The darker side of computer forensics

For the better part of the past thirteen (thirteen?!) years, I have been a computer forensic examiner. Sure, the title varies by job and location — digital forensic analyst, media exploiter, computer forensic investigator — but the job is always the same. Computer forensic examiners delve deeply into computers that have either been the victim, instrumentality, or witness to a crime. (Thank you, Mark P., for that definition. I’ve never left it behind.)It’s not at all like what you see on “CSI.” Computer forensics can be tiresome, dreary, boring, and downright drudgery. Performing a competent analysis can take days, weeks, or even months depending upon the subject, the condition and state of the hard drive, or the importance of the case. For that time period, the examiner is literally trying on the subject’s life, wearing it like a costume for eight or more hours a day. Everything someone likes, hates, is interested in, fantasizes about, or fetishes goes through his or her keyboard at one point or another. Think about every email message you’ve ever written…every chat you’ve ever typed…every website you’ve ever visited…every phrase you’ve ever searched for online.

Seriously…think about it. I’ll give you a moment.

Now think about me reading and seeing it all. That should scare you a little bit, and if it didn’t, you’re probably lying to yourself. It’s okay. Most people do.

Doing computer forensics for any amount of time in your life changes you. It damages you. It makes you unfit to be around others in decent company, because you have to mentally screen absolutely everything you say in fear of drawing looks of horror or disgust from the good people around you. For forty hours a week, a computer forensic examiner is exposed to the worst that the world has to offer — child pornography, beheadings, torture, rape — all in high resolution photo or video formats. In fact, people in the business have found that for general criminal computer forensic examiners (and we’re not talking about intrusion analysts, as exposure to the badness I’ve mentioned is usually infrequent and incidental), there is a two-year time limit before your soul dies. Around that time, every examiner either has built-up enough of a callus that he/she can continue forever, or that examiner pushes the chair away from the desk, stands up, and says, “I can’t do this anymore.”

Two years. As I said, I’ve been doing it for almost thirteen.

What does the general criminal examiner work with? Almost 80-90% of the cases criminal computer forensic examiners work on are related to child pornography. This ranges from simple digital images to full-length movies recorded by the dregs of humanity. The worst kind, in my opinion, are those we’ve dubbed the “No, Daddy, no” videos, in which a usually heavy-set man rapes his extremely young children. Their faces tell the real story — this isn’t the first time, and they have endured their father’s actions numerous times before. People who make and/or collect these kinds of things usually don’t just have one or two…they have one or two dozen, hundred, or thousand.

How about the counterterrorism examiner? Beheading videos, torture videos, and endless rants about exterminating Americans are the feature of the day. Over and over, you watch videos of jump-suit clad Americans, British, Australians, or others on their knees, begging for their lives, as a troupe of Muslim-extremists stand behind them with knives in hand. Then, after the speeches are done, one of the masked men will all-too-slowly remove the head from the body, then place it triumphantly on the back of his victim. Fade to black. At first, you don’t know how to feel…it sickens you. Then, you feel outrage, and you want to seek retribution. Then, you feel…nothing. You comment on the technical quality of the video and remark about the quality of the jihadist’s upgraded A/V equipment. You comment about the sounds that people make when their heads are removed — it sounds something like a pig drowning. You comment, and you go onto the next one. Like their pedophile brothers, jihadists don’t just have one or two, they have hundreds, and the examiner has to watch every one. After seeing a few dozen of these beheadings and torture videos, the political correctness one may have started with goes right out the window. Gitmo is no longer a bad idea, but a necessity, and suddenly you start getting right with waterboarding. Just sayin’.

Being exposed to this kind of daily horror changes you. I’m not asking for sympathy; I think paramedics or police officers have it worse. (One of my good friends is both a computer forensic examiner AND a paramedic — I’m just WAITING for him to snap.) I’m just offering an explanation for why people like me might not say the most appropriate thing, or why our humor tends to run a little darker than that of others, or why our Twitter posts might occasionally make you blush.

As you can imagine, our meetings are rarely dull.

People who only have known me for a short time might find me to be paranoid, disturbed, or even a little deviant. People who have known me for a long time, especially those in the profession, understand completely.

What’s the upside? Why do computer forensic examiners do what we do? Well, it pays really, really well, and we get to put the occasional criminal behind bars or terrorist behind a scope. That makes it worth it all, even if we do tend to have basements full of MREs, anti-radiation pills, water filters, gas masks, and shotgun shells.

One thing’s for sure…terrorist attack, zombie apocalypse, or cyborg uprising, I’m ready — and it won’t even be much of a surprise.

This article can be discussed here.