Published by the Drug Enforcement Administration Office of Forensic Sciences Washington, D.C. 20537 The U. S. Attorney General has determined that the publication of this periodical is necessary in the transaction of the public business required by the Department of Justice. Information, instructions, and disclaimers are published in the January issues.
- INTELLIGENCE ALERT - COCAINE IMPREGNATED SILICONE IN BASEBALL CAP PARTS IN PERU The DEA Southwest Laboratory (Vista, California) recently received an unusual suspected cocaine smuggling exhibit consisting of apparent fabric cuttings used to make baseball style caps, specifically, 19 off-white pieces that would compose the round part of the hat (total net mass 852 grams), and 18 black nylon covered pieces in a crescent moon shape that would become the visor (see Photo 1 for reconstructed cap). The items were originally seized by the Peruvian National Police (PNP), and had been in a package intended to be mailed from Lima to Hawaii. Analysis by PNP chemists indicated that cocaine was present only in the white pieces. After DEA agents performed a controlled delivery in Hawaii, the evidence was forwarded to the Southwest Laboratory for further analysis. The items had only a faint odor of acetic acid but tested positive for cocaine using the nonacidic cobalt thiocyanate reagent. After several experiments, chloroform was determined to be the best solvent for extraction of the cocaine from the matrix. The "fabric" became transparent after soaking in chloroform for 18 hours, yielding a rubbery material that is suspected to be a silicone caulk type substance (see Photo 2). The material was quantitated to be 47 percent cocaine HCl by weight (equal to 370 grams of pure cocaine HCl). [Editor's Notes: According to the suspect, the Peruvian chemist responsible for preparing the material has been in operation for three - four years, has fabricated various other common items using the cocaine-silicone mixture (including wetsuits and suitcase liners), and expects the mixture to become a new method for smuggling drugs into the US and Europe. He also indicated that the items are usually mailed, and are also usually sprayed with pepper spray to deter canines. It is worth noting that curing silicone usually has an odor of acetic acid.]
* * * * *
- INTELLIGENCE ALERT - HEROIN PELLETS INSIDE MEXICAN CHOCOLATE COVERED CANDIES AT FALFURRIAS, TEXAS
The DEA South Central Laboratory (Dallas, Texas) recently received 71 "Nestle Cocosette Maxi" chocolate bars, each containing three pellets composed of layers of latex and cellophane surrounding a tan colored powdery substance, suspected heroin (total net mass 1913 grams) (see Photo 3; note that the shown bars are approximately seven inches long). The 71 bars were wrapped in four large bundles, using brown tape, and were seized from two men at the U.S. Border Patrol checkpoint near Falfurrias. The candy wrappers were imprinted with Spanish, and are thought to have originated from a manufacturing plant in Mexico (that is, before being diverted and altered for smuggling purposes). Unusually, the pellets appeared to be typical "body-carry" pellets at an intermediate production stage, that is, prior to their immersion in wax. Analysis of the powder by IR, GC/MS, and HPLC confirmed 91 percent heroin hydrochloride. The laboratory has previously received various drug exhibits concealed in chocolate, but this is the first submission that had body-carry pellets coated in chocolate. * * * * *
The
DEA Southeast Laboratory (Miami, Florida) recently received two wooden
globes each containing plastic bags containing a white powder, suspected
cocaine. The globes, which were about the size of basketballs and were
painted with decorative scenes and stylized maps of Haiti (see Photos
4 and 5), were seized by Immigration and Customs Enforcement personnel
from a passenger arriving in Fort Lauderdale on a flight from Haiti. Analysis
of the powder (total net mass 4272 grams) by GC, GC/MS, and IR confirmed
92 percent cocaine hydrochloride. This is the first submission of this
type of smuggling technique to the laboratory.
