Cyber sleuths
By DONAVON CAMPBELL
Through countless doors with keypad locks in the bowels of the Upper Arlington Police Division Headquarters is a 12-foot-by-12-foot room.
Cramped within that room, Officer John Priest and his assistant, Officer Brian Correll, work with SAM and FRED. The partners sweat out the details of crimes committed in today’s cyber-centered universe from overlooked, but always informative, accomplices: computers.
“The amount of information we bring back is absolutely mind-boggling,” said Priest.
“We can recover stuff people don’t even know is on their computers.”
The UA computer forensics department only began in 2005 when Priest – a self-described “hacker” during his high school days — used his computer skills to help break a case that had been mired on the shelves of a number of other computer labs throughout the county.
Three years and more than 400 hours of training later, Priest is one dude you do not want to get ahold of your hard drive if you have anything to hide.
“You can lie to me in an interview,” said Priest. “But your computer is not going to lie to me.”
FRED, or forensic recovery evidence devise, essentially makes an exact copy of a computer’s hard drive. The original hard drive must be replicated and preserved for evidence, so Priest has to work from the copy.
Then Priest gets busy “carving up” and drawing out anything and everything the computer has to offer.
Priest sits in front of a 42-inch screen — it has to be large so he can look at multiple computer screens at once — and converts lists of numbers into Web sites, e-mail messages, downloaded files, pictures, videos and even keystrokes.
“I work in the hexadecimal level a lot,” said Priest. “Which is just a step above binary (code).”
Essentially, that means Priest stares at grids of double-digit figures, each a keystroke or a mouse click, instead of wallowing in the most basic level of computer programming: binary code is an endless string of zeros and ones that can equal almost anything.
Once a working copy is made, the hard drives are stored in SAM. That acronym has many colorful variations, but essentially is a storage device with a four-terabyte capacity.
An average laptop has 100-120 gigabytes of storage space. One terabyte is 1,000 gigabytes.
Perhaps even more amazing is that SAM is home made. Correll has pieced the machine together from donations, seized equipment and, few and far between, some newly purchased items.
“We begged, borrowed and stole to make this thing,” said Correll.
He said he has become notorious for pilfering unwatched electronic equipment throughout the office, located in the Municipal Services Center on Tremont Road.
The forensics lab shares a door with the evidence room. Inside there are shelves of 30 or more computers that have been confiscated and need to be searched.
Priest said he can examine a computer in 10-15 hours. However, more and more cases are involving multiple computers.
One recent case involved 35 computers from one house.
“That one took up a lot of my life for a very long time,” said Priest.
Computer forensics is invaluable in a number of different types of crimes these days, from fraud to missing children to online threats.
Priest said most of his cases sadly involve child pornography.
In 2007 Priest helped build cases against more than 100 child pornography offenders in the Franklin County area.
“John is one of the top dogs in Ohio,” said Correll of Priest’s ability and experience with computer forensics. “John is good.”
Still, not all cases are so sinister. Priest has helped find missing children by reconstructing recent e-mails or instant message conversations they’ve had on their home computers.
Nevertheless, tucked away in their techno-bunker, Priest and Correll — who are also patrol officers — mark the beginning of an eminent wave in law enforcement.
“On almost every search warrant we grab the computer,” said Correll. “It’s that important.”
In fact, when Priest submits either a physical or digital report into evidence, he often times finds himself educating the judge and prosecution about what it is he is presenting to them.
While Priest and Correll said they are appreciative of the opportunity to work in computer forensics, they are quick to mention how crucial it is that law enforcement stay ahead of the curve.
“We gotta change,” said Priest about keeping up with technology as it continues to be an ever increasing part of our lives and, therefore, a larger arena for criminal activity.
“This isn’t going away,” said Priest.
“This is getting worse.”
UA’s computer forensics lab is one of only a handful in Central Ohio. Columbus, Westerville, Reynoldsburg and Delaware also have at least a part-time computer forensics department.
(this article appeared in the June 11, 2008 issue of the Upper Arlington News)
