CSC to train DOD gumshoes

The Air Force's Office of Special Investigations (AFOSI) this month awarded Computer Sciences Corp. a $2.75 million contract to train Defense Department criminal and counterintelligence investigators in the methods of information technology forensics and crime scene investigation.

Under the Defense Computer Investigations Training Program (DCITP), CSC will provide training and administrative and technical support to AFOSI, which acts as the executive agent for the program.

The company will provide training in 10 subject areas, including introduction to computer investigations, basic computer investigation techniques, IT evidence gathering, network intrusion-detection techniques and counterintelligence investigations.

DOD "found out very quickly that maintaining the chain of evidence in a computer crime requires special training," said Bob Haneberg, CSC's program manager for AFOSI programs. "Hackers are hackers are hackers; they all come with the same set of tools," he said. CSC, however, has "a very broad background in information security" to offer DOD, he said.

DCITP will augment work being done at DOD's Computer Forensics Lab, which assists criminal, fraud and counterintelligence investigators by providing evidence processing, analysis and diagnosis. Working in tandem, these two organizations will significantly enhance DOD's computer security efforts, according to Greg Redfer, DCITP's director.

"When fully operational, DCITP will provide DOD [with] an in-house capability to train investigators and forensics examiners in computer investigations, computer intrusions, computer forensics, network investigations and other related courses," Redfer said.

DOD established the training program and forensics lab as a result of a Defense Reform Initiative Directive signed in February by Deputy Secretary of Defense John Hamre. DCITP and the forensics lab now fall under the purview of Air Force Brig. Gen. Francis X. Taylor, commanding general of AFOSI.

According to Haneberg, the program's training courses will be coordinated through the Justice Department and other federal law enforcement agencies to ensure the proper legal framework is provided to students going through the program. DCITP is part of DOJ's National Cyber Crime Training Partnership, a collaborative effort among federal, state and local law enforcement agencies that are involved in computer crime investigations training.

"DOJ has been asked to provide a review of courses as they are developed," Redfer said. In addition, the Army's 902nd Military Intelligence Battalion also has been involved in course development, and discussions on course content have been held with the FBI, he said.

Tom Funk, CSC's program manager for DCITP, said the terms of the contract go beyond training to counterattack hackers and network intrusions. Rather, CSC's efforts are being geared toward enhancing the basic skills of law enforcement and intelligence officials by giving them enough technical knowledge to properly handle computer-related crime scenes.

"Every major operating system protocol and [all major] software will be covered as they pertain to investigations," Funk said.