Western New York
Upon request, the WNYRCFL will provide digital forensics services and training to any law enforcement agency operating in its 17 county service area of:
The participating agencies contribute personnel and resources to staff and maintain the operations of the WNYRCFL. The WNYRCFL does not hire personnel directly. Benefits of RCFL participation are numerous – Contact the Laboratory Director - Greg Winsor to learn more about the opportunities for your agency to join the WNYRCFL.
- Erie County Sheriff's Office
- Monroe County Department of Public Safety
- Buffalo Police Department
- Niagara County Sheriff's Office
- New York State Department of Taxation & Finance
45 Elm Street – 4th Floor
Buffalo, NY 14203
Office Main Line: (716) 362-8600
Monroe County Crime Lab
85 W Broad St, Rochester, NY 14614
WNYRCFL Laboratory Director:
45 Elm Street – 4th Floor
Buffalo, NY 14203
Western New York RCFL (716) 843-1788
Any law enforcement agency operating in the WNYRCFL's service area can request assistance with the following activities—
- Pre-Seizure Consultation —The WNYRCFL can assist with search warrant preparation (only as it applies to digital evidence) by advising on related language that may be included in the affidavit.
- On-Site Seizure and Collection—Requests for this type of assistance should be made a minimum of 48 hours in advance (the more lead time the better) by submitting a completed Service Request form to the WNYRCFL. On occasion, an agency will uncover digital evidence that they are unprepared to manage. Under these circumstances, the advance notice requirement is waived. Once the WNYRCFL evaluates the search request, the Operations Manager assigns it to an Examiner for action.
- Duplication, Storage and Preservation of Electronic Equipment and other Digital Evidence—Examinations are typically conducted on copies of the original evidence. Therefore, WNYRCFL Examiners can either duplicate (or copy the information) the media on-site, or they will bring the electronic equipment to the laboratory where they will duplicate the media and perform the examination.
- Prompt, Accurate, and Impartial Examinations of Digitally Stored Media—WNYRCFL Examiners are trained to conduct a thorough and objective examination of an electronic device to locate digital evidence and turn it into something that the investigator can review. It is not the Examiner's responsibility to analyze the data for its meaning or significance to the investigation. This impartiality and objectivity lends credibility to both their findings and subsequent court testimony.
- Courtroom Testimony —As records are recovered from seized digital evidence, the prosecutor is likely to direct the Examiner to introduce the computer or digital evidence into court. As an expert witness, the Examiner explains under oath, how they conducted the examination and what they discovered as a result.
When requesting assistance, the law enforcement agency should first contact the WNYRCFL to discuss the request, and then carefully complete one of the following forms or letters—
- Request Letter —The requesting agency should write a letter on their stationary that explains the nature of the request. The letter must contain a supervising agent's signature, and can accompany either the Service Request Form or the Evidence Custody Form.
- Service Request Form —Requests for on-site assistance are accepted on a case-by-case basis from any law enforcement agency in the WNYRCFL's service area. The WNYRCFL prioritizes each request according to the nature of the crime and uses the Service Request form to monitor and track cases.
Shipping Digital Evidence
If evidence is being shipped to the laboratory, please contact the WNYRCFL for specific instructions regarding submittal procedures. For most examinations, submit only the central processing units and the internal and external storage media, and remember to:
- Use a sturdy cardboard container when shipping computer components. If possible, use the original packing case with the fitted padding. Use large, plastic bubble wrap or foam rubber pads as packing and never use styrofoam because it lodges inside computers and/or components and creates static charges that can cause data loss or damage to circuit boards. Seal the box with strong packing tape.
- Pack and ship central processing units in the upright position. Label the outside container THIS END UP .
Secure loose media such as disks, cartridges, tapes, hard drives, etc., to avoid movement during shipping.
Tips for Law Enforcement
When Submitting a Service Request form —The case agent or officer should be as concise and thorough as possible. These forms are used to make decisions about the request, therefore, any vague or ambiguous terminology may make it more difficult to interpret or understand what services are needed. As a result, this could slow down the processing of the request.
Turning On or Accessing a Computer—Indicate on the Service Request form, if you or anyone else in the chain of custody attempted to turn on or access the computer prior to submitting it to the WNYRCFL. This is very important information for the Examiners to have.
Search Warrants—If a service request is pursuant to a search warrant, a copy of the warrant must be included with the Service Request form. Likewise, if the service request is a result of a consensual search, a copy of the agency's "consent for search" form must be included. Failure to include this documentation will more than likely cause a delay in processing the request.
