by Master Sgt. Louis A. Arana-Barradas
BOLLING AIR FORCE BASE, D.C. (AFNS Feature) -- Each one of the 300 photographs she viewed disgusted Airman 1st Class Cheri D. Holtz.
She did not like what she saw -- hard core child pornography -- and by the end of the day, she was sick to her stomach.
But the young airman from Colorado Springs, Colo., forced herself to look at all the images on her computer screen. She had to. It is part of her job as a computer forensics media analyst at the Air Force Office of Special Investigation's new Investigative Operations Center, a million-dollar computer crime lab that's unique in the Department of Defense.
"The only way I got through looking at all those horrible images was knowing that what I was doing was going to help put a criminal in jail," said Holtz, who has been in the Air Force eight months and on the team for five months. "I was doing something that would help solve a case."
Holtz and a crack team of young, hand-picked computer experts work in the center's computer forensics laboratory -- the newest weapon in the AFOSI's arsenal. Recruited right out of technical school at Keesler Air Force Base, Miss., the airmen all have extensive computer backgrounds. They find and analyze computer crime evidence -- much like pathologists in an autopsy.
Investigating people who break into computer systems is the job of the workers in the center's computer intrusion lab. Both teams work hand-in-hand to solve computer crimes.
The forensics team has worked on cases of people "hacking " -- breaking -- into Air Force computers, cheating on promotions tests, keeping tabs on drug deals and storing child pornography. People have also used computers for government contractor fraud. And some have even left suicide notes and letters on them.
The evidence analysts find helps convict computer criminals, said Howard A. Schmidt, the special agent who directs computer crime investigations for the AFOSI. He supervises the computer troops, who are not OSI agents.
"Our job is to find the physical evidence of a crime on a computer's system and pull it off in a way that can be presented in court -- that says, 'we didn't alter this,'" Schmidt said. It is a process he is familiar with, having spent 11 years as a computer crime sleuth with the Chandler, Ariz., police department and the FBI National Drug Intelligence Center before joining the AFOSI team two years ago.
This team has a tough job. In the ever-changing, high-tech world of computers, there is no typical case, Schmidt said. There are few guidelines for catching computer criminals and fewer laws on evidence gathering and handling, or that help "the good guys put the bad guys behind bars."
"It used to be that a criminal would send you a letter. You know, 'either you give me $250,000 or I'm going to burn down your business,' that sort of thing. The person would write the demands down on a piece of paper -- or tape letters to a page -- and mail it. That was tangible evidence," Schmidt said.
"Today, if someone sends an e-mail, for example, with a demand, we don't have the handwriting or the piece of paper," he said. "It's hard to trace and the message can be altered or destroyed because it's just a bunch of magnetic particles on a media -- not ink on paper."
Therefore, team members have become modern-day trailblazers, developing new investigative techniques as they work each case. They use the newest software that allows them to make an exact copy of what they find to present in court without there being any question of tampering. The software does not allow copied information to be changed.
As soon as a new technology appears, team members must learn it to stay one step ahead of computer criminals. That is the main reason Airman 1st Class James C. Akers said he and the others on the team took the job.
"This is a new field -- it's booming. There are many challenges with all the new technology we face," said Akers, a Flagstaff, Ariz., native who has been in the Air Force nine months, five on the team. "We learn new things every day. I've learned more here in five months than I ever did in college."
"We work on stuff no one else works on -- go into areas where few have gone," said Senior Airman Robert P. Cantu of Gary, Ind. Cantu is a five year Air Force computer veteran who has been on the team three months.
Along with the excitement of the chase, come long work hours the team needs to keep ahead of the "competition." As new software and techniques appear, the team must learn all the ins and outs of its use and how to combat the wily hackers who would use it to commit a crime.
The airmen must learn to anticipate the next move -- think like hackers -- and develop ways to counter the next move, Schmidt said. All the steps are documented. "This research and development is turned over to our (AFOSI) academy instructors so they can train our new agents," he said.
There is no mold from which a computer criminal is cast, Schmidt said. "So many people use computers for so many different tasks today that there is no basic profile of a person who commits a crime and stores the information on a computer."
But Cantu said people tend to be creatures of habit. "We start by looking for patterns and trends -- learn what they're doing. Then we follow them. We look where others might not look."
Each piece of evidence is critical to the successful prosecution of a case -- or the successful exoneration of someone who's innocent, Schmidt said. "We're not just trying to put people in jail. We find evidence to prove whether a crime occurred, or didn't."
However, in the more than 12 cases the team has worked on since coming on line in January, there has not been one case where team members have not found evidence on the computers.
The team's "old timer" is Airman 1st Class Matt Pepe, of Aurora, Colo. A computer operator, he has been in the Air Force 19 months, 13 of them with the AFOSI. Having worked on more than 10 cases -- including one he helped crack in South Korea -- he said it takes a natural curiosity to make it in this job.
"Every time we get a new case, the scenario completely changes," Pepe said. "We have no choice but find new ways of doing things, new ways of dealing with the latest technologies. We have to get inside the mind of the people who put the information in the computer -- find out if they're able to hide something from us."
"The Air Force is very proactive in its approach to preventing computer crime, Schmidt said. "Computer systems are monitored at 41 bases worldwide by the Air Force Information Warfare Center."
In the very near future, AFIWC will be monitoring all bases, he added.
Maybe the bad guys have the upper hand for now, but Schmidt said his crew gets better every day at stopping them.
"We're all in the 'you can run, but you can't hide' game," Schmidt said. "Computer criminals can run for a while. But, eventually, we'll catch up with them as we find more and more of their high-tech hiding places."