The DEA Northeast Laboratory (New York, New York) recently received a large metal gear containing a tan colored powder, which field tested positive for heroin (see Photo 6; dimensions are approximately 12 x 9 inches). The exhibit was seized by Immigration and Customs Enforcement personnel at the Federal Express Hub in Memphis, Tennessee, and had been shipped from Buenos Aires, Argentina. Analysis of the powder (total net mass 2.47 kilograms) by GC/FID, GC/MS and FTIR confirmed 89 percent heroin hydrochloride. The Northeast Laboratory routinely receives heroin smuggled in various types of containers; however, this is the first submission of this particular type. * * * * *
[From the NDIC Narcotics Digest Weekly 2003;2(47):3 Unclassified, Reprinted with Permission.] Officials from the Wyoming Highway Patrol (WHP) report that on October 28, 2003, an officer seized 290 pounds of chocolate-covered, suspected high-grade marijuana that was being transported by an Oregon woman traveling from Eugene, Oregon, to Knoxville, Tennessee. According to WHP officials, an officer stopped the woman for speeding as she was driving on Interstate 80 near Cheyenne. The officer became suspicious when the woman provided conflicting information regarding her final destination. The officer asked for permission to search the vehicle, but the woman denied the request. Consequently, the officer detained the vehicle for suspected drug trafficking and requested assistance from the Laramie County Sheriff's Office drug-detection canine unit. The drug-detecting canine alerted to the presence of an illicit drug in the trunk area of the vehicle. Troopers searched the trunk and discovered 290 pounds of chocolate-covered marijuana contained in 11 sealed plastic bags surrounded by dry ice. The 26-year-old female driver was arrested and charged with possession of a controlled substance with intent to distribute. NDIC Comment: Over the past year, there have been several instances of illicit drug concealment in chocolate. Each of these incidents has been linked to Oregon-based drug traffickers. In December 2002 the Kansas Highway Patrol seized 1,500 pieces of chocolate-covered marijuana that were being transported in a private vehicle from Eugene, Oregon, to markets on the East Coast. In addition, Oregon-based traffickers also transport and distribute chocolate-coated psilocybin mushrooms. From September 2002 to April 2003, law enforcement authorities with the Portland Police Bureau, Drug Enforcement Administration (DEA), and Portland Airport Interagency Narcotics Team (PAINT) seized more than 250 pounds of chocolate-coated psilocybin mushrooms in nine separate incidents. In each of the incidents, the psilocybin mushrooms were being shipped from Oregon to markets throughout the United States via package delivery services. [Editor's Notes: The phenomenon of chocolate/psilocybin mushroom concoctions has been extensively reported in Microgram Bulletin over the past year. In those cases, the chocolates are intended for consumption. In the present case, however, it appears that the combination of chocolate, plastic wrapping, and dry ice is more intended to suppress the odor of the marijuana, thereby reducing the possibility of either human or canine detection. This also appears to be the first ever report in Microgram or Microgram Bulletin of the use of dry ice as a smuggling aid. For obvious reasons, this technique is extremely risky for the drivers and passengers in the smuggling vehicles.]
* * * * * - INTELLIGENCE BRIEF -
The Florida Department of Law Enforcement (FDLE) Orlando Regional Crime Laboratory recently received a submission of 137.7 grams of blue and 33.2 grams of green tablets, 9 millimeters in diameter, with an elevated cross on one side and single-scored on the reverse (see Photo 7), and 23.3 grams of yellow tablets, 11 millimeters in diameter, with the ying/yang symbol on one side (see Photo 8), all suspected Ecstasy. The numbers of tablets were not determined; however, the blue and green "cross" tablets weighed approximated 270 milligrams each, while the yellow "ying/yang" tablets weighed approximately 360 milligrams each. The exhibits were seized by the Orange County Sheriff's Office as a result of a buy/bust operation in the Pine Hills area of Orlando. Analysis of the blue and green "cross" tablets by GC/MS, however, indicated not MDMA but rather phencyclidine (PCP). The amount of PCP was not quantitated; however, the green tablets had approximately three times as much PCP as the blue tablets. Analysis of the yellow "ying-yang" tablets by GC/MS indicated an approximate 3:1 mixture of MDA and methamphetamine (exact quantitation not performed) This is the first time this laboratory has seen "cross" logo PCP tablets.
The Utah State Crime Laboratory (Salt Lake City) recently received an unusual submission of two vials of a yellow crystalline substance, reputed etonitazene (a narcotic analgesic) (see Photo 9). The exhibits were acquired by the Box Elder County Strike Force from a professional chemist working in a commercial laboratory in Brigham City (located in northern Utah). Since this substance has not been previously encountered in Utah, and in fact has rarely been seen in the U.S., the laboratory did not have a standard for comparison. Analysis by GC/MS and FTIR (see spectra, next page) tentatively identified etonitazene, which led to the arrest of the chemist. The DEA Western Laboratory (San Francisco) later confirmed that the sample was pure etonitazene, based on NMR analysis.
