* * * * *

- INTELLIGENCE ALERT -

ECSTASY MIMIC TABLETS (CONTAINING
DEXTROMETHORPHAN) IN COLOMBIA, MISSOURI

Photo 3

The Missouri State Highway Patrol Crime Laboratory (Jefferson City, Missouri) recently received a polydrug seizure that included a small amount of marijuana and two red tablets (total net mass 0.59 gram) with an “M M” logo, suspected MDMA (see Photo 3, right). The exhibits were seized in Columbia, Missouri by the local Police Department (details of seizure not available). Color testing gave a negative result with sodium nitroprusside, and a magenta color with the Marquis reagent. Analysis of an extract by GC/MS indicated not MDMA, but rather methorphan (3-methoxy-N-methylmorphinan (not quantitated)). Due to the scheduling differences between dextromethorphan, levomethorphan, and racemethorphan, an optical isomer determination using the trinitrobenzoic acid microcrystalline test* was performed, and confirmed dextromethorphan [* See Clarke, Isolation and Identification of Drugs, 1969]. This is believed to be the first ever submission of dextromethorphan tablets to the Missouri laboratory system.

 

* * * * *

- INTELLIGENCE ALERT -

ECSTASY MIMIC TABLETS (CONTAINING MDA, CAFFEINE,
AND FENTANYL IN ORANGE AND ANAHEIM, CALIFORNIA

Photo 4

The Orange County Sheriff-Coroner Department, Forensic Science Services Division (Santa Ana, California) recently received two separate tablet submissions, both suspected MDMA. The first submission consisted of four off-white tablets with an “LV” (Louis Vuitton) logo, average net mass 240 - 250 milligrams (see Photo 4). These tablets were seized by the Orange Police Department in Orange, California (circumstances of the seizure not available). The second submission consisted of one white tablet with no discernable logo, mass 205 milligrams (photo not provided). This tablet was seized by the Anaheim Police Department in Anaheim, California (circumstances of the seizure not available). Analysis by GC/MS and GC/IRD, however, indicated not MDMA but rather a mixture of 3,4-methylenedioxyamphetamine (MDA), caffeine, and fentanyl (not quantitated) in both submissions. These were the first submissions of this type to the laboratory.

 

* * * * *

- INTELLIGENCE ALERT -

ECSTASY TABLETS CONTAINING TRACE COCAINE AND
D,L-METHAMPHETAMINE IN EL PASO, TEXAS

Photo 5

The DEA South Central Laboratory (Dallas, Texas) recently received 185 round, dark green tablets with a dove logo on one side and a raised circular area on the opposite side, 8.5 millimeters in diameter, suspected MDMA (see Photo 5). The exhibits were acquired by a DEA Agent in El Paso, Texas (details not available). The tablets were dark green in color, but appeared to actually contain multiple dyes. Analysis of the tablets (total net mass 59.5 grams) by FTIR, GC/MS, GC/FID, GC/IRD, and HPLC confirmed 3,4-methylenedioxy-methamphetamine (60 milligrams/tablet, calculated as the hydrochloride salt), along with trace (less than one percent) cocaine and d,l-methamphetamine. This was the third submission of MDMA tablets containing from trace to low percentages of cocaine to the South Central Laboratory; however, the two previous submissions each consisted of only a single tablet. The laboratory has had four additional submissions of these same tablets since this initial submission.

 

* * * * *

- INTELLIGENCE ALERT -

CHESS TABLE STANDS (FROM GUATEMALA)
CONTAINING COCAINE IN MIAMI, FLORIDA

Photo 6

The DEA Southeast Laboratory (Miami, Florida) recently received two chess table stands, each containing a plastic bag of white powder, suspected cocaine (see Photo 6). The exhibits originated in Guatemala, and were seized by Immigration and Customs Enforcement (ICE) personnel following a controlled delivery in Miami. Analysis of the powder (total net mass 2,990 grams) by GC/MS and FTIR confirmed 81 percent cocaine hydrochloride. This is believed to be the first submission of this type to the Miami Laboratory. There were no controlled substances in either of the chess boards or in any of the individual chess pieces.