Handling Sensitive Equipment—Always use extreme caution or take precautionary measures such as grounding the static electricity before touching any of the internal components of the computer or handling sensitive computer equipment. For example, if the internal workings of a computer are exposed, the equipment could be damaged by a buildup of static electricity that is held by the human body. (Walking across a rug can produce a static electricity voltage of up to 12,000 volts.) The hard drive is especially susceptible to static electricity, even if it is exposed to a small amount of voltage, while a microchip can be damaged with as little as 500 volts of static electricity. If you're unsure about how to handle the equipment, then it is best to defer to a professional.
To learn more about working with an RCFL, read the "Examination Best Practices" fact sheet.
Forensic Tool Kit for Investigators (FTK)
FTK is one of several tools that the WNYRCFL uses while conducting digital forensics examinations. This course teaches investigators how to use FTK so they can conduct a comprehensive review of the digital media that has been submitted to, or processed by the WNYRCFL. This course also teaches investigators how to locate and examine e-mail messages, deleted files, documents, graphic files, and how to search for key words and phrases.
The FBI's Computer Analysis Response Team (CART) developed the ImageScan system to help investigators locate pictures that may contain contraband on a computer, while conducting consent searches in the field. Students that take this course receive the following—
An explanation of the technical background of the ImageScan system and its components, along with trouble-shooting suggestions.
ImageScan CD, ImageScan boot floppy disk (optional), and a USB device are provided to every student that successfully completes the course. Students should bring their government laptop/notebook computer and floppy drives to the class, however, systems containing "Watchdog" are not permissible. If these devices are not available to a student— the WNYRCFL will provide them the necessary equipment so they can complete the course.
Handouts pertaining to the presentation portion of the course, including several ImageScan Preview Checklist sheets.
Students should be assigned to a unit that conducts child exploitation or computer investigations.
Students should have an above-average degree of computer knowledge and be familiar with attaching devices, inserting media, navigating Windows, and how computers operate.
Law enforcement personnel that conduct on-site investigations for child pornography are encouraged to take the ImageScan training.
Seizing and Handling of Digital Evidence ("Bag and Tag")
This class covers the following topics—
- Recognizing digital evidence
- How to recognize different operating system
- How to shut down personal computers while preserving evidence
- When to call for help
- Who to call
Posted: Jun 11, 2018 09:07
Arafat Nagi, 47, traveled to Turkey twice in 2012 and 2014 to join the terrorist group in Syria, although Nagi told Judge Richard Arcara his intentions in joining ISIS were strictly for humanitarian purposes.
Nagi raised suspicions among his Lackawanna neighbors by constantly voicing support for ISIS and its leader, Abu Bakr al Bagdadi. That led to tips from the community to federal authorities in the FBI, the Joint Terrorism Task Force, and the U.S. Attorney for the Western District of New York.
Assistant U.S. Attorney Timothy Lynch said Nagi even bought military gear for his venture, "He bought body armor, he bought combat gloves. He stood in front of a Shahada flag with an AK-47 dressed up with all that gear on. It was very clear what his intent was--his intent was to fight, it was to join ISIS."
But Nagy's defense lawyer, Jeremy Schwartz, said buying that kind of gear is necessary to survive in Syria which is in the midst of a deadly civil war.
"There are people that are not fighting that are dying every day over there. As the government noted, they had a witness that said, 'what do I need to survive over in the Middle East?' That does not mean survive a fight, that does not mean survive a gunfight or even a knife fight. That means how can I cross the street and live, in the middle of the night, without getting blown up or gassed?'
Schwartz told Arcara, Nagi had come to realize ISIS was a violent organization that defied Muslim beliefs in non-violence.
But U.S. Attorney James Kennedy said ISIS is a terrorist organization, and when Nagi swore his allegiance to ISIS he was pledging his support to an enemy of the United States.
"We are at war with ISIS, the United States, and anyone that tries to support an enemy of the United States is doing harm to the United States."
Arafat Nagi even pleaded his case to Arcara, himself, trying to convince the judge he is a changed man and did not mean to harm anyone, he only wanted to help the people of Syria by providing humanitarian aid.
Judge Arcara rejected his plea for leniency and sentenced Nagi to the maximum allowed for the crime of attempting to provide material assistance and resources to a terrorist organization.
- END OF ARTICLE -