CSC trains more sleuths

Defense Computer Investigations Training Program

Because of the government's increasing focus on homeland defense and counterterrorism following the Sept. 11 terrorist attacks, the Defense Department is opening its computer forensics training programs to other law enforcement officials.

The change is part of a follow-on contract by the Defense Department's Computer Investigations Training Program (DCITP), which late last month awarded an eight-year, $86.8 million task order to Computer Sciences Corp. to train DOD cybercrime fighters.

CSC has been DCITP's contractor since the program began in 1998. The new contract, however, opens the program's cybercrime investigation courses to other government agencies — federal, state and local, said Robert Fout, CSC's senior manager for DCITP.

"We were right in the middle [of our proposal] when [the attacks] happened," Fout said. Then, as federal law enforcement officials zeroed in on homeland defense and counterterrorism, DOD increased the scope of the task order to make the training available to other government agencies and nearly doubled the original value of the task order.

The overall size of the program has also expanded since the 1998 award of $2.75 million because the range of courses has grown and the DCITP facility, located just outside Washington, D.C., in Maryland, has expanded to meet DOD's needs.

Under the program, CSC supports the government's efforts to train law enforcement professionals in computer investigations, said DCITP Deputy Director Maceo Boston Jr.

In fiscal 2002, DCITP is offering 50 classes in eight subjects, Boston said. Courses cover computer search and seizure, computer intrusions and forensic computer media analysis. Since its creation, DCITP has trained nearly 1,200 people through its introductory course in computer search and seizure.

That course teaches investigators how to deal with a crime scene that involves electronic media in order to protect the evidence, Fout said. Those media can range from a fax machine or answering machine to a handheld device or PC, he noted.

Other courses teach investigators how to access data on those electronic devices. The courses have to cover a range of platforms and operating systems and a breadth of machines. "You don't know what the bad guys are going to be using," Fout said.

Traditionally, most of the students have come from DOD investigative organizations.

The teachers, most of whom are employed by CSC, have to undergo regular training and testing themselves, Fout said. Instructors need to have some teaching experience and a technical and law enforcement background so they can relate to their students.

DCITP is responsible for creating and providing computer investigative training for DOD services. A DOD directive created the program in February 1998, and it offered its first class, "Introduction to Computer Search and Seizure," in September 1998.

The task order was awarded under the General Services Administration Federal Technology Service's Millennia contract.

***

Cybercrime Syllabus Cybercrime fighters-to-be at the Defense Computer Investigations Training Program study subjects such as:

* Basic forensic examinations.

* Network intrusion analysis and investigations.

* Computer searches and seizures.

* Basic evidence recovery techniques.

* Incident preparation and responses for systems administrators.