 

 

 

* * * * *

- INTELLIGENCE BRIEF -

CHESS PIECES CONTAINING HEROIN IN NEW YORK

Photo 7

The DEA Northeast Laboratory (New York, New York) recently received 642 plastic chess pieces, average height about 2 inches, each containing a brown powder, suspected heroin (see Photo 7). The exhibits were seized by the New York Drug Enforcement Task Force (location and circumstances of seizure not provided). Analysis of the powder (total net mass 1,958 grams) by GC/FID, GC/MS, and FTIR confirmed 51 percent heroin hydrochloride, along with 26 percent mono-acetylmorphine (positional isomer (O3 versus O6) not determined). This was the first submission of heroin concealed in chess pieces to the Northeast Laboratory. The origin of the exhibits was not provided.

 

* * * * *

- INTELLIGENCE ALERT -

TAPESTRY AND PLACE SETTING MATS CONTAINING HEROIN

The DEA Southwest Laboratory (Vista, California) recently received two tapestry (36 x 24 inches (see Photos 8 and 9)) and eight place setting (18 x 12 inches (see Photo 10, below)) Agents pursuant to an investigation into a new smuggling technique (location and details not provided in accordance with Microgram policy). The mats consisted of three layers: 1) A velvet picture top layer; 2) a rubber-like center layer; and 3) a nonskid textured rubber-like bottom layer (see Photo 11). The top two layers appeared to be professionally fabricated. Analysis of extracts by GC/MS and IR-ATR confirmed heroin hydrochloride in all three layers, with the highest concentration in the middle layer. Quantitative analysis by GC (all three layers combined) indicated 17 percent heroin hydrochloride in the place setting mats and six and seven percent, respectively, in the two tapestry mats. Combined, there was a total net mass of 557.3 grams of heroin hydrochloride in the 10 mats. This is the first submission of this type to the Southwest Laboratory.

Photo 8	Photo 9

Photo 10	Photo 11

* * * * *

- INTELLIGENCE BRIEF -

LARGE HEROIN MILL SEIZED IN NEW YORK CITY

[From the NDIC Narcotics Digest Weekly 2005;4(36):1
Unclassified, Reprinted with Permission.]

On August 15, 2005, members of the New York Organized Crime Strike Force, working in conjunction with the New York Police Department (NYPD) Organized Crime Investigation Division (OCID), dismantled a heroin packaging and distribution organization based at a private residence in the Williamsbridge section of the Bronx. Officers had the private residence under surveillance when they noticed that an individual had circled the block several times in a vehicle and then approached the house on foot carrying a large duffel bag. When officers moved toward the man, he tossed the bag inside the residence and denied any knowledge of the bag or the activities occurring inside the residence. Officers then received consent from an individual in the house to search the property. They discovered that the windows of the house were covered with cardboard, the basement was accessible only through trap doors and ladders located in closets, and electrical lines to the basement were routed through the access ways. In the basement of the house, officers discovered an elaborate heroin milling operation in which Dominican nationals, believed to be low-level employees of a Colombian organization, had established an assembly line to mix, weigh, package, and stamp the heroin. The mill - believed to have been in operation for less than 4 weeks - operated around the clock. The Dominican packagers reportedly were paid $1,000 per week and were not permitted to leave the residence. Officers arrested 13 Dominican nationals who subsequently were charged with federal narcotics trafficking and firearms offenses. If convicted, each could face a sentence of 15 years to life in prison. Additionally, Task Force officers seized 50 kilograms of heroin (47 kilograms of which had been processed for retail distribution), 1 pound of Mexican black tar heroin, approximately $250,000, two money-counting machines, and seven handguns. Officers also seized heroin processing and packaging supplies, including 21 cases of glassine envelopes, 150 coffee grinders that had been used to cut and mix the drugs, waffle irons that had been used to make the glassine packaging pliable, rolls of tape, and 57 rubber stamps for labeling the heroin. The stamps had logos such as Black Flag, Fully Loaded, Cancer, Resident Evil, and Kill Zone. The investigation is ongoing. The Strike Task Force is composed of agents from the Drug Enforcement Agency (DEA), NYPD, New York State Police (NYSP), U.S. Immigration and Customs Enforcement (ICE), Federal Bureau of Investigation (FBI), and Internal Revenue Service (IRS).

NDIC Comment: This is the largest heroin mill seized in New York City in the last decade. Heroin mills were common in the 1970s and 1980s when the demand for heroin was much higher than it has been over the past decade. However, anecdotal reporting indicates that heroin is readily available in New York City and that abuse is increasing. Increased heroin demand may result in traffickers reestablishing large milling operations.

