Evolving Digital Forensics to Support National Security
posted Nov. 18 by BAE Systems I&SCyber attacks can seriously disrupt operations within the Department of Defense (DOD), federal government and U.S. businesses, threatening our national security and intellectual property. Digital forensics is a key component of the nation’s response, as it relates to critical and real-time intelligence. In early 1998, the DOD established the Department of Defense Cyber Crime Center (DC3) to deliver the world’s best digital forensics, training and intrusion response support to strengthen DOD law enforcement and counterintelligence, and to assure cyberspace dominance.
Former DC3 Director of the National Cyber Investigative Joint Task Force Analytical Group (NCIJTF-AG) and current Director of BAE Systems’ Cyber Analysis & Investigations, Chuck Reiners, shares his thoughts on the challenges in digital forensics.
Q: Can you tell us about your experience at DC3 and what you are doing now?
Reiners: I’ve had a long-standing relationship with DC3 that started back in 1997 when I was a computer crime investigator with theAir Force Office of Special Investigations (AFOSI). I was the chief of AFOSI’s Western computer forensic laboratory that serviced14 geographically separated investigative units across six Western states and Northern California.
Next, I led AFOSI’s Computer Investigations Training Program and functioned as the command’s curriculum advisor to the DC3 training academy. Lastly, I had the honor of concluding my career while serving on the DC3 staff with the NCIJTF-AG, which is a national-level collaborative effort to build a common operating picture of cyber advanced persistent threats to drive proactive counter-intelligence operations and investigations.
Now that I’ve joined BAE Systems, my focus remains on digital and multi-media forensics, cyber analysis and cyber training expertise, providing a robust set of capabilities that ensure successful execution of our customers’ missions.
Q: What are the current and future challenges in digital forensics?
Reiners: I think one of the biggest challenges today is the increasing number of requests for support, whether it’s related to a criminal or counterintelligence investigation or a hacking incident. Moreover, the volume of data associated with each of these cases can be staggering. If you have more cases and more data per case, you must have a scalable technical solution that can grow to handle the rising volume of data in a timely manner. You also must also attract, train and retain a highly qualified staff of cybersecurity experts to provide digital forensics and cyber analysis services to your customers.
Lastly, I’d say the constant evolution of technology. Specifically, criminals and hackers exploit the opportunities afforded them by new technology, so we must constantly adapt our procedures to stay a step ahead of them.
Q: How is BAE Systems maintaining the quality of forensic examinations as investigation requests and data continually increase?
Reiners: Since we intimately understand the unique needs of our customers, we apply the optimum combination of near-term process automation and long-term innovation and technology insertion to ensure consistent, thorough and top-notch forensic analysis support. For example, we developed a solution that provides our customers with on-demand resources from a shared pool, ensuring that processing and storage match the case needs while reducing overall processing time.
BAE Systems has an established community of practice (COP) focused on digital forensic lab accreditation and maturation. We leverage existing networking capabilities to facilitate transferring corporate best practices and lessons learned within each practice community. We stay synchronized and aware of the trade spaces of the leading digital forensics software, including Laboratory Information Management System (LIMS),so we can quickly respond to changing requirements, influence product baselines and bring highly capable resources forward for our customers.
Q: Keeping experienced, enthusiastic digital forensics personnel up-to-date is also a major issue. Can you identify the training solutions you have implemented at BAE Systems?
Reiners: It is important to address the constant evolution of communications and computing technologies to transcend the art and embrace the science of cutting-edge digital forensics! Our training program took root with a $6 million investment in our Global Analysis Tradecraft Advancement Center, which provides high-quality, motivated and well-trained full-motion video and strategic cyber analysis professionals.
We also have a robust COP that is active both live and online to share lessons learned, enable knowledge sharing and provide mentoring. From that robust foundation, we established a training program for our IT and cybersecurity professionals in partnership with leading educational institutions and commercial training providers.
Additionally, we created mission-oriented processes, coupled with wellness programs and job rotation practices, to increase job satisfaction and workforce stability. We also established strategic partnerships with leading hardware and software vendors with recognized expertise in mobile and network forensics.
Q: How are the people of BAE Systems staying ahead of constantly evolving tools and technologies?
Reiners: Ultimately, our first-class talent, armed with the best tools in the industry, keep us consistently delivering exactly what our customers need at the lowest cost. For specialized or highly classified capabilities, we develop products and tools for national security and federal law enforcement customers. Our partners, products and tools manage huge data volumes with stringent performance requirements and are used across the U.S. government digital forensics community. Finally, we proactively track changes in media type and composition to keep our practitioners ahead of changing digital forensics techniques, tactics and procedures. This also enables us to stay ahead of market changes, such as the growing prevalence of mobile devices and cloud usage.