Browse through the long list of accredited digital forensics laboratories and you will find police departments, federal investigation agencies, district attorney’s offices, and tax authorities. Hidden amongst them, however, are a few corporate laboratories which are just as capable—if not more so—than the rest.
There is a huge need for digital forensics services today, but the supply hasn’t quite caught up to demand. Digital forensics equipment is expensive and so are the people talented enough to use it. The hardware and skills of the digital forensics discipline are constantly evolving, requiring vigilant upkeep. As a result, many public sector laboratories are overburdened, and it’s creating a serious backlog. The private sector may have the answer.
For some companies, money is not nearly as much of an issue as time. To them, it is cheaper and more feasible to build and operate their own in-house digital forensic laboratories. It’s a win-win situation: increasingly, corporate digital forensics teams are lending their services to local and federal law enforcement agencies who lack enough resources to conduct their own investigations.
Currently, there are five companies with in-house digital forensics labs accredited by the American Society of Crime Laboratory Directors (ASCLD) and American National Standards Institute’s National Accreditation Board (ANAB). Up until recently, there were six (Nike had an accredited digital forensics laboratory in Hillsboro, Oregon, but voluntarily withdrew its accreditation in July of 2019). In some ways, these private sector labs are leading the way for the digital forensics field.
To get a look at who those five companies are and what they’re doing in digital forensics, read on.
Target’s been the victim of digital crime before, and they’re one of the most active corporations in fighting back. They employ an expert team of dedicated forensic professionals, many of whom are former law enforcement officers. Since 2003, they have been in charge of processing, examining, and cataloguing evidence in internal forensic investigation. Increasingly, those investigations are going digital. Currently, Target’s forensic team handles over 300 cases a year; but one in five are handled pro bono, in a volunteer service that helps alleviate strain on local law enforcement services.
As of March 2020, Target has two laboratories accredited for forensic testing: one in Brooklyn Park, Minnesota, and one in Las Vegas, Nevada. The Nevada lab can perform video and image analysis, as well as latent fingerprint processing and comparison. The Minnesota laboratory is certified for video, image, and audio analysis. And the Minnesota laboratory was also the inspiration for a 2018 hands-on exhibit at the National Law Enforcement Museum.
Money leaves a trail and the digital forensics team at American Express comprises professionals who are experts at hunting it down. They use digital and multimedia forensics to fight fraud, counterfeiting, theft, and embezzlement. In the course of an investigation, they perform data recovery, data analysis, and assessment reports. They also partner with law enforcement agencies on external cases, sometimes even working together on missing persons cases.
Since 2013, the American Express Digital and Multimedia Forensics Laboratory in Phoenix, Arizona, has been accredited for digital forensics. The flexible scope of its accreditation includes the preservation, acquisition, extraction, and analysis of digital evidence. American Express’s labs are also qualified to use multiple test methods in these digital forensics tasks.
If you steal from Walmart, you’re going to have a state-of-the-art investigative team tracking you down. Blessed with a multi-million dollar operating budget, these forensic investigators are experts at data procurement and analysis, and they have got chops chasing down online fraud, network intrusion, and privacy breaches. Their global investigation teams span 27 countries and include both forensic examiners and technical engineers.
Walmart has two accredited eDiscovery and forensic services laboratories: one in Bentonville, Arkansas, and one in Sunnyvale, California. The Arkansas lab is accredited in two disciplines: digital evidence, and video/imaging technology and analysis. The California lab is only accredited in digital evidence, but the type of items tested (both in California and in Arkansas) may include physical items in addition to digital data and digital evidence.
Intel is one of the world’s largest tech companies. In 2016, 4 percent of its revenue came from its security group, which maintains a digital forensics component. Intel’s industry-leading incident response team includes forensic analysts and forensic consultants working on the front lines of the latest malware and cybersecurity threats. Intel employees working on an IR team will examine mobile devices, USB drives, SD cards, and drones using tools like Forensic Tool Kit (FTK) Imager—all while maintaining chain-of-custody integrity on any collected evidence. They also conduct investigative analyses of downloaded devices, write investigative summaries, and generate extraction reports.
Intel has four accredited laboratories for global forensic investigations and eDiscovery: one in Hillsboro, Oregon; one in Folsom, California; one in Leixlip, Ireland; and one in Penang, Malaysia. Each is accredited for acquisition, extraction, and preservation of digital media and small form factor forensics. Each laboratory is specifically specialized in write block devices, also known as forensic disk controllers, which allow for read-only access of a hard drive without damaging the drive itself.
Financial services companies are more like tech companies these days, and MasterCard is no exception. In order to fight fraud and boost security, they employ several digital forensic investigators and certified forensic computer examiners (CFCEs). They work in incident response, crisis management, and investigative operations. In their digital forensic and eDiscovery work, they support corporate investigations and security awareness at over 80 offices across the world.
MasterCard’s digital forensics laboratory at its global headquarters in O’Fallon, Missouri, is accredited in the forensic testing of digital and physical evidence. This accreditation includes collection conducted outside of the laboratory and in the field, covering the confiscation of a physical device and live system acquisition. It also includes a flexible scope in regard to preservation, acquisition, and analysis of physical and digital evidence, with acquisition being a certified process both in the laboratory and in the field.
Matt Zbrog is a writer and freelancer who has been living abroad since 2016. His nonfiction has been published by Euromaidan Press, Cirrus Gallery, and Our Thursday. Both his writing and his experience abroad are shaped by seeking out alternative lifestyles and counterculture movements, especially in developing nations. You can follow his travels through Eastern Europe and Central Asia on Instagram at @weirdviewmirror. He’s recently finished his second novel, and is in no hurry to publish it.