* * * * *

- INTELLIGENCE BRIEF -

LARGE MODEL ROCKET (SEIZED FROM A VEHICLE IN MISSOURI) USED TO CONCEAL - AND POTENTIALLY DISCARD - ICE METHAMPHETAMINE

[From the NDIC Narcotics Digest Weekly 2005;4(36):2
Unclassified, Reprinted with Permission.]

Photo 12

On July 15, 2005, the U.S. Attorney for the Western District of Missouri announced the federal grand jury indictment of two Kentucky men on charges that they had conspired to distribute methamphetamine. The two Caucasian males had obtained ice methamphetamine from Mexican sources of supply in Omaha (NE) and were transporting the drugs to Louisville (KY) for distribution. The men concealed the ice methamphetamine in the body of a motorized, 3-foot hobby rocket connected by wires to the vehicle's cigarette lighter (see Photo 12). If stopped by law enforcement officers en route to their destination, they planned to open the trunk of the vehicle, raise the methamphetamine-filled rocket into launching position using a string and pulley system, and launch the rocket into the air (see Photo 13). The two men had tested a similar rocket filled with 2 pounds of gravel that reached a height of about 1,200 feet and, based on the results of that test, expected the plastic bags containing the ice methamphetamine to melt or disintegrate and the drugs to scatter into the air. On June 24, 2005, the men had an opportunity to test their device when a Missouri State Highway Patrol (MSHP) trooper attempted to stop their vehicle on Interstate 70 in Callaway County. The vehicle exited the interstate and entered a restaurant parking lot; however, the two men failed to activate the rocket. The driver then fled the vehicle and discarded a small bag containing approximately 2 grams of methamphetamine, while the passenger remained in the vehicle. The trooper and a backup officer apprehended the men, searched the vehicle, and discovered the rocket as well as devices that appeared to be pipe bombs hidden in the trunk. Officers with the MSHP bomb squad and the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) were called to the scene and determined that the devices were PVC pipes constructed to resemble pipe bombs. Officers seized 2 pounds of ice methamphetamine concealed in the hobby rocket, the 2 grams of methamphetamine that the driver had tossed after fleeing the vehicle, 38 grams of ice methamphetamine that had been concealed in the three PVC pipes, and 14 grams that had been concealed in a false-bottomed can, as well as 105 hydrocodone, 41 Viagra (sildenafil citrate), 39 Xanax (alprazolam), 32 Cialis (tadalafil), and 7 Klonopin (clonazepam) tablets, and $13,534.

Photo 13

NDIC Comment: Drug distributors often use creative methods to conceal drugs during transportation but rarely develop such an elaborate means of discarding the drugs in the event of law enforcement interdiction. This scheme indicates the extent to which traffickers will go to protect drug shipments.

* * * * *

- INTELLIGENCE BRIEF -

CANNABIS GROW SITE SEIZED ON BLM PROPERTY WEST
OF CEDAREDGE, COLORADO

[From the NDIC Narcotics Digest Weekly 2005;4(37):3
Unclassified, Reprinted with Permission.]

On August 3, 2005, law enforcement officers seized a cannabis grow site containing 3,100 plants west of Cedaredge on Bureau of Land Management (BLM) property. Colorado Air National Guard (CANG) personnel discovered the operation during a routine fly-over. The plants were in various stages of growth and ranged from 3 to 6 feet in height; they were located among juniper trees on approximately one-half of an acre. Law enforcement officers discovered that water from a nearby stream had been gravity fed to the plants via a system of plastic pipes. Officers also discovered three campsites near the cannabis grow site, and because of the number of discarded cannabis stalks covering a wide area near the camps, investigators speculate that the site had been in operation for several years. Investigators believe that as the plants matured, the buds and leaves were stripped from the stalks and transported to another location for processing. Two semiautomatic handguns, a pistol, and several boxes of ammunition also were discovered in a tent at one of the campsites. Personnel from the Delta County Sheriff's Office; U.S. Department of the Interior, BLM; and U.S. Department of Agriculture, National Forest System (NFS) also participated in the investigation.

