A brief history

Law enforcement first started to pay attention to the role that computers play in criminal activity in the middle of the 1980s. Prior to that, existing laws and law enforcement techniques were not adept at identifying and prosecuting computer criminals. As the use of computers by criminals began to gain more prominence, agencies such as the United State Federal Bureau of Investigation (FBI) decided to incorporate a dedicated digital and forensic investigations capability. This led to the creation of the FBI Computer Analysis and Response Team (CART). Other agencies such as the Metropolitan Police Service started to build a capability for investigating cyber crime.

Two other seminal events brought the need for cyber investigations and forensics into the minds of many. The first was the break in of the Lawrence Berkeley National Laboratory by the hacker Markus Hess. This break-in might have gone undetected if not for the efforts of Clifford Stoll who hatched a plan to trap the attacker long enough to trace the connection. These efforts paid off and Stoll along with other authorities were able to trace the hacker and eventually prosecute him for espionage. This entire episode is recorded in Stoll's book, the cuckoo's egg.

The second high profile event was the Morris Worm that was unleashed on the fledgeling internet in 1988. The worm created and released by Robert Morris caused a denial of service on a number of systems, subsequently causing damage in excess of $100,000. A post incident investigation by a number of individuals, including Clifford Stoll found at least 6000 systems were infected. The rapid spread of the worm and the damage associated with it led to the creation of the Carnegie Mellon CERT/CC.

Throughout the 1990s, as more law enforcement agencies began to incorporate digital forensics into their investigative capabilities, the need for standardization of forensic processes became more apparent. It was in 1993, that an international conference was held to specifically address the role of computer evidence. Shortly thereafter in 1995, the International Organization on Computer Evidence (IOCE) was formed. This body was created to develop guidelines and standards around the various phases of the digital forensic examination process. In 1998, in conjunction with the IOCE, the federal crime laboratory directors created the Scientific Working Group on Digital Evidence (SWGDE). This group represented the United States component of the IOCE's attempt to standardize digital forensic practices.

As organizations continued to standardize practices, law enforcement agencies continued to implement digital forensics into their overall forensic capabilities. In 2000, the FBI established the first Regional Computer Forensic Laboratory(RCFL). These laboratories were established to serve law enforcement at various levels in a number of cyber-criminal investigations. The RCFL capability has grown over the last 15 years with 15 separate RCFLs spread across the United States. In addition, other federal, state, and local police agencies have formed task forces and standalone digital forensics capabilites. With the continual increase in computer-related crime, these agencies will continue to perform their critical work.