FTIR Spectra of Etonitazene
[Editor's Notes: Comprehensive analytical data for etonitazene are reported in: Sorokin VI, Ponkratov KV, Drozdov MA. Etonitazene encountered in Moscow. Microgram 1999;32(9):239, and also in: Mills and Roberson Instrumental Data for Drug Analysis, 2nd Ed., Volume 2, pps. 906-907.]
* * * * * - INTELLIGENCE BRIEF - METHAMPHETAMINE CUT WITH ALUM IN ROME AND FLORENCE, ITALY
The Drug Analysis Laboratory of the Servizio Polizia Scientifica in Rome, Italy recently received 12 envelopes containing a total net mass of approximately 100 grams of a translucent crystalline material, suspected "ICE" methamphetamine (see Photo 10). The exhibits were seized by the Anti-Drug Section of the National Police from Filipino citizens in Rome. A similar exhibit was later seized in Florence (circumstances not reported). Analysis by color testing, GC/FID, GC/MS, ion chromatography, and X-ray diffraction (XRD), however, indicated not "ICE" methamphetamine but rather 1.2 to 35 percent methamphetamine cut with alum (potassium aluminum sulfate). This was the laboratory's first encounter with methamphetamine cut with alum.
* * * * * - INTELLIGENCE BRIEF - COCAINE/YOHIMBINE AND LSD/AMPHETAMINE MIXTURES IN SPAIN The National Drugs Laboratory of Spain (Madrid) recently received two unusual exhibits for analysis. The first was a small white bag containing 34 milligrams of an ivory colored powder, suspected cocaine, seized by the Police at a disco in south Madrid. Analysis by GC/MS, however, indicated not only cocaine (45.4 percent) but also yohimbine (not quantitated). The second exhibit consisted of ten and a half stamps, approximately 8 x 8 millimeters square, with an Elvis Presley icon, suspected LSD, seized by the Police in Valladolid (located approximately 150 kilometers north-northwest of Madrid). Analysis by HPLC and GC/MS, however, indicated not only LSD (approximately 21 micrograms per stamp) but also amphetamine (66.7 micrograms per stamp). These are the first submissions of these type mixtures to this laboratory.
**** **** **** **** Selected Intelligence Brief COMMON VEHICLE CONCEALMENT METHODS USED IN THE UNITED STATES DEA Intelligence Division 202/307-8726 [Unclassified; Reprinted With Permission] Hidden compartments have been used by smugglers since the beginning of trade and the institution of prohibitions on certain products. Today's drug traffickers are no different from those of the past, except in the methods they employ. Traffickers smuggling their product and/or illegal proceeds into or through the United States use many low- and high-tech methods to conceal both their intent and their contraband from law enforcement authorities. Drug traffickers use various types of vehicles to conceal their contraband ranging from nondescript cars, commercial trucks, vans, and tractor-trailers, to the popular minivans driven by "soccer moms." How and where drugs are concealed is determined by a variety of factors that include, but are not limited to: the drugs themselves; the size of the vehicle; the final destination of the drugs (i.e., travel distance involved); law enforcement's awareness of current concealment methods; and the imagination of the traffickers and/or the fabricators of the concealed traps themselves. For example, until recently, traffickers moving drugs and currency over long distances within the country preferred the use of the Ford Windstar minivan. Windstars were very popular family vans and could accommodate as many as 10 individual traps. According to current DEA information, traffickers have supplanted their use of Windstars as their use has been compromised and identified by law enforcement. Possession of hidden compartments or "automotive safes," as they are known in commercial parlance, is not illegal in most states.1 Hidden compartments are illegal in only a handful of states to include California, Illinois, and Michigan.2 Penalties for possession of illegal traps vary from seizure of the vehicle in Illinois, to jail or prison time not to exceed 1 year in California. Conversely, trap fabricators in California, "shall be punished by imprisonment in the state prison for 16 months or from 2 to 3 years." There are several companies throughout the United States that are known to install traps and that are recognized by traffickers, one of which is a company called Ultrasmith.3 However, in addition to such specialty shops, traps are being crafted in auto body shops, machine shops, welding shops, and stereo installation shacks.In addition to using various concealment methods to smuggle drugs into and throughout the United States, many polydrug smuggling organizations are believed to also be trafficking in human cargo. More sobering, it is not unreasonable to infer that these same routes and methods could be used to smuggle terrorists and their implements of terror into the United States. That the smuggler's art, to include methods and means, has survived generations, lends credence to the notion that traffickers tend to adhere with what works. Nevertheless, drug traffickers are constantly on the alert for indications that law enforcement is becoming aware of their techniques. Routes, conveyances, and concealment methods are continuously updated and subject