A former employee of a large company is suspected of downloading the firm’s trade secrets before being laid off.
A jilted lover planning to murder her rival uses her PC to search for a gun shop.
A network of terrorists plotting an attack communicates by texts and emails.
A man suspected of using his smart phone to send and receive child pornography deletes the images to avoid prosecution.
These types of cases land on the desks of detectives in the Orange County Regional Computer Forensics Laboratory in Orange.
Funded and managed by the FBI, the lab is among 15 nationwide that serve as comprehensive forensic laboratories devoted solely to the examination of digital evidence in criminal investigations.
The Orange lab is home to a task force of local and federal law enforcement agencies that include police departments from Fullerton, Anaheim, Brea, Irvine, Newport Beach and Santa Ana, along with the Orange County Sheriff’s Department and the Orange County District Attorney’s Office.
Federal agencies on the task force include the FBI and the Bureau of Alcohol, Tobacco, Firearms and Explosives.
The detectives in the lab are trained to extract evidence from any digital device, even data that is encrypted, deleted or password protected.
“It could be phones, thumb drives, tablets, DVR systems, SD cards … anything digital,” said Det. Tom Fullerton of the Fullerton PD, a member of the task force and self-professed computer enthusiast since childhood. “Digital has become a big aspect of investigations, because everybody has digital devices.”
Detectives in the lab don’t actually investigate cases, said Fullerton, who is part of the original group that formed the task force in 2010.
Rather, they assist investigators from member, and even non-member, agencies by mining evidence from devices — evidence that then gets passed on to detectives working the cases.
Their training is intense, said Det. Eric Raymond of the Anaheim Police Department, a task force member since 2013.
To work in the lab, detectives must pass a two-year training program along with an extensive background check.
“I’ve been in law enforcement for 27 years,” Raymond said. “I did patrol, I did K9, I did narcotics. I did the joint terrorism task force. The hardest test-taking and preparation has been this because it is unlike anything else I have ever done.”
While the detectives in the lab are part of a task force, their work is nothing like that of traditional police task forces, Fullerton said.
“This is completely different in that you are basically learning to be a computer engineer,” Fullerton said. “You’re learning how hard drives work, how data is laid down on a hard drive, how operating systems work. It gets pretty complicated.”
One of Fullerton’s first cases involved a man who installed malware on acquaintances’ computers, allowing him to remotely turn on their webcams and watch his victims without their knowledge.
Twelve victims ultimately were discovered and the suspect was arrested and convicted for illegally accessing computers — essentially invasion of privacy, Fullerton said.
For individual law enforcement agencies, especially smaller agencies, the benefits of the Regional Computer Forensics Lab are immeasurable, Raymond said.
Agencies have access to the brain power of multiple, skilled investigators along with the high-tech equipment they use.
The FBI picks up the tab for nearly all of it. Each agency is responsible only for the salary and benefits of its detective on the task force.
“With our department, we had one guy doing it,” Raymond said. “One guy could only handle so much. The beauty of a task force environment is that we can accept multiple cases … large cases, and it doesn’t slow down and it doesn’t stop. We can disperse the work among many. Plus, there is a brain trust here.”
Computer forensics have played a role in some high-profile cases in recent years.
One that made national headlines was the case of Scott Peterson, who was convicted and sentenced to death for murdering his wife Laci and her unborn fetus.
Prosecutors believed Peterson murdered his wife on a small fishing boat in San Francisco Bay and tossed her body overboard. Laci’s remains and the remains of the fetus were discovered on a San Francisco Bay shoreline.
A computer forensic investigator found information on Peterson’s computer showing he did searches of currents in San Francisco Bay prior to Laci’s disappearance.
Computer forensics were also key in the investigation into the San Bernardino terror attack in 2015 in which 14 people were killed.
Testifying before Congress recently, FBI Director James Comey said:
“The pervasiveness of the cyber threat is such that the FBI and other intelligence, military, homeland security and law enforcement agencies across the government view cyber security as a top priority.”
Other member agencies in the lab include the Los Angeles, Fontana and Ontario police departments, the L.A. County Sheriff’s Department, Riverside County District Attorney’s Office and San Bernardino District Attorney’s Office.