed, in writing, his observations about the condition of the computer noting the screensaver was on, that he had wiggled the mouse and there was activity on the computer, marked the time, and indicated what he had actually viewed on the screen. He also pulled the plug on the computer to preserve information.
The victim in this case had changed her phone number. The defendant had created a new name on Yahoo email for himself and used her new phone number - which he was not supposed to be aware of - by transposing the last two numbers of her new phone number. Detective Ordonez discovered that the information preserved on the hard drive had similar wording compared to the emails received by the victim. Interestingly, the defendant claimed he had no internet connectivity in the hotel room and that someone had sent the emails about the victim to him via his Blackberry. He claimed he subsequently forwarded them to the victim. Initially, at the trial, the defendant denied sending three emails to the victim but then, during the trial, suddenly admitted to sending one and pled guilty. Consequently, he was convicted of violation of a protective order.
An advantage to having a unit of this type is that it allows for rapid evidence collection and analysis that facilitates a speedy trial. However, detectives acknowledge there are frustrating aspects to the job. "You spend a lot of time collecting computers and digital images to find the smoking gun isn't there," says Detective Ordonez. There is also a substantial amount of documentation that must be done. Detectives have to take a camera, sketch pad, fill out property forms, conduct examinations, document findings and, overall, engage in a lot of administrative work. Once the case is closed, they still must archive the material to magnetic or digital tape. With digital tape, they are able to back up the information in case it needs to be restored at a later date, but the entire process takes a lot of time.
There are also challenges to the job. "The challenge of working with computer forensics is that it's mentally tiring instead of physically tiring. Instead of interviewing a suspect to convince him to tell you the information he knows but doesn't feel like giving you, a computer has to give you the information as long as you can find it properly," says Detective Darrel Taber who has been on the police department seven years and in the CFU one and one-half years.
"It's easier to turn a cop into a geek than a geek into a cop. The field is dynamic and constantly changing. We're very fortunate because we have full-time computer forensic people and the chief supports that," says Detective Ordonez. A well-rounded, experienced, and street-savvy detective, Ordonez, like his colleagues, is dedicated to his mission within the unit. Armed with the right amount of enthusiasm and assertiveness, though unpretentious, Ordonez and his colleagues obtain fulfillment from their job while, at the same time, making tremendous contributions to public safety. "No one likes child pornographers. If you can put those groups away, that's pretty rewarding," says Detective Ordonez. Detectives in the Computer Forensic Unit do just that, and, among other things, they do it all exceedingly well.