to change. Following the tragic events of September 11, 2001, drug traffickers have not significantly altered their use of concealment methods and use of traps. However, traffickers have made allowances for increased airport security by scaling back their routing of drugs and currency through airports and have instead redirected drug shipments over the nation's highways and byways. Traffickers' use of traps as a vehicle concealment method is based on the type of load and the distance of travel. These traps can generally be placed into three broad categories: small, medium, and large. Small Traps
Intermediate and low-level suppliers use small traps to move small amounts of drugs, usually less than 3 kilograms, short distances; that is, across cities or between nearby urban areas such as New York City and Newark, New Jersey. Traps of this size are also used to facilitate local deliveries. For example, the DEA New York Field Division (NYFD) has identified several groups of Dominican traffickers using Lincoln Towncars with livery tags to deliver drug orders to customers who have placed orders from bars and hotels. Small traps are generally the most technologically sophisticated, with many requiring complex sequences of dashboard buttons and switches manipulated to access or close concealed compartments. Some compartment doors are operated by electrically-operated pistons; others may have mechanical or Floor-plate trap in the closed and open positionsmagnetic latches that are released only when the proper sequence is entered or after a small magnet has been passed over them. Other small traps may consist of manually and electrically operated drawers fabricated into and/or under seats; in both center- and overhead-consoles; and behind air-conditioning vents. A number of inconspicuous original equipment manufacture traps are being identified: natural voids under center-consoles; under change mats; and in or under areas used to store audio tapes and compact disks.
A difficulty in identifying these traps is that they often exhibit no signs of alteration and, therefore, may be overlooked by law enforcement officers during the course of a routine search at the scene of a traffic stop. Many traps are only found upon a destructive search or by technical personnel. Which traps are employed and where they can be found is dependent upon the type of vehicle; however, a common small trap location is in the passenger airbag space, usually located above the glove box or on top of the dashboard. The size of the vehicle is not necessarily representative of the size of the trap being employed; however, larger vehicles have more natural voids, thereby allowing traffickers to employ more traps than in smaller vehicles. Small traps are also used to conceal weapons. When the traps are used for this purpose, they are usually easily accessible and within reach of the driver or, in the case of someone being chauffeured, within easy reach of that person whether they are in the front or back seat. There have been numerous reported instances where law enforcement personnel have witnessed suspects entering vehicles with weapons in their hands, but have been unable to locate the weapons after the vehicle was stopped. Traps used for weapons concealment may be found in the passenger airbag compartment; in the doors; in seatbacks; in center-consoles; and under the carpeting at the driver's feet. Medium Traps
Traffickers employing medium-sized traps typically use them to transport and deliver 25 to 50 kilogram loads over intermediate distances, that is, intrastate deliveries. They may also be used to convey drugs and other contraband over longer distances encompassing hundreds of miles and crossing multiple state lines. For example, medium-sized traps may be employed to move drugs from Tucson, Arizona to Chicago, Illinois. Medium-sized traps are generally less technically sophisticated than small traps, but may be very innovative in their placement and concealment. As the loads are being transported over relatively long distances, the drugs may be dispersed throughout various compartments in the vehicle which are inaccessible to the vehicle's occupants. In fact, the occupants may be unaware of the location or amount of the drugs they are delivering. Medium-sized traps often make use of natural voids found behind the dashboard; between body panels and the frame of the vehicle; the frame of the vehicle itself; inside doors; inside the fuel tank(s); throughout the engine compartment; and inside vehicle batteries. The location and size of these compartments is restricted only by the size of the vehicle and the fabricator's imagination. Large Traps
