PSU Magazine Fall 2003

the program for the Royal Cana– dian Mounted Police, which used it in fighting gang activity There was just one problem. The original FNames took 15 hours to search through 1.6 gigabytes of information. With computers now routinely holding more than 80 giga– bytes, FNames might be effective, but it was slow. "I went to Kyle ," says Anderson , "and said, Tm just wondering if you're up to speed on doing this computer stuff.' 1 gave him this assignment on a Thursday and Monday he came in with a functioning prototype." The prototype was a lightning bolt. "The original FNames was basically way slow," says Keith. "It took 15 hours to do one gig. I rewrote it so it did the whole job in about 15 minutes." Now his handiwork is helping the military in Afghanistan, Iraq, and around the world in identifying and pursuing terrorist networks. Meanwhile, Keith remains hard at work-on the FNames upgrade. ■ floppy disks off a coworker's desk to the mother lode, source code. When he could, he emailed source code to a computer at the Seattle-area Boe– ing plant-where, as it turned out, the suspects wife worked. To search the Boeing computers, Heuston turned to the manufacturer, which willingly provided a team of experts to help him find the evidence. With the results in hand, the situation was quickly resolved. "That case," says Heuston, "really got our feet wet." It also served as a wakeup call to the need for computer expertise to solve crimes. m euston joined forces with PSU LIJ and the Hillsboro Police Depart– ment about 18 months ago to launch PRS, a program to bring cops, com– puter science geeks from area compa– nies, and academicians together. Cops brought traditional crime-solving tech– niques; geeks held immense and spe– cialized computer knowledge; and the • professors could put the rigors of a scientific method to the fledgling group. They call their efforts the Police Reserve Specialist program, PRS. But in reality, they're cyber sleuths. "We look for the evidence a detec– tive has asked us to look for," says PSU's Harrison, who serves as a specialist. "Basically what we're looking for is more like bricks in the wall rather than a smoking gun." ~ typical case is similar to an t.J archeological dig. Working in pairs, volunteers arrive at the Hillsboro Police Department for a briefing, then enter the Digital Forensics Lab, open the evidence locker, make an exact duplicate of the hard drive, and start to work. While some police departments are forced to rely on off-the-shelf inves– tigative software, the specialists can provide extra cyber-searching power. "Each case is unique," says Morris– sey. "Theres no cookie cutter software that does it all. We write the tools for each case as needed." For Morrissey, the path from secu– rity to forensics began 10 years ago with the Intel case. After notifying Intel security, Morrissey helped identify the individual responsible (a contract employee no longer associated with the company). The case was success– fully prosecuted, and Morrissey was on the path that eventually led him to teaching digital forensics at PSU. Still, despite the spin from Holly– wood, the field of cyber sleuthing is not exactly glamorous. Sleuths can spend hours reading through email looking for evidence and finding little among the dross. But it is important. Many police cases today have some component of electronic evidence. And cyber sleuths are the ones most capa– ble of finding that information. They're the new breed of Sherlock Holmes. D (Melissa Sleinege1; a Porlland freelance write,; wrote the article "The Fox and the Business Plan"for the spring 2003 PSU Magazine.) FALL 2003 PSU MAGAZINE 11