Computer forensic lab helps TTU's Doc Wells catch criminalsHe'll admit he's never solved a crime in 50 minutes like they do on every television version of CSI, but Stuart "Doc" Wells runs his own computer forensic lab with the same professionalism and passion as the dramas portray.
The Tennessee Tech decision sciences and management professor also serves as chief deputy for the Putnam County Sheriff's Reserve, and those dual responsibilities allow him to catch criminals and teach students how he does it. The results bring a boon for law enforcement, plus a full-classroom every semester for his computer forensics class.
Tucked away in a narrow hallway of an academic building, his small lab, dubbed CSI Cookeville, is the place where Wells and FRED, a Forensic Recovery of Evidence Device, labor to help local, state, and federal law enforcement at no charge.
"One of the lab's strengths is our responsiveness," said Wells. "The FBI, TBI and other agencies are so backlogged with cases, and there are situations where charges need to be filed quickly due to the nature of the crime."
Trained to keep the chain of evidence unbroken, Wells constantly reminds his students that "forensic" means admissible in court, so his procedures are meticulous. All computer evidence is copied as a forensic image, which is a bit by bit representation, not a back-up copy, of the original information on a digitally sterilized medium.
He uses the same software as the TBI and FBI use and has assisted in about 20 cases since the lab's inception two and a half years ago.
"I wondered when we first started if we would have enough cases, and after about three months into it, I've never been caught up," said Wells, who spends about 20 hours a week, what he calls "all his spare time," in the lab.
Students are not allowed to work on actual cases, but they benefit directly from the Wells' experiences in the lab because he creates similar cases for them to work on based on his work.
"I teach them to look for what's there and what's not there," said Wells. "We look for information that's been deleted, encrypted and password protected."
To that end, Wells also teaches students a technique called social engineering — a way to crack a person's password by collecting personal information through interviews and feeding that information into computer software.
"Basically you research a person's life and get all the names and numbers you can associated with them — phone numbers, birthdates, pet names, hobbies — and the software will combine the information and usually generate the person's password because people build a password out of information they can remember," explained Wells.
"If the password is a random sequence of numbers and letters not associated with a person, you know where you usually find it?" Wells asked as he lifted up his keyboard. "Right under here, because they can't remember it."
Wells says most of his students will not make computer forensics a career, but they are often chosen within the companies they work for to lead efforts to ferret out violations of corporate policy.
"All students leave with an appreciation of how labor intensive and complex computer forensics is," said Wells.