Large-scale traffickers along the Southwest Border frequently use tractor-trailers and refrigerated utility trailers to transport loads through the ports-of-entry (POEs). This is probably the most secure and efficient way to transport large amounts of marijuana, which can be concealed within loads of legitimate agricultural products. Large traps are most often used to convey large quantities, hundreds of pounds to metric tons, of drugs and currency across borders and long distances. These traps are generally the least technically sophisticated and may consist of false compartments welded into, onto, or alongside standard vehicle equipment. For example, in April 2003, Bureau of Customs and Border Protection (CBP) agents located 981 pounds of marijuana secreted in a crane counterweight being transported through the checkpoint near Falfurrias, Texas. The trap was located after a drug-detection canine alert, and because the traffickers had over-applied the "make-up" grease and dirt used to hide the weld marks and fresh paint. Traffickers employing large traps may use any type of vehicle, depending upon the amount of drugs being transported and the destination. Large traps have been found in, but are not limited to, the tractors and trailers of over-the-road semis; busses; railroad box- and tank-cars; and sport utility vehicles (SUVs). For example, on February 8, 2003, United States Customs Service (USCS) officers searched a railroad tank-car entering the United States. Gamma-ray scanning revealed secret compartments at both ends of the car. Further inspection of the car resulted in the seizure of 173 packages of marijuana, totaling 2,551 pounds. Investigative follow-up resulted in the identification of another rail carwhich had already crossed into the United Statesin transit to New Jersey. DEA special agents in Newark intercepted the second rail car and discovered another 1,741 pounds of marijuana concealed in secret compartments. Trends In the Spring of 2002, USCS agents discovered an interesting method of concealment at the Deconcini POE in Nogales, Arizona, where 14.7 pounds of marijuana were seized from a Mexican-registered Dodge Caravan. The packages of marijuana were wrapped in cotton and placed in a sealed rectangular moldmade of a honey and wax mixture. The mold was then placed in a hidden compartment located in the dash of the vehicle. The marijuana was not detectable by USCS drug-detection canines. This concealment method has allegedly been used at other POEs in Arizona, as well as in California. The drivers are reportedly Mexican citizens residing in Tijuana. Intelligence information indicates that, although this concealment method is usually employed by cocaine smugglers, test runs are being conducted with small loads of marijuana.4 The Nogales Resident Office has reported that the use of SUVs to transport drugs had become extremely popular during Fiscal Year 2002. Recovered SUVs have been found to contain sophisticated built-in compartments, and appear to be replacing both tractor-trailers and personally owned sedans as conveyance vehicles in the Nogales area.5 According to a Special Agent in the DEA NYFD, Unified Intelligence Group (UIG), "As trafficking groups move. . . their tried and trusted concealment techniques move with them." Concealment techniques identified with Dominican trafficking groups in the Northeast are now popping up in the Midwestern and Western States as these groups migrate westward. Likewise, concealment techniques and vehicles commonly associated with Mexican trafficking groups throughout the Southwest and Midwest are now being encountered in Eastern States. Conclusions Traffickers' use of traps will continue. Additionally, they will continue to adapt and use different vehicles, more sophisticated traps, and concealment locations in an attempt to change their profiles and in response to law enforcement's identification and targeting of favorite vehicles. Consumer interest in large four-wheel-drive and other off-road vehicles, increases trafficker access to these vehicles. The size and ubiquitous presence of modern SUVs afford traffickers the option of scaling down their use of commercial truckswhich are subject to greater scrutiny on America's highways. New and even more sophisticated traps are virtually assured as various associated technologies, such as miniaturization, are refined. The miniaturization of trap components, such as electric motors, actuators, and hydraulic pistons, will allow fabricators to place traps in areas previously denied due to size constraints. Law enforcement personnel must continue to be knowledgeable of vehicle concealment methods and techniques used by traffickers to combat their attempts to conceal drugs and their illegal proceeds. In addition, they must be as imaginative in their searches as the traffickers and fabricators are in their placement of the traps. Small traps, commonly used for drug deliveries or weapons storage, are generally within easy access of the driver or chauffeured passengers. Medium traps often make use of natural voids in vehicles or convoluted compartments, and the contraband may be inaccessible to the occupants of the vehicle. In large traps, the contraband is generally secreted in compartments or additions fabricated into or welded onto the smuggler's conveyance of choice. This brief is not intended to be an all-inclusive guide to concealed traps in vehicles, but rather a general source of information for those working in offices not located along the Southwest border, nor along major interstate routes where Operation CONVOY or PIPELINE stops are frequently conducted. The authoritative sources for information on commonly encountered vehicular concealment methods are the Domestic and Operation PIPELINE units at the El Paso Intelligence Center and the UIG.
