Document and Media Exploitation

NDIC Home | What's New | Site Map | Search US DOJ.gov | To DOJ

Updated on November 17, 2009

Document & Media Exploitation

About NDIC
NDIC Products
About DOMEX Branch DOMEX News - Press Releases HashKeeper RAID - RAID Training
SENTRY
Dynamic Mapping Initiative
Training
Employment
FOIA
Related Links
Disclaimers
Regulations.gov
Contact Us

The mission of NDIC is to provide strategic drug-related intelligence, document and computer exploitation support, and training assistance to

the drug control, public health, law enforcement, and intelligence communities of the United States

in order to reduce the adverse effects of drug trafficking, drug abuse, and other drug-related criminal activity.

TTY users please call (814) 532-5815.

Document and Media Exploitation Branch - DOMEX

Establishment of DOMEX

The National Drug Intelligence Center opened in July 1993 and it has maintained a DOMEX element [formerly known as Document Exploitation (Doc Ex) and Computer Exploitation (Comp Ex)] that was designed to fill a very important need among federal law enforcement agencies.

Document and media exploitation is the process of extracting vital information from document or computer related evidence seized in connection with law enforcement and intelligence operations that will be used to further the investigation.

A montage showing people working at a computer, stacks of evidence boxes, and a row of computers. Prior to the existence of the NDIC’s DOMEX Branch, investigators had to sift through mounds of evidence looking for valuable information that would support the prosecution of the suspects or further the investigation as best as deadlines would permit. With the advent of DOMEX, federal, state, and local law enforcement agencies now have access to an important and valuable resource---a team of individuals [Intelligence Analysts (IAs) and Intelligence Technology Specialists (ITSs)] who are dedicated solely to exploiting information contained in documents and examining electronic media obtained via search warrants or other investigative techniques.

Mission

NDIC is an agency under the Department of Justice, but funded through the Department of Defense. NDIC’s mission statement and funding language requires NDIC to maintain a DOMEX capability. The NDIC mission statement stipulates that NDIC will

“Provide real-time support to law enforcement and intelligence communities by conducting document and computer exploitation of material associated with counterdrug and or counterterrorism investigations.”

The Department of Defense Appropriations Act, Public Law 107-248 states

“That the National Drug Intelligence Center shall maintain the personnel and technical resources to provide timely support to law enforcement authorities and the intelligence community by conducting document and computer exploitation of materials collected in Federal, State, and local law enforcement activity associated with counter-drug, counter-terrorism, and national security investigations and operations.”

DOMEX Groups

DOMEX is composed of two groups, the media or Digital Evidence Laboratory (DEL) group and the Document Exploitation group. The DEL group is made up of ITSs who work strictly with examining electronic media such as

computers,
cell phones,
PDAs,
digital cameras,
smart phones,
and other media storage devices.

DEL personnel convert electronic data into readable files that are then passed to the Document Exploitation group for examination, analysis, and exploitation. IAs of the Document Exploitation group analyze and glean important information from paper documentary evidence as well as readable electronic evidence seized during law enforcement or intelligence operations.

DOMEX Software

Both DOMEX groups use computer applications that were developed at the NDIC and designed to meet the needs of the group that employs it. The Document Exploitation group uses a powerful relational database application known as the Real-time Analytical Intelligence Database (RAID). When information is entered into RAID, it is fully-sourced, cross-referenced, and contains all of the intelligence derived from the evidence. DEL personnel use HashKeeper--a powerful tool designed to look at only files that were altered or created by the user.

RAID and HashKeeper have revolutionized the way in which documentary and digital evidence are exploited. Although the NDIC conducts DOMEX missions for law enforcement agencies, RAID and HashKeeper computer applications are free to any law enforcement or government agency that would like to conduct their own investigative analysis or intelligence support operations. The computer applications are available upon request via e-mail at ndic.domex.request@usdoj.gov. NDIC offers RAID training periodically at our headquarters facility located in Johnstown, Pennsylvania.

DOMEX Mission Findings

DOMEX personnel conduct DOMEX missions usually lasting one to two weeks depending on the amount of documentary and electronic information that must be reviewed examined and analyzed. DOMEX mission team members identify, analyze, and document their findings in a DOMEX Intelligence Support Report (ISR) and overall DOMEX RAID report, which are presented to the requesting agency representative immediately upon conclusion of the mission.

The ISR is a narrative of significant analytical findings
and the RAID report is the supporting documentation for those findings as well as a compilation of critical information such as people, telephone numbers, addresses, events financial accounts, and other assets extracted from the evidence.

The DOMEX ISR and RAID report are provided in both paper and electronic form to the requesting agency.

To Top

Freedom of Information Act | Accessibility Policy | DOJ Privacy Policy | Site Map
Send all questions, comments, and suggestions to the NDIC Webmaster.

End of page.