NDIC Comment: Mexican DTOs often establish cannabis grow sites on federal lands throughout the United States, and such activity has been increasing over the past several years in Colorado. For example, approximately 5,000 cannabis plants were seized in 1997 from private property approximately 1 mile from the August 3 seizure site; 7,000 cannabis plants were seized on the same section of private property in September 2000; and 10,000 cannabis plants were seized in August 2002 on BLM property near Gateway, Colorado.

* * * *

* * * *

* * * *

* * * *

* * * *

SELECTED REFERENCES

[Selected references are a compilation of recent publications of presumed interest to forensic chemists. Unless otherwise stated, all listed citations are published in English. Listed mailing address information (which is sometimes cryptic or incomplete) exactly duplicates that provided by the abstracting services. Patents are reported only by their Chemical Abstracts citation number.]

1. Anastos N, Barnett NW, Lewis SW. Capillary electrophoresis for forensic drug analysis: A review. Talanta 2005;67(2):269. [Editor’s Notes: Covers the applicable literature since 2001. Includes both drug seizures and biological applications. Contact: School of Biological and Chemical Sciences, Deakin University, Geelong 3217, Australia.]

2. Anastos N, Barnett NW, Lewis SW, Pearson JR, Kirkbride KP. Rapid determination of carbohydrates in heroin drug seizures using capillary electrophoresis with short-end injection. Journal of Forensic Sciences 2005;50(5):1039. [Editor’s Notes: Presents the title study, using a borate complexation method. Contact: School of Biological and Chemical Sciences, Deakin University, Geelong 3217, Australia.]

3. Awad T, DeRuiter J, Clark CR. GC-MS analysis of acylated derivatives of the side chain and ring regioisomers of methylenedioxymethamphetamine. Journal of Chromatographic Science 2005;43(6):296. [Editor’s Notes: Abstract not available. Contact: Auburn Univ, Sch Pharm, Dept Pharmacal Sci, Auburn, AL 36849.]

4. Cole M. The Analysis of Drugs of Abuse: A Systematic Approach. (Text) John Wiley & Sons Inc., Chichester, UK: 2003.

5. Esseiva P, Anglada F, Dujourdy L, Taroni F, Margot P, Pasquier ED, Dawson M, Roux C, Doble P. Chemical profiling and classification of illicit heroin by principal component analysis, calculation of inter sample correlation and artificial neural networks. Talanta 2005;67(2):360. [Editor’s Notes: Presents the title study. 3,371 samples were categorized into 20 subsets. Contact: Institut de Police Scientifique, Univerity of Lausanne, Switz.]

6. Federici JF, Schulkin B, Huang F, Gary D, Barat R, Oliveira F, Zimdars D. THz imaging and sensing for security applications - Explosives, weapons, and drugs. Semiconductor Science and Technology 2005;20(7):S266. [Editor’s Notes: Appears to be an overview of the use of tetrahertz imaging technologies for detection purposes. The “drugs” were not specified in the abstract. Contact: Department of Physics, New Jersey Institute of Technology, Newark, NJ (zip code not provided).]

7. Kalach AV. Criminalistic identification of explosives and narcotics using gas analyzers. Pribory I Sistemy: Upravlenie, Kontrol, Diagnostika 2005;(5):27. [Editor’s Notes: Not clear from the abstract what is meant by a “gas analyzer”. The “narcotics” were not specified in the abstract. This article is written in Russian. Contact: Ufim. Gos. Neft. Tekh. Univ., Salavat, Russia.]

8. Maresova V, Hampl J, Chundela Z, Zrcek F, Polasek M, Chadt J. The identification of a chlorinated MDMA. Journal of Analytical Toxicology 2005;29(5):353. [Editor’s Notes: The unknown was detected in a urine sample, and was tentatively identified as 6-chloro-MDMA. Contact: Institute of Forensic Medicine and Toxicology, First Medical Faculty and Hospital, Charles University of Prague, Czech Rep.]

9. Moldvai I, TemesvariMajor E, Ineze M, Domyei G, Szentirmay E, Szantay C. Synthetic route to ergot alkaloids. Helvetica Chimica Acta 2005;88(6):1344. [Editor’s Notes: An overview, including three synthetic pathways to the ergolines. Contact: Hungarian Acad Sci, Inst Biomol Chem, Chem Res Ctr, POB 17, H-1525 Budapest, Hungary.]

