Bagram's digital detectives dig in

By Colby T. HauserDecember 20, 2011

CID Digital Forensic Examiner
Warrant Office 1 Patrick Eller and Sgt. Russell Rhodes, CID special agents and digital forensic examiners assigned to the 10th Military Police Battalion (CID) (ABN), currently deployed to Camp Sabalu Harrison, Afghanistan, work in the DFE office exam... (Photo Credit: U.S. Army) VIEW ORIGINAL

BAGRAM AIRFIELD, Afghanistan (Dec. 19, 2011) -- There is another war in Afghanistan. A war that has no armor or aircraft yet expands well beyond the boundaries of every nation known to man, the vast landscape of the digital realm.

Within this battle space, an elite group of highly trained special agents assist their fellow law enforcement professionals navigate, process, and evaluate digital evidence; often making or breaking an investigation in a society dependent on digital media.

"There is almost always a digital evidence component to every investigation we do, in that either through searches or questions asked during an interview, the potential is there for almost every case," said Special Agent Patrick Eller, the senior digital forensic examiner, currently deployed with the 10th Military Police Battalion (CID) (Airborne), at Camp Sabalu Harrison, Afghanistan. "It's not uncommon for there to be 12, 13, 14 even 15 different pieces of media for just one case. Over the last five years it has just shot right through the roof," he said.

"People just love digital media," said Special Agent Russell Rhodes, a digital forensic examiner with the 10th. "Even in a deployed environment, digital media is everywhere. Soldiers are constantly on their computers or Blackberry's. Almost everyone has a cell phone, laptop or iPod so naturally some form of media will show up as evidence."

The Digital Forensic Program initially was used to combat child pornography, but has developed over the last several years, touching almost every type of criminal investigation from sexual assault to murder to drug cases, Rhodes said.

CID special agents selected to become digital forensic examines must complete three two-week courses covering the myriad of different types of storage devices, operating systems, software, as well as the tactics and techniques specific to processing the evidence for law enforcement purposes. More than 20 additional courses in intrusions, system specific software applications and electronics are available for digital forensic examines to further their expertise in digital forensics.

In Afghanistan, the digital forensic program was somewhat lacking with most evidence being sent back to the U.S. Army Criminal Investigation Laboratory at Fort Gillem, Ga., or the Defense Computer Forensics Laboratory in Linthicum, Md., to be processed.

"When I first arrived in Afghanistan, there was only one DFE at battalion and a six-month backlog of evidence to be processed," said Special Agent Anthony Wingate, a special agent from the Fort Bragg, N.C., CID Office. "Then Brigadier General (Colleen L.) McGuire came through and ordered the addition of two more digital forensic examiners to be deployed to Afghanistan, with another two DFEs to be stationed in Kuwait. Now when a case comes through, it takes us about a month and a half to process the evidence."

"Basically our goal is for everything to be processed here, unless it's something we can't do," he said.

Digital forensic examiners can process all manner of digital media except classified systems or damaged devices. Now fully staffed, the CID digital detectives are only challenged by the cases themselves and the continuous development of technology.

"The size and types of media continues to grow but the physical container continues to get smaller," Eller said. "Just a few years ago 32 gigabytes was a hard drive, now it's a memory card that's as small as the tip of a finger."

The constant changes in technology also affect the investigations as well.

"When I first started in this career field 250 to 500 gigabytes was the most we'd ever scan during an investigation. Now it's not uncommon for us to go through four or five terabytes of information," he added.

Just like being able to call in for back up, digital forensic examines are always on call for their fellow special agents and have on more than one occasion been the crucial piece of information that has blown a case wide open.

"The stuff you come across here would absolutely blow your mind," Wingate said. "Because everyone is so accustomed to using digital media in their daily lives, many times what we'll discover will either put that suspect behind bars, or in a few cases, clear them of any wrong doing."

One case was a seemingly straight forward child pornography investigation. However, after all pieces of digital media were examined, CID special agents uncovered that the suspect not only possessed child pornography, but was guilty of child molestation and distribution of that product. Some of the victims were as young as 8 years old.

The case has since been turned over to the Federal Bureau of Investigation's Child Pornography Task Force for prosecution by the U.S. Department of Justice

"That was a significant case because through everyone's efforts we were able to get that person off the streets and behind bars," Eller said.

In another case, text messages stored in a smartphone helped exonerate a Soldier wrongfully accused of sexual assault. Now, the person who did the accusing was found guilty of lying to federal law enforcement officials and giving a false official statement. Both are felonies.

"In most cases, the evidence will speak for itself," Eller said. "Still, there's no sign of stopping because as the various FOBs (forward operating bases), camps and bases continue to grow so does the use of technology by those people occupying them."

Within the last five months, the amount of digital media examined by the CID digital forensic team has more than doubled. Then, once the investigation has been completed and turned over for prosecution, digital forensic examines are subject to travel to wherever that case is being tried to testify as an expert witness.

"Most subjects in cases will plead out before it ever gets to trial, but sometimes the case will go forward and we'll have to testify as the subject matter expert on behalf of the prosecution," Wingate said.

Looking toward the future, CID's digital forensic experts continue to do what has to be done, and encourage their fellow special agents to be mindful of the digital forensic examine piece while conducting an investigation.

"What we're trying to push out to the field is to really look at whatever type of investigation they may be conducting and keep the digital forensic piece in mind," he said. "Because that piece of media, that phone or iPod, might just be that crucial link that solves the case."

Related Links: Current Operations News

U.S. Army Criminal Investigation Command

International Security Assistance Force on Facebook

U.S. Army Criminal Investigations Special Agent (31D) career opportunities

International Security Assistance Force