Piecing Together Digital Evidence
|One of the six CART mobile labs with state-of-the-art capabilities for acquiring, processing, and analyzing digital evidence ... even while the vehicle is in motion. Courtesy of FBI
In a case involving the round-up of dozens of suspects indicted on public corruption and other charges, investigators were faced with processing large numbers of seized cell phones, desktop computers, and laptops belonging to the suspects. In another case, key evidence against a terror suspect arrested for attempted use of a weapon of mass destruction included data found on his computer. And after a U.S. Congresswoman was wounded and six people killed in Arizona, vital evidence was found on security camera footage, computers and cell phones.
Reflecting a trend that has become increasingly commonplace for law enforcement, all three of these cases involved the need to recover digital evidence. And our Computer Analysis Response Team, or CART, is the FBI’s go-to force for providing digital forensic services not only to our own investigators but also in some instances to our local, state, and federal partners.
CART consists of nearly 500 highly trained and certified special agents and other professional personnel working at FBI Headquarters, throughout our 56 field offices, and within the network of Regional Computer Forensics Laboratories across the nation. They analyze a variety of digital media — including desktop and laptop computers, CDs/DVDs, cell phones, digital cameras, digital media players, flash media, etc. — lawfully seized as part of our investigations.
During fiscal year 2012, CART — while supporting nearly 10,400 investigations—conducted more than 13,300 digital forensic examinations involving more than 10,500 terabytes of data. To put that last figure into perspective, it’s widely believed that the total printed content in the Library of Congress is equal to about 10 terabytes of data, so imagine the printed content of approximately 1,050 Libraries of Congress!
CART examiners are experts at extracting data from digital media…even when the media is damaged by the forces of nature or defendants attempting to prevent any data from being recovered.
The cases that CART examiners work span the gamut of FBI program areas: from cyber crimes and computer intrusions to violent crimes, financial crimes, organized crime, and national security matters. And once they have finished their forensic work, CART examiners are also available to testify in court as expert witnesses on their findings.
Because we come across computers and other digital media so often in the course of our investigative work, our CART examiners can’t possibly handle every piece of media. That’s why CART created a basic digital evidence training course and developed easy-to-use examination tools for field investigators — to give them the technical and legal knowledge they need to process simpler and more basic digital evidence from their cases without altering or damaging the data — which allows CART examiners to focus on more technically complex cases.
CART on the go. While much of CART’s work is done in stationary facilities in the field or back at our national Headquarters, we also have six mobile CART laboratories around the country. These mobile labs are especially valuable when time is of the essence, enabling digital evidence to be examined on the spot.
CART … an evidence response team for today’s high-tech environment.