Kansas City, Mo. — First, they testified that a suspect in a Douglas County murder searched the Internet for terms including "How to murder someone and not get caught."
Then they used computer records to find the Kansas woman suspected of strangling a pregnant Missouri woman and cutting her fetus from her womb.
It's been a busy month for the computer sleuths at the Heart of America Regional Computer Forensic Laboratory, a second-floor suite tucked into an upscale office building just north of the Missouri River.
Instead of searching for fingerprints and footprints, the detectives who work at this office solve crimes by searching seized hard drives for file activity and Internet history.
"The way I explain it is that we are digital crime-scene investigators," said Lawrence Police Detective Dean Brown, who's assigned to the lab for a two-year stint. "It's like grabbing somebody's diary when you start looking through their computer."
The labs' employees say the recent high-profile cases show the growing importance of digital evidence -- even in violent crimes that don't appear at first glance to be computer-related.
"People are living their lives digitally," said FBI special agent Tom Maiorana, the lab's director.
Product of Patriot Act
The lab opened in July 2003 as a joint project between the U.S. Department of Justice and police agencies from Kansas and western Missouri.
Lawrence Police Detective Dean Brown is assigned to the Heart of America Regional Computer Forensic Laboratory in Kansas City, Mo.
So far, there are only four such labs nationwide, but more are scheduled to open next year. All were made possible by the 2001 USA Patriot Act, which set aside $50 million per year for training of federal, state and local police in computer forensics.
The Kansas City lab consists of a training room with 16 computer workstations, an evidence room with keyless entry that requires two people to sign in and out at the same time, a 22-terabyte server, and a sprawling room full of desks, wires and shelving where Brown and the lab's 11 other examiners do their work.
The examiners work for 10 agencies including the Missouri Highway Patrol, the Johnson County Sheriff's Office and the Kansas Bureau of Investigation. Some display their own agency's logo over their desks, but they work on cases from throughout the region.
Examiners such as Brown agree to two-year commitments and undergo about seven weeks of FBI classes before going to work. Their home agencies pay their salaries, but the federal government pays for all their training.
"Today, computers, e-mail and the Internet are the way people communicate, just as they used to use the telephone system," said Sgt. Dan Ward, a Lawrence Police spokesman. "It's equally important for us as law enforcement to understand and utilize this technology as it was when the telephone came into existence."
Catching criminals
On a recent afternoon, Brown sat at his desk surrounded by software packages, five computer monitors and stacks of computer evidence wrapped in pink static-proof plastic. He was using the Windows-based software program "EnCase," which displays an exact replica of the information on someone's hard drive and breaks down details of each file.
"If we see activity on someone's computer at a certain time and they're not supposed to be there, that has to be explained," said Brown, who has undergraduate degrees in mathematics and computer science.
More than half of the crimes investigated by the lab involve child pornography, but it also takes on white collar crimes, violent crimes and suspected terrorist activity -- including searching computers seized in October in Columbia, Mo., during a raid of an Islamic charity.
Computer provided trail to suspect (12-21-04)Sometimes, computer examiners go to the crime scene and help identify potential digital evidence such as tiny storage drives that may appear to be ordinary office items. Usually, though, police at the scene collect the computers and bring them to the lab, where examiners make an exact copy of the hard drive and begin combing through it using specialized applications.
"We cannot generally say who was at the computer," Maiorana said. "We also have to fight defenses like, 'A virus did it.'"
The Douglas County Sheriff's Office used the lab to investigate Kansas State University English professor Thomas E. Murray, who's charged with stabbing and beating his ex-wife, Carmin D. Ross, in November 2003 north of Lawrence.
At Murray's preliminary hearing this month, Brown testified he'd found that Murray used his work computer to search for subjects including odorless, colorless poisons, countries that don't extradite to the United States and "how to kill someone quickly and quietly."
Last week, within 24 hours of the time Bobbie Jo Stinnett of Skidmore, Mo., was found dead with her fetus missing, an investigator at the computer lab identified suspect Lisa Montgomery by tracking messages exchanged on an online rat-terrier message board.
Asking for help
In recent years, Maiorana said, there were few places police departments could go if they needed help getting evidence from a computer. If someone called the FBI and asked for help, the agency couldn't get involved unless it was a federal crime.
Now, any department in the lab's service area, which is defined as the state of Kansas and the western part of Missouri, can ask for help. Last year, the lab got 250 such requests.
"They need to know we're here and know that they can call us," he said.
Maiorana estimated the Kansas City lab has cost about $2 million so far, but he views it as an investment. The idea is that eventually, the examiners will bring their expertise back to their home agencies.
"It's like sending a medical student to Cook County Hospital" in Chicago, Brown said.
No comments
Commenting is turned off for this story.