10. Nic Daeid N, Waddell RJH. The analytical and chemometric procedures used to profile illicit drug seizures. Talanta 2005;67(2):280. [Editor’s Notes: An overview. Contact: Centre for Forensic Science, University of Strathclyde, Glasgow, Scotland.]

11. Reddy MM, Krishna G, Priyankar RSN, Sarin RK, Sashidhar RB. Source identification of Indian opium based on chromatographic fingerprinting of amino acids. Journal of Chromatography A 2005;1088(1-2):158. [Editor’s Notes: 124 samples from 14 licit growing sites were analyzed. The results gave 90% accuracy in assigning geographical origin. 3 major groups (types) of Indian opium were identified in the study. Contact: Central Forensic Science Laboratory, Directorate of Forensic Science, Directorate of Forensic Science, Ministry of Home Affairs, Ramanthapur, Hyderabad 500013, India.]

12. Saito K, Toyo’oka T, Kato M, Fukushima T, Shirota O, Goda Y. Determination of psilocybin in hallucinogenic mushrooms by reversed-phase liquid chromatography with fluorescence detection. Talanta 2005;66(3):562. [Editor’s Notes: Presents the title study. Detection limits were 4.4 ng in 1 mg of dried mushroom. Contact: School of Pharmaceutical Sciences and COE Program in the 21st Century, University of Shizuoka, Shizuoka, Japan 422-8526.]

13. Weinberger R. Implementing Capillary electrophoresis in a controlled environment: An interview with Ira Lurie of the DEA. American Laboratory 2005;37:6. [Editor’s Notes: A conversational overview of the use of CE for the analysis of controlled substances in forensic laboratories. Contact: CE Technologies, Inc., P.O. Box 140, Chappaqua, NY 10514.]

14. Zhang D, Sun W, Yuan Z, Ju H, Shi X, Wang C. Origin determination of a heroin sample and its acetylating agent with 13C isotope ratio mass spectrometry. European Journal of Mass Spectrometry 2005;11:277. [Editor’s Notes: Includes heroin hydrolysis studies and IRMS analysis of the resulting morphine. The origins of the acetylating agents could be deduced from the differences between the heroin and morphine. Contact: Forensic Medical Examination & Identification Center of Beijing Public Security Bureau, Beijing 100085, China.]

Additional References of Possible Interest:

1. Chan KH, Pan RN, Hsu MC. Simultaneous quantification of six ephedrines in a Mahwang [sic] preparation and in urine by high-performance liquid chromatography. Biomedical Chromatography 2005;19(5):337. [Editor’s Notes: Focus is biological, but also includes analysis of a Ma Huang preparation. Contact: 250 Wen Hua 1st Rd, Taoyuan 333, Taiwan.]

2. Lee DYW, Karnati WR, He MS, LiuChen LY, Kondaveti L, Ma ZZ, Wang YL, Chen Y, Beguin C, Carlezon WA, Cohen B. Synthesis and in vitro pharmacological studies of new C(2) modified salvinorin A analogues. Bioorganic & Medicinal Chemistry Letters 2005;15(16):3744. [Editor’s Notes: Presents the title study. Contact: Harvard Univ, Sch Med, McLean Hosp, Mol Pharmacol Lab, 115 Mill St, Belmont, MA 02478.]

3. Liu LB, Zheng ZX, Lin JM. Application of dimethyl-beta-cyclodextrin as a chiral selector in capillary electrophoresis for enantioseparation of ephedrine and related compounds in some drugs. Biomedical Chromatography 2005;19(6):447. [Editor’s Notes: Presents the title study. Contact: Chinese Acad Sci, Key Lab Environm Chem, POB 2871, Beijing 100085, Peoples R. China.]

4. Mille B. Chemistry in court. Chromatographia 2005;62(1-2):3. [Editor’s Notes: An overview. Contact: Univ Bristol, Sch Chem, Cantocks Close, Bristol BS8 1TS, Avon, England.]

5. Piletska EV, Romero-Guerra M, Chianella I, Karim K, Turner APF, Piletsky SA. Towards the development of multisensor for drugs of abuse based on molecular imprinted polymers. Analytica Chimica Acta 2005;542(1):111. [Editor’s Notes: Included preparation of MIP’s for cocaine, methamphetamine, methadone, and morphine. Contact: Institute of Bioscience and Technology, Cranfield University, Bedfordshire, UK MK45 4DT.]

