OSI computer crime investigations – setting the pace then and now

  • Published
  • By Dr. Deborah Kidwell
  • OSI Command Historian

OSI’s mission into computer crime investigations developed rapidly after 1980. As more people owned personal computers, digital record keeping and business applications conducted over the internet became commonplace.

The expertise of hackers seeking access to classified and unclassified data on government and defense contractor systems led agents to realize that law enforcement would need better computer skills in order to discover and document evidence. Accountants and fraud agents also needed these capabilities to conduct successful investigations.     

By the 1990s, OSI had a highly competent core group of dedicated Computer Crime Investigators (CCIs) to confront the increasing digital threat. Hackers obtaining access to even unclassified systems posed a significant threat to national security alongside proprietary and intellectual property. As the Cold War ended, new rogue states emerged to target digital networks and information warfare became a crucial part of the national defense strategy. Moreover, CCIs provided significant evidence in a number of criminal cases. These forward-leaning agents roamed the globe gathering evidence at the scene of the crime.    

In 1991, the wife of an Air Force member was found murdered in the Philippines.  Evidence pointed to the woman’s husband, when it was discovered that he was having an elicit affair with a Philippine woman. While OSI agents were interviewing the husband, he proceeded to cut to pieces--right in front of them--a five-inch floppy computer disk. The suspect apparently believed he sufficiently damaged the disk, thus preventing retrieval of the evidence. However, agents collected the disk pieces and sent them to OSI HQ for analysis, hoping the disk could be repaired and the evidence extracted.

Agents asked several computer giants and government agencies to find a procedure to piece the disk back together. The agents were told the technology was not currently available, and it would take millions of dollars and years of research to perfect a technique to extract the data. Unsatisfied with this answer, agents conducted their own research, and with approximately $120 in equipment, the team spliced the disk together well enough to access its contents.

The evidence held up in court to clearly show the Airman had committed a murder for hire. He was convicted based on the evidence provided by the keen agents, which successfully closed the case. Not only did these resourceful and determined agents solve the case, but they also developed a technique and opened possibilities that were not previously considered. These possibilities became standard operating procedure for the lab in the years to come. Today’s Department of Defense Cyber Crime Center, or DC3, specializes in repairing damaged media and extracting evidence for court proceedings.

OSI was the first military criminal investigative agency to establish a computer forensics lab specifically designed to provide computer evidence, analysis, diagnosis and processing. In early 1998, legislation directed the Air Force to provide program management for a computer laboratory. OSI’s proven expertise in forensic media analysis was cited by a joint working group as the reason OSI was selected to be the executive agency. The lab’s mission mirrored OSI’s and provided evidence in counterintelligence, criminal, fraud and other major investigations. 

The Defense Computer Forensics Lab (DCFL) was activated July 1, 1998. The unit, as an Operating Location of OSI, included a training program, research institute and other elements and services that continued to grow and change with the development of computer applications and the hacker skills to undermine them. In 2001, these organizations joined together to form DC3, with OSI as the executive agency for this world-renowned center. The center has proved its worth, particularly in forensic analysis of computers seized following the collapse of the Iraqi regime.

While most law enforcement personnel are familiar with DC3’s role in evidence extraction and preparation, the development of the digital forensics program illustrates the importance of innovation and change in response to new technology and requirements. The dogged determination of committed agents, who initially traveled the globe to reach the U.S. military to gather needed evidence within multiple domains, then and now, capitalized on new ideas and possibilities. Moreover, they contributed to a field that includes today’s all-important cyber threat pursuit operations.