If you think your spouse is cheating on you then this might be the self-help book you need. Mr. Lucich is a data forensics expert with over 20 years of hard-earned experience. I had an opportunity to talk to Mr. Lucich about this intriguing line of work
Computer, or maybe we should call it digital forensics, is a new science, in fact I would be willing to bet that most people have never heard of it. If you had to describe it in a couple of sentences, what would you tell us?
Computer forensics is not new and I have been involved with it since the late 1980s. However, it is new to the public eye. The discipline of computer forensics is the ability to preserve the contents of a hard drive in its original form that will hold up in a court of law.
Once we have preserved the contents of the hard drive, we now have the ability to search, analyze and recover data without changing the original contents.
What drew you into this line of work? As I understand it, you worked in law enforcement for a period of time. Was it a natural progression to move into this line? Did you already have a data processing background?
I was a law enforcement officer for 17 years. As a state law enforcement officer assigned to the State Organized Crime & Racketeering Bureau for over eight years, I was seizing and analyzing computers since the 1980s. I had a very technical background and was an adjunct computer science professor for over five years. I left law enforcement in 1996 to enter the private sector.
In the late ’80s and early ’90s I started to see more computers and pda’s involved in criminal investigations and decided that I wanted to get involved in looking for evidence on these devices. Because I was one of a handful of cops involved in it nationally, I became a resource to many agencies and my agency started to lend me out to others to assist in their investigations.
With the popularity of programs on the TV like CSI, the investigative world is suddenly one that is getting a lot of exposure, are you seeing more young people wanting to become involved in digital forensics?
There is no doubt that the field of computer forensics is a growing rapidly and I am currently seeing more law enforcement officers moving onto these positions and colleges are now offering courses specifically in computer forensics. These classes are often filled with people of all ages who want to enter this field.
I have been involved in the Data Processing world for over 30 years and I am amazed at how little people understand about how insecure their information is. I am wondering why you did not write a generic book about digital forensics, and the dangers inherent from relying on the computer, instead of targeting a market (the cheated on)?
There are so many books already on the market that target computer forensics. I wrote the book to place the information in the hands of people who need it but cannot afford to hire a computer forensic expert. If you ever met someone who not only felt betrayed but also frustrated because they did not know how to find the information they needed, you would understand the need for such a book. They see all the signs but are told by their spouse that they are crazy. They need the answer to the age old question; Am I crazy? It also helps them to bring closure to their relationship, which gives them the ability to move on with their life.
I also want to point out that this book is about analyzing computers. This book can be used to show parents how to analyze their kid’s computer, it can show a corporation how to image and analyze a computer to support workplace investigations. Analyzing a computer is analyzing a computer regardless of what the reason is.
Obviously this line of work is an evolving arena. As new technologies emerge, new techniques need to be found. Microsoft has made a lot of noise lately about the new version of Windows (Vista). This is supposedly a much more secure system, including the ability to encrypt the entire hard drive. How will you attack a problem like this?
There are already decryption utilities that we use to decrypt all of Microsoft products, this will be one more. However, there are technologies that are already out that can make our job harder. These are file-shredding utilities, which overwrite data numerous times making it impossible to recover the data. However, we often get some of the data back because users get lazy in using the shredding utility and some shredding utilities are not the best quality and do a horrible job.
I am sure that over the years you have come across some pretty amusing finds. Is there one in particular that sticks in your mind?
A woman claimed that she never was in a specific town to mail a letter that she was accused of mailing. She stated that she has never been to the town or the post office where it was mailed from. Her testimony stated that she wouldn’t even know how to get to that town because she never heard of it.
However, I found MapQuest directions on her computer that had the starting point of her home address and the ending point as the post office. The very post office that she claimed that she did not know how to get there.
When I am not annoying authors with my inane questions I am teaching computer skills to a mostly adult, and low technical level students. I have developed all of my books to make heavy use of pictures and diagrams; this breaks down the literacy barrier and makes the learning/example process much simpler. You use straight text in your ‘how to’ sections, I have to ask why?
I did not want to confuse them with pictures that may not make sense. Remember, this is written for all versions of Windows, so if I had a picture of a Win2k window and they had NT, it would not make sense to them. I wanted them to just follow the steps that I outline, which covers most of the versions of Windows. I found that it is easier to say click here, click here and let them focus on following directions rather than looking at pictures. I was concerned that if they saw a picture they may go off on a tangent.
A proportion of my readers are youngsters heading off to college. Do any schools have programs in the field of digital forensics?
Yes, several colleges now have these courses. Fairleigh Dickinson University (the college I graduated from) as well as many others across the US now have them.
I recently interviewed a author who had written a novel about terrorism in the US. I asked her if she was concerned that she might be producing a plan that terrorists might follow. Her response was that she had asked the FBI and Homeland Security, and no problems were foreseen. Your book, while strictly speaking is a cookbook for looking, could easily be adapted for changing the information. This could create a whole new set of problems. Any Comments?
I do not see that at all. There is no where in my book where I show people how to modify anything or how to thwart the forensic process.
Remember, if someone is fooling with the data they are breaking a law in civil and criminal courts (spoliation). Computer forensics will show that they are doing this and they now have additional charges against them.
Postscript: So all you cheating spouses, the solution is to format your hard drive after using the computer. Of course this does mean that you will have to reload Windows every time you want to check your E-Mails!
Written by Simon Barrett