**** **** **** **** SELECTED REFERENCES [Note: Selected references are a compilation of recent publications of presumed interest to forensic chemists. Unless otherwise stated, all listed citations are published in English. If available, the email address for the primary author is provided as the contact information. Listed mailing address information (which is sometimes cryptic or incomplete) exactly duplicates that provided by the abstracting services.]
Additional References of Possible Interest:
THE
DEA FY - 2004 STATE AND LOCAL The remaining FY - 2004 schedule for the DEA's State and Local Forensic Chemists Seminar is as follows:
Note that the school is open only to forensic chemists working for law enforcement agencies, and is intended for chemists who have completed their agency's internal training program and have also been working on the bench for at least one year. There is no tuition charge for this course. The course is held at the AmeriSuites Hotel in Sterling, Virginia (near the Washington/Dulles International Airport). A copy of the application form is appended onto the October 2003 issue of Microgram Bulletin, and should be mailed to the Special Testing and Research Laboratory (Attention: Pam Smith or Jennifer Kerlavage) at: 22624 Dulles Summit Court, Dulles, VA 20166. For additional information, call 703 668-3337.
1. Virginia
Department of Criminal Justice Services (First Posting) The Department of Criminal Justice Services is seeking two qualified individuals to perform forensic chemical analyses of suspected controlled substances in the Division of Forensic Science, Eastern Laboratory. Duties: Incumbents will: 1) Use current state-of-the-art methodologies and instrumentation to analyze controlled substances; 2) Prepare Certificates of Analyses on findings for use by the criminal justice system; and 3) Testify in court as a qualified expert for the Commonwealth at criminal proceedings as to the results of laboratory findings. Position requires occasional overnight travel. Employee will provide own transportation as required. General Requirements: Knowledge of basic theoretical principles and applications of the instrumentation and methodologies used to analyze controlled substances required. Knowledge of laboratory safety procedures; quality assurance/quality control and laboratory practices; instrumental analysis (GC, GC/MS, FTIR, UV) and experience in forensic drug analysis required. Successful completion of a documented training program and/or demonstration of competency is required. Experience presenting testimony in a court of law, as an expert witness is preferred. Must be able to analyze data, develop sound conclusions, maintain accurate records, and analyze, and solve technical problems. Ability to communicate effectively orally and in writing required. A baccalaureate degree in chemistry or other related science with sufficient chemistry courses is required; graduate degree is preferred. Valid driver's license and/or other means of reliable transportation required. Application Procedure: Applicants must submit a state application (#10-012). Applications may be mailed to the Department of Criminal Justice Services, 805 East Broad Street, 10th Floor, Richmond, VA 23219, ATTN: Human Resource Office; emailed to gcolburn@dcjs.state.va.us or faxed to 804-786-6484. State application forms may be obtained by calling (804) 786-4246 or by downloading the form from the employment section of the DCJS web page at www.dcjs.org. For assistance, call Gene Colburn at (804) 786-6925. Notes: Selected candidates must provide a DNA sample via a buccal swab (saliva sample), be fingerprinted and pass a security background check. Equal Opportunity Employer.
