2 Investigators: Chicago Lab Analyzes Cyber Evidence To Track Down Criminals
CHICAGO (CBS) -- Bank robbers, killers, terrorists and other criminals leave behind digital and cyber evidence. Analyzing that evidence is the job of forensic lab investigators here in Chicago.
The 2008 attack on a hotel in Mumbai, India and the Boston Marathon bombing are two cases that were solved with the help of the Federal Bureau of Investigations Regional Computer Forensics Lab in Chicago. The director is John Dziedzic, who is detailed there from the Cook County Sheriff's Department and is the first director to the run the lab who is not from the FBI.
"We were running about 2 million passwords a second," says Dziedzic.
They analyze digital evidence from every device available. Investigators use programs to breakdown hard drives, extract browser history and analyze video surveillance and cell phone data. Dziedzic says digital evidence once helped solve a case involving a bank robber who left a digital clue after he Googled directions for a getaway route.
"We have a listing of all the phones we can examine," he said.
Dziedzic showed CBS 2 special equipment used to download and recover deleted files from phones including every model phone cord or connector you can imagine.
Dziedic says there are 15 people working at the lab and they are all part of a task force that includes both FBI agents and police from Chicago and suburban departments.
"We have our cell phones with us everywhere we go, we do all types of things on our computers, our vehicles even have hard drives in them and as we go through our lives there's these little digital breadcrumbs that we are leaving," says Dziedzic.
Investigators used digital breadcrumbs to help convict cyber hacker Jeremy Hammond who was tied to the group "Anonymous."
The Bridgeport resident encrypted his computer, but this lab was able to crack it says Dziedzic.
"We were able to defeat the encryption," he said. "The name of his dog Chuey 123 was his password."
They can recover deleted phone files and retrieve photos embedded with GPS time and location stamps.
"We often are able to pull the GPS coordinates off pictures or images; throw those coordinates into Google Earth and tell you were that picture was taken," said Dziedzic.
He says cell phone data can be just as important as DNA and suspects leave evidence on almost every phone on the market even after they delete text messages or emails. A phone must be wiped completely to erase content. The lab secures phones that are in evidence using metal Faraday boxes. These boxes block anyone from remotely accessing the phone and wiping the data.
Dziedzic says cell phones are becoming more important in the evidence trail and building a case.
"Often, the last message on the cell phone is, 'Can you meet me over here?' Over here is often where the body is lying."
The labs case load has been increasing 20-percent each year. They say they could use more resources. Last year alone, 15 agents worked 800 cases from local murders to high-tech computer hackers.