In a case involving the round-up of dozens of suspects indicted on public corruption and other charges, investigators were faced with processing large numbers of seized cell phones, desktop computers, and laptops belonging to the suspects. In another case, key evidence against a terror suspect arrested for attempted use of a weapon of mass destruction included data found on his computer. And after a U.S. Congresswoman was wounded and six people killed in Arizona, vital evidence was found on security camera footage, computers, and cell phones.
The Roots of CART
In 1989, the FBI—along with the Environmental Protection Agency and several state agencies—investigated multiple corruption and environmental allegations at the Rocky Flats nuclear weapons plant (above) just outside Denver. A search of the facility was conducted. Two days into that search, investigators realized that documentary evidence crucial to the case may have been stored on numerous computer systems. A call to the technical services division at FBI Headquarters resulted in an ad hoc group of computer experts being put together and flown out to Denver to assist with the computer searches. Ultimately, the company that ran the facility pled guilty to 10 criminal counts of environmental law violations and paid a multi-million dollar fine.
At the time of the Rocky Flats investigation, the question of how to deal with computer evidence had already been percolating at the Bureau. Congress had passed the Computer Fraud and Abuse Act in 1986, giving us the authority to investigate computer intrusions, and the FBI Laboratory had been receiving a growing number of requests from the field to examine digital evidence.
In 1991, an FBI working group began meeting to examine the investigative issues surrounding computer crime. One of its recommendations was to create a team of specially trained computer specialists capable of examining digital evidence. And in 1992, CART—the Computer Analysis Response Team—was officially created.
Reflecting a trend that has become increasingly commonplace for law enforcement, all three of these cases involved the need to recover digital evidence. And our Computer Analysis Response Team, or CART, is the FBI’s go-to force for providing digital forensic services not only to our own investigators but also in some instances to our local, state, and federal partners.
CART consists of nearly 500 highly trained and certified special agents and other professional personnel working at FBI Headquarters, throughout our 56 field offices, and within the network of Regional Computer Forensics Laboratories across the nation. They analyze a variety of digital media—including desktop and laptop computers, CDs/DVDs, cell phones, digital cameras, digital media players, flash media, etc.—lawfully seized as part of our investigations.
During fiscal year 2012, CART—while supporting nearly 10,400 investigations—conducted more than 13,300 digital forensic examinations involving more than 10,500 terabytes of data. To put that last figure into perspective, it’s widely believed that the total printed content in the Library of Congress is equal to about 10 terabytes of data, so imagine the printed content of approximately 1,050 Libraries of Congress!