* * * *

* * * *

* * * *

* * * *

* * * *

THE JOURNAL/TEXTBOOK COLLECTION EXCHANGE

There were no offerings made during the past quarter.

All subscribers are encouraged to donate surplus or unwanted items or collections; if interested, please consult the Microgram website or contact the Microgram Editor for further instructions.

The next offering of journals and textbooks will be in the January 2006 issue of Microgram Bulletin.

* * * *

* * * *

* * * *

* * * *

* * * *

THE DEA FY - 2005 AND FY - 2006 STATE AND LOCAL FORENSIC CHEMISTS SEMINAR SCHEDULE

The FY - 2006 schedule for the DEA’s State and Local Forensic Chemists Seminar is as follows:

November 14 - 18, 2005
February 6 - 10, 2006
May 8 - 12, 2006
July 10 - 14, 2006
September 11 - 15, 2006

Note that the school is open only to forensic chemists working for law enforcement agencies, and is intended for chemists who have completed their agency’s internal training program and have also been working on the bench for at least one year. There is no tuition charge for this course. The course is held at the AmeriSuites Hotel in Sterling, Virginia (near the Washington/Dulles International Airport). A copy of the application form is reproduced on the last page of the August 2004 issue of Microgram Bulletin. Completed applications should be mailed to the Special Testing and Research Laboratory (Attention: Pam Smith or Jennifer Kerlavage) at: 22624 Dulles Summit Court, Dulles, VA 20166. For additional information, call 703/668-3337.

* * * *

* * * *

* * * *

* * * *

* * * *

EMPLOYMENT OPPORTUNITIES

1. U.S. Drug Enforcement Administration (Second Posting)
Position: Forensic Chemist (Up to 10 Positions Available)
Location: Dallas, Texas
Salary Range: $32,084 (GS-5) - $67,033 (GS-11) - Promotional potential to GS-13
Application Deadline: Open Until Filled
Detailed Information and Application: https://www.avuedigitalservices.com/dea/applicant.html
Vacancy Announcement Number: DEA-SCLAB-05-0297-MP (Merit Promotion) or DEA-SCLAB-05-0297-DEU (All Others)

* * * * *

2. U.S. Drug Enforcement Administration (Second Posting)
Position: Fingerprint Specialist (1 Position Available)
Location: San Francisco, California
Salary Range: $57,178 - $105,939
Application Deadline: Open Until Filled
Detailed Information and Application: https://www.avuedigitalservices.com/dea/applicant.html
Vacancy Announcement Number: DEA-WEST-05-0293-MP (Merit Promotion) or DEA-WEST-05-0293-DEU (All Others)

 

* * * *

* * * *

* * * *

* * * *

* * * *

Computer Corner Computer Forensic Jargon to Avoid

#199 by Michael J. Phelan DEA Digital Evidence Laboratory

In the last edition of Computer Corner (#198), a list of simple phrases and short technical definitions was provided for a number of computer forensic terms that are commonly used in report writing and in courtroom testimony. This edition will address a related issue: Technical jargon that should be avoided because the term: 1) Has no agreed-upon meaning within the computer forensic community; 2) is redundant; 3) is overly technical; 4) misrepresents the facts; or 5) is proprietary.

As the Digital Evidence field has expanded, its practitioners have developed specialized terminology to describe various aspects of their work. However, some technical terms were adopted for common use without considering their precise meaning, or are improper uses or adaptations of proprietary names. Inappropriate use of certain terms can cause confusion among the recipients of digital evidence reports (investigators, attorneys, and jurors) - or more importantly can be negatively exploited in a courtroom setting by the defense. The following is a list of technical jargon that should be avoided:

Bit Stream: This term refers to a sequential copying of all of the bits on the media. Related terms include “bit stream copy” and “bit stream image”. Other copy terminology such as “copy”, “duplicate”, or “image” is both more accurate and linguistically more intelligible.

Cache: This term has multiple meanings, including different hard drive storage areas such as the swap or page file (a temporary memory storage area), or the temporary Internet files used to refresh a webpage directly from the hard drive (that is, to avoid having to download the data from scratch (reducing network access)). The term is frequently used by computer forensic examiners to denote some type of temporary data storage. However, the use of the term “cache” without additional hard drive storage location explanation is generic, and does not provide the level of specificity that is expected in a digital evidence forensic report, examiner notes, or courtroom testimony.