* * * * * * * * * * * * * * * * * * * * * * * * *
The recognition in 2003 of digital evidence as a forensic science discipline by the American Society of Crime Laboratory Directors (ASCLD) was a milestone that symbolized the growing importance of digital evidence analysis to the criminal justice system. The formal recognition has had several consequences. First, ASCLD recognition served notice to the forensic science community that computer forensics, digital audio and digital image/video enhancements are recognized sub-disciplines which must meet ASCLD inspection criteria, if offered as a service by an already accredited ASCLD forensic laboratory or laboratory system. ASCLD/Lab, the inspection arm of ASCLD, held its first digital evidence inspector training class in May 2003. One US crime laboratory has already undergone a digital evidence inspection, and several more will undergo accreditation inspections in 2004, including DEA's Digital Evidence Laboratory. Second, the technical/subject matter expert community has begun to expand beyond simple technical exchanges on digital evidence tools or examiner training. Organizations such as the Scientific Working Group on Digital Evidence (SWGDE), the International Organization of Computer Examiners (IOCE), and the International Association of Computer Investigative Specialists (IACIS), are all currently engaged in developing a complementary infrastructure for the digital evidence discipline, including basic examiner qualifications, individual certification, proficiency testing, and digital laboratory design recommendations. Third, legislatures are beginning to mandate that law enforcement organizations ensure that digital evidence examinations are performed by qualified examiners. For example, the Texas legislature recently passed a law requiring that digital evidence examinations be conducted by accredited laboratories. The momentum to ensure that basic forensic science methods and principles are applied to digital evidence is slowly growing. While much has been accomplished over the last few years, there remain a number of areas that are largely undefined. Areas of open discussion within the digital evidence community include: instrument calibration testing, methods validation, the proper use of controls in a digital examination, evidence handling/storage criteria, proficiency testing, and instrument log book criteria. Instrument Calibration Methods Validation Controls This is not as trivial as it sounds. Technically, there is no such thing as an absolute negative control or "blank" in digital evidence, since all digital media that is formatted or initialized must contain some binary pattern of information. For example, a standard floppy diskette right out of the box and just formatted by the Windows operating system contains binary data in the Master Boot Record, File Allocation Table and Data storage areas. Therefore, the easiest solution for a "negative control" test is to generate media that contains a known (and finite) test pattern to determine (by select keyword searching) that no data artifacts are being introduced by the examination software or hardware. A positive control can consist of finding a previously documented pattern of data or file type (such as ASCII text, images, documents, spreadsheets, or e-mails) in order to demonstrate that the examination system is in working order. Controls should be implemented in parallel to the examination process. In the digital evidence field, examination controls are tested either before the examination is started or after the examination has been completed. The pressing issue within the digital evidence community involves assessing what form of test media constitutes an adequate control, since mounting and testing an entire hard drive (as a control) would take an inordinate amount of time to handle and exhaustively search. Evidence Storage However, there is still significant debate within the community on what storage conditions are necessary. For example, is temperature or humidity a concern? Should fire suppression technology rely on water sprinklers in an evidence storage area? What steps are prudent when dealing with battery powered objects? Are radio frequency (RF) Laboratory Evidence Management Systems (LEMS) systems compatible with digital evidence storage best practices? (that is, does RF emitted energy endanger consumer electronic memory storage devices?) External Proficiency
Test The most salient problem involves the diversity of what constitutes a digital evidence examination. For example, a civil litigation digital examiner might be concerned only with the identification of e-mail communication containing specific key words such as "tobacco", "asbestos", or "carcinogen". A criminal digital evidence examiner might be similarly limited to the recovery of potential child exploitation images, pharmacy prescription information, financial data for a specific period of time, or e-mail belonging to only one person. Such limitations may be a result of the search warrant's scope or the laboratory's standard operating procedure defining sufficiency of examination. However, other criminal examinations may require much more in-depth data-mining to achieve the investigation's objectives. Such "connect the dot" type examinations are much more typical of many drug, conspiracy, and espionage cases. The problem that arises with designing an external proficiency test for the entire community becomes an issue of proper scope. Can one external proficiency test serve all practitioners? The answer would clearly seem to be "No". Therefore, can a multi-tier system be devised that properly tests any of the varied programs in the digital evidence constellation, each in accordance with its typical duties? Instrument Logbooks The maturing of the digital evidence field will take some time, as the core principles of forensic science are applied. Eighteen months from now (after several digital evidence laboratories have undergone their ASCLD inspections), many of these questions will have been answered. In the interim, forensic science managers must address the issues through their internal quality assurance programs. The challenge for all digital evidence managers, supervisors, unit chiefs, and police chiefs is: If not you then who? If not now then when? To ignore these issues and wait until some future date, will possibly encourage the courts or legislatures to externally regulate the digital evidence discipline. Questions or comments? e-mail: mphelan@erols.com
* * * * * * * * * * * * * * * * * * * * * * * * *
|