Marshall program rides a surging wave of digital evidence
CHARLESTON, W.Va. -- As a new year dawns, it's hard to say where rapid-fire technological change and dizzying digital transformations will take society next.
But digital crime and online misbehavior? Now, there's a growth field.
With an increasingly popular series of classes in "digital forensics," Marshall University is training a new generation of students to keep up with this new generation of crime.
"The Internet is a great and wonderful tool that allows everyone to benefit from everyone else's experience and skills. The same holds true whether it be medicine, computer science or crime," said assistant professor John Sammons.
Authorities scour hard drives, emails and digital devices for files, images and other data involved in everything from identity theft and corporate intrigue, to child pornography and terrorism, he said.
As the darker side of human behavior continues to manifest digitally there comes a pressing need for training in how to find, sort, analyze and make evidence of it legally usable, said Sammons, a former Huntington Police Department drug unit investigator.
"One of the big challenges here is the whole needle in a haystack thing because there are millions or billions of files on a computer. That's just one self-contained desktop computer. When you're start talking a commercial environment with multiple servers, you're talking terabytes, petabytes, tons and tons of data," said Sammons.
A petabyte is a unit of information equal to one quadrillion bytes, or 1,000 terabytes, which is itself a pretty massive chunk of data.
Marshall's digital forensics classes began in 2005 as an "area of emphasis" and are part of a Computer Information Technology degree from the College of Science. When Sammons, 46, joined the university's Integrated Science and Technology Department in 2008, there were just eight students taking the series of classes. This last semester, there were 32.
He and his colleagues hope to make digital forensics its own major some day. Meanwhile, the university is now advertising for two new department faculty who will start next fall, one of whom will focus on cyber security issues. For now, students take part in a series of computer lab and lecture classes, as they track the trail of digital evidence through computers, networks, cell phones and the Internet cloud.
They learn how to collect evidence, document a digital crime scene and explore the many ways deleted data can be recovered, said Sammons.
Keeping up with the rapidly changing world of data, encryption, hardware and software developments is part of the landscape of digital forensics. "Every day you go to work here you're going to find something new and different," he said.
To get started, Sammons has written a primer to the field, due out on Feb. 29, by Syngress, titled "The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics."
"It's designed for the beginner, someone who doesn't understand, for example, how a hard drive stores data. Even if you're trying to wipe the hard drive or delete incriminating files there are other places that are very hard to get to -- if you don't know how to do it -- that are going to leave evidence."
Sammons also helped found the Marshall-based Appalachian Institute for Digital Evidence (online at aide.marshall.edu). The not-for-profit organization is for legal, technical, public sector and business professionals "for whom digital evidence is part and parcel of their work," and new members and sponsors are welcome all the time.
The institute's chief event is an annual training conference (the next one is May 21-25 at Marshall). The meet-up attracts lawyers, judges, private security folk, law enforcement and anyone else responsible for evidence that comes not in the form of paper but in zeros and ones.
A few weeks back, he and Terry Fenger, director of the Marshall University Forensic Science Center, gave a presentation on digital forensics at the Greenbrier to a national meeting of the National Association of Prosecutor Coordinators.
"We do quite a bit of presenting," sad Sammons. "We're spreading the good news, if you will, that right here in West Virginia it's like 'Silicon Holler.'"
Sammons chuckled at the phrase. But he grows more serious at the challenge of nailing down digital evidence when, say, child pornography is involved. Digital evidence gathering faces not only technical but legal challenges, especially with content hosted outside the United States, he said.
"It can be a little cumbersome to get data from another state from a legal perspective. But it's exponentially harder to try and pull that data from another country. A lot of these places, like Eastern Europe and the Ukraine, stuff like child pornography is hosted over there. You can't get to it. There's not as much cooperation as you'd like between governments to pull that stuff down."
Then there is the argument over data privacy. Whole web communities revolve around frustrating digital forensic forays, Sammons said. He cited one website whose motto is "rendering computer investigations irrelevant" through tips on hiding, destroying and disguising data.
For that matter, who has the right to poke through your computer or Internet service provider server files and for what reasons?
"The Europeans view privacy in a different way than we do," said Sammons. "They're more focused on individual privacy than we are. We might be able to get emails that are hosted over there, but they might strip out the identifying information. Now, that might be worthless as far as court purposes go, it's hard to tell. That may render that stuff more or less useless to us."
Inside the student lab with its 12 work stations, Sammons does a run-through of programs in the field students train on, such as Encase Forensics and AccessData's Forensic Toolkit.
Marshall staff and students are credited on the AccessData site with helping develop "Custom Carvers" which can find certain embedded or deleted file as long as the file header still exists.
Students in digital forensics can look forward to a variety of jobs, from civil and criminal work on both the defense and prosecution side, to governmental, business and military work, Sammons said. "We're trying to graduate as many competent professional as we can in this area because the demand is huge."
Janet Napolitano, U.S. Secretary of Homeland Security, visited Marshall last spring and gave a keynote address as part of the W.Va. Homeland Security Summit, in which she discussed cyber security and the daunting challenges of protecting our growing digital infrastructure. At one point, she addressed university president Stephen J. Kopp, Sammons recalled.
"She looked at Dr. Kopp and said, 'I can hire every graduate that you produce,'" he said.
Reach Douglas Imbrogno at email@example.com or 304-348-3017.