PSU profs moonlight with detectives

The city of Portland was recently selected by the FBI to house a new high-tech computer crime lab, and Portland State’s computer science department will play an integral role in helping to crack cases. The Portland Regional Computer Forensics Lab (RCFL), slated to be built in the next year, will be among only a handful nationwide that pair volunteers from local high-tech companies and academia with law enforcement agencies.

There are currently four RCFLs operating nationwide – in San Diego, Texas, Chicago and Kansas City – and six slated to open over the next year, including Portland’s. The labs are touted as “full-service digital forensics labs, devoted to the examination of computer evidence in support of criminal investigations,” according to the national Web site.

Several faculty members in PSU’s computer science department currently work with the Hillsboro Police Department, lending their high-tech expertise to give police the edge they need to solve computer-related crimes. Staff members are part of a local group called Computer Related Investigations Management and Education (CRIME), which conducts high-tech training and fosters networking among members in computer-related investigations, security and education.

The new RCFL will receive a portion of the $7.2 million earmarked by Congress for the six new labs nationwide. The Portland area was chosen in early October, and the FBI is currently looking for a location, particularly at the Portland State campus.

“PSU has been an active partner in helping bring a forensics lab to Portland for well over a year, and the FBI has been very interested in having access to technical expertise from both faculty and students in the area,” said Mark Morrissey, an instructor in PSU’s computer science department and a member of CRIME. “PSU is in the running, either on campus or physically near campus, but it needs to be a physically secure location since they’re dealing with criminal actions.”

A core group of PSU staff members have been working with the Hillsboro police for about two years now on a consulting basis to help solve crimes. “We’re basically lab rats. People bring us evidence, we investigate it and produce a report,” Morrissey said. “We’re not police officers, and we don’t pretend to be. We’re merely looking for evidence of guilt or innocence.”

CRIME has been around for about eight years and, in addition to the Hillsboro police and the FBI, includes volunteers – big-name regional companies such as Intel, Textronix, Nike and Boeing. Morrissey, Warren Harrison, Sarah Mocus and Jim Makely, all computer science instructors at PSU, form the Police Reserves Specialist Program, a subgroup of CRIME that has worked with the Hillsboro police for the past two years to help solve crimes.

Since the subgroup is relatively new, Morrissey says none of the cases have gone to trial yet, but some of them are working their way to court. Members of the CRIME team can be called to testify in court on the findings of their investigations, and Morrissey has done so in the past. Though not at the time affiliated with the CRIME program, he testified at Intel’s first computer-related case that went to trial in 1993 and has worked on about a dozen cases so far.

Law enforcement agencies currently bring computers to the PSU group to physically look through for evidence of computer crimes, and with the growing size of computer hard drives, the task can sometimes be daunting. However, “if there’s no evidence of them trafficking in e-mail, we have no reason to look through it, so we’re able to bound our search based on what the search warrant says,” Morrissey noted. “If we’re not granted explicit permission, then we’re denied.”

Morrissey praised the Hillsboro Police Department, saying at every step they emphasize the rights of the accused and look for evidence that might produce innocence as well as guilt. Although Morrissey can’t divulge details of cases they’re currently working on, he did give examples of digital investigations.

“If someone’s accused of ID theft, we have a particular profile of things we look for, like Oregon DMV records. If they’re accused of producing fraudulent Oregon driver’s licenses, they probably have a picture of an Oregon driver’s license and an electronic fingerprint of the DMV records,” Morrissey said.

When the new computer forensics lab is built, PSU will play a more active role in helping local and national law enforcement agencies. “It’s unlikely that PSU personnel would ever lead investigations, because that’s not what we do. We’re moving more in the direction of working with the FBI to develop specialized tools to more quickly investigate digital evidence,” Morrissey said.

If a thousand disk drives need to be investigated, having one person examine them manually is not as efficient as developing a digital tool to scan them automatically, he explained.

PSU students have the opportunity to get their feet wet in techniques used to investigate computer crimes. The computer science department offers upper-division undergraduate and graduate-level classes on cryptography, computer security and digital forensics each term, taught by members of the Police Reserves Specialist program.

Students in the classes do not actually investigate crimes, but rather learn the tools and techniques they need to produce evidence suitable for a court of law. Morrissey noted, “Computer science students have the vast majority of technical skills needed to assist in solving computer crimes, they just don’t have the context – what does it mean to investigate? We teach them how to look at computer systems as potential sources of evidence.”

For more information on computer forensics in the Portland metro area, check out the CRIME Web site at www.crime.whiteknighthackers.com. The RCFL National Program Office Web site, www.nationalrcfl.org, has more information on computer forensics and other RCFLs. For more information on computer-security-related classes and information, check out Morrissey’s Web site at www.cs.pdx.edu/~markem.