Contact: Phil Hearn
Terrorists, child pornographers, credit-card crooks, and other purveyors of cyberspace crime may want to glance over their shoulders now and then to see if a computer forensics expert is in hot pursuit.
The technique of exposing computer-related crimes and tracking down their perpetrators through retrieval and analysis of electronic evidence is not new to law enforcement. The investigative process is gaining momentum, however, with the help of some cutting-edge expertise at Mississippi State.
Move over, Sherlock Holmes. It's elementary to the university's David Dampier.
"Forensics is the study of evidence to support prosecution in criminal cases, so computer forensics is the same thing applied to computers," the MSU assistant professor of computer science and engineering said. "It's generally applied to storage media like hard disks, floppy disks and CDs."
Dampier's inaugural course in computer forensics attracted 26 students during the spring semester and he's already "over-booked" beyond 30 student slots planned for his 2003 fall class. In addition to computer science students, he said the cross-disciplinary course is attracting students from criminal justice, accounting and other academic fields.
A shortage of trained computer forensic investigators, particularly at local levels of law enforcement, sparked Dampier's interest in initiating the MSU course. His students are taught how to collect online evidence, dissect and analyze storage disks, keep detailed logs, protect the "chain of custody," and present expert testimony when a case goes to trial.
"We're not trying to produce students who can go right out and become forensic investigators," he explained. "We're trying to teach skills that will allow students to assist in some of these investigations and learn how to do it through experience. As computer crime gets more sophisticated, career officers are having more trouble dealing with it."
Computer evidence not only is sought by law enforcement to solve crimes such as child pornography on the Internet and credit card fraud, and by government officials to uncover terrorist activities. It also is used increasingly in civil disputes and private employment practices.
According to experts in the field, far more information is retained on a computer than most people realize, and it is far more difficult to remove than generally believed.
"Computer data cannot be erased," said Dampier. "I can re-format the hard disk of a computer and it will absolutely do nothing to the data that's already there. The problem is that it can be difficult to tie evidence on a hard disk to the person who did the crime, unless it's their personal computer or there's some other corroborating evidence."
Since computer investigative techniques have developed incrementally in line with technological advances over the past 25 years, Dampier said they vary widely among local, state and federal law enforcement agencies. For that reason, MSU doctoral student and department lecturer Chris Bogen of Brandon is conducting research aimed at creating a more consistent methodology.
"I am excited about computer forensics because it is a new topic in academia and the idea of becoming a 'cybersleuth' appeals to my sense of adventure," said Bogen. "It is becoming increasingly apparent that computer crime is the new plague for our law enforcement agencies.
"Currently, my goal is to develop a practical methodology for specific types of computer forensics investigation, including child pornography, credit card fraud, terrorism, and so on," he added. "This approach is favored over developing one broad silver-bullet methodology because each type of investigation may differ dramatically."
Dampier said the focus of Bogen's research is to determine how various law enforcement agencies currently conduct computer investigations, then glean a pattern of effective techniques that can be taught to students.
"We want them to be exposed to the best practices, based on years of experience by investigators in the field," Dampier said. "There's no substitute for experience."
Beyond campus, the Mississippi Cybercrime Center in Attorney General Mike Moore's office has sought out Dampier's program to be a part of a university consortium designed to combat Internet crime. Elizabeth Hocker, special assistant to the attorney general, is organizing a network that will include Dampier's program.
Other components to the A.G.'s consortium will come from MSU's James Worth Bagley College of Engineering, the University of Mississippi's criminal justice department and the University of Southern Mississippi's marketing department.
Computer forensics represents one specialized area of the broader field of computer security, where MSU's Ray Vaughn is considered one of the nation's leading experts. An associate professor of computer science and engineering, he directs the Center for Computer Security Research--one of 22 such centers established nationwide two years ago by the United States government's super-secret National Security Agency.
The area of computer security at MSU has collected some $3.5 million in outside funding during the past five years. One $100,000 federal grant provided a laboratory that allows students to work with cutting-edge technology.
With the aid of NSF funding, Vaughn currently is working with Jackson State University to establish a computer security center on the JSU campus. He also is working with Iowa State University and the University of Kansas to develop a computer security center for private business.
NEWS EDITORS/DIRECTORS:
For additional information or comments, feel free to contact Dr. Dampier at (662) 325-8923 or Dampier@cs.msstate.edu. Dr. Vaughn may be reached at 325-7450 or Vaughn@cs.msstate.edu.