Carved: This term refers to a process that uses a set of file headers and footers to search for data that meets the specified search pattern parameters. The term implies that information is “carved” out of the media being searched (implying it is somehow removed). This is vague and confusing, especially for non-computer forensic personnel, and should be avoided. The use of the phrase “recovered” is preferable.

dd: This term refers to the Unix command that copies data. However, the number of options under this command are extensive, so “copy” is a more preferable term. The examination notes should show those options that were actually used, but the reporting and testimony should be kept simple.

Exact Duplicate: As defined in the Federal Rules of Evidence, a duplicate is an exact representation of the original. Therefore, the term “exact duplicate” is redundant.

Forensic Copy: This term has no accepted definition. It implies that a copy was authenticated for use in digital evidence forensics. However, no common definition exists which differentiates a “forensic copy” from the more accepted terms of “logical copy”, “physical copy”, “duplicate”, or “image”.

Forensic Wipe: This term is synonymous with the term “data erasing”. It involves the overwriting of existing data storage locations (containing data) with a new pattern of zeros and ones. Wipe software technology often wipes each storage location multiple times to ensure that none of the original data remains. However, the term “forensic wipe” does not have any agreed standard that specifies the number of required overwrites. It should therefore be avoided because it lacks specificity, yet implies that the wipe is “forensically” sound. There is a data erasing standard commonly referred to as a “DoD Wipe”. The Department of Defense (DoD) has published the number of required overwrites minimally necessary for various levels of classified information. The higher the level of security classification, the more overwrites (wipes) that are required before the data is considered fully erased or non-recoverable.

Ghosted: This is another term sometimes used to denote a copy of an original. The term’s origin is probably the copy software marketed by Symantec Corporation under the name of “Ghost”. However, the Ghost software contains many options, some of which affect the robustness (type and reliability) of the copy. Therefore, the meaning of the phrase “ghosted” or “ghost copy” is not specific, and it is inappropriate for use in a forensic report or testimony. Again, the term “copy” is preferable in both report writing or testimony, because it is simple and covers all forms of duplications.

Mirror Image: The term “image” is used by computer forensic examiners to denote a file (or group of files) that contains an exact representation of the original data (often stored in a proprietary format). A “mirror image” is a frequently used computer forensic term, and is meant to denote an “exact copy” or “reflection” of the original. However, the term is not a proper analogy, because a mirror image is actually a reverse image - not a true copy. Again, the term “image” (by itself) is fully explanatory of this type of copy.

Sterile Media (also sometimes referred to as “Blank Media”): This term is sometimes used to denote storage media that does not contain any data. However, all magnetic media consists of a magnetic flux state, at all storage locations, at all times. Thus, no magnetic media can be considered to be “sterile” or “blank”, because every storage bit location at every sector contains either a high or low magnetic flux, commonly referred to as a zero (low magnetic flux) or a one (high magnetic flux). Therefore, the term “wiped media” is recommended to denote storage media that does not contain any meaningful data that was inputted by a user - either because it is brand new, or because it has been wiped by a user.

Tarred: This term refers to a very common Unix data compression algorithm. The use of the term “compressed” is preferred, because it covers any type of data compression software.

Zipped: The term refers to two common data compression software products - PK Zip or PK Lite. Again, the use of the term "compressed" is preferred.

The digital evidence community (through the Scientific Working Group on Digital Evidence (SWGDE)) has provided some guidance with regard to technical definitions in its April 25, 2005 draft entitled: Digital Multimedia Evidence Glossary Version 1.0 (www.swgde.org). However, the discipline is still relatively new, and so few recognized technical definitions exist. As an interim strategy for laboratory management, a best practice would be to include a glossary in the laboratory’s standard operating procedures that defines all commonly utilized terms that are not covered by current, standard information technology definitions. Additionally, the use of technical terms or jargon to be avoided, as well as a policy that addresses the use of propriety names or terms in official documents, should be considered in the laboratory’s training program. The long term goal is to have a uniform approach to correctly and clearly describe the processes of how digital evidence was handled and examined.

Questions or comments?:
E-mail: Michael.J.Phelan -at- usdoj.gov