Document and Media Exploitation - DOMEX
The National Drug Intelligence Center (NDIC) Document and Media
Exploitation (DOMEX) Branch has developed a uniquely efficient approach
that allows analysts to quickly organize and assimilate significant
amounts of seized documentary and electronic evidence.
NDIC's DOMEX methodology integrates the requesting agencies'
case agents, prosecutors, and analysts into the DOMEX mission planning
process, thereby ensuring that the DOMEX mission will be focused
to meet the needs and priorities of the requesting agencies.
In conjunction with the requestors, our experienced personnel
establish the Priority Intelligence Requirements (PIRs) for each
DOMEX mission, particular to each requestor's investigation, by
identifying critical concerns and limiting the scope of the mission
to the most important elements. The DOMEX analysts are able to quickly
identify the key associations and investigative leads from the evidence.
As a result, investigators, analysts, and prosecutors can more rapidly
determine the scope of their evidentiary holdings, identify previously
unknown relationships and assets, and better prepare for court proceedings.
All DOMEX personnel are trained in proper evidence handling techniques
to ensure that our services are conducted with the utmost professionalism.
DOMEX Provides:
Timely Intelligence Support Reports (ISRs) containing actionable
findings, methodologies, associates, or other investigative leads,
including:
- Financial information and asset identification
- Criminal history and biographical data
- Relevant organization profiles and associations
- A detailed inventory of suspect findings
- Computer-assisted analyses such as link analysis, matrix
analysis, time line analysis using i2 Analyst's Notebook, and
geospatial analysis using ArcView Geographic Information Systems
- Real-time results: all documents typically analyzed in a
5-10 day period
Depending on operational requirements, DOMEX will analyze
evidence at NDIC facilities in
Johnstown, Pennsylvania, or at our satellite location at
the Joint Language Training Center in Salt Lake City, Utah,
using teams of 10 to 25 analysts.
NDIC has an in-house mission room that allows multiple DOMEX
missions to be conducted simultaneously.
DOMEX may also travel to your location and work onsite when
deemed necessary. DOMEX deployable equipment consists of laptop
computers and a server, which are networked onsite. Additional
equipment may include printers, digital cameras, and assorted
hardware and software.
To Top
DOMEX provides new leads as they are identified throughout the
mission, along with a comprehensive and fully sourced Intelligence
Support Report (ISR), which is provided at the end of the mission,
in both hard and soft copy. The ISR contains all actionable findings,
including previously unknown links, financial information, and asset
identification. DOMEX also provides an out-brief of significant
findings at the conclusion of the mission.
DOMEX analysts are trained to identify assets for seizure and
contribute significantly to forfeiture efforts. After each mission,
DOMEX may provide further analytical services such as charts, time
lines, and geographical mapping products, if needed, subsequent
to the mission for court proceedings. Additional interim reports
or briefings containing time-sensitive or perishable information
may also be provided as needed.
DOMEX provides all completed analyses directly to the client
agency to ensure compliance with dissemination policies and existing
agreements. The requesting agency alone determines the degree of
dissemination.
DOMEX provides its support to investigations targeting drug trafficking,
money laundering, counterterrorism, and any other investigations
that impact U.S. national security. DOMEX can support classified,
sensitive, and foreign language investigations.
Digital Evidence Laboratory
As criminal organizations increasingly use computers and other
data storage devices to further their illegal activities, there
is a strong probability that electronic media will be part of your
seizure. Electronic media include, but are not limited to, computer
hard disk drives, removable media, mobile phones, smart phones,
personal digital assistants, and gaming systems.
NDIC's Digital Evidence Laboratory (DEL) includes teams of information
technology specialists who conduct electronic media exploitation
using state-of-the-art equipment and technology. They perform examinations
of electronic media onsite or at NDIC. Electronic data are provided
in a viewable format and are integrated into a DOMEX ISR. Virtually
all requests for media exploitation are incorporated into DOMEX
missions. This ensures a more comprehensive and efficient analytical
product.
To
Top
Key NDIC Tools--RAID and HashKeeper
 NDIC
created Real-time Analytical Intelligence
Database (RAID) to manage large quantities of data gathered during
DOMEX operations. RAID is a relational database used to record key
pieces of information and to quickly identify links among people,
places, businesses, financial accounts, telephone numbers, and other
investigative information examined by our analysts. The software
runs on any Windows operating system (Windows 2000 or higher), in
any mode of operation (stand-alone or LAN). It can be used to analyze
any type of information from any kind of investigation or as a case
management tool.
NDIC has enhanced RAID to meet the expanding support requirements
of the intelligence and law enforcement communities. The improved
RAID can be used for both DOMEX and investigative case intelligence
support. RAID also facilitates our capability to conduct cross-case
analysis. Key upgrade features include:
- increased data storage,
- scalability (small database to very large, supporting a
few users to hundreds),
- more comprehensive and efficient analytical tools,
- enhanced multimedia capability,
- an import/export wizard,
- dynamic additional data fields (configurable by users),
- data access security,
- easier combination/separation of cases,
- and the ability to apply data mining technologies across
data sets.
Just as DOMEX uses RAID as its principal tool, specialists created
the HashKeeper program
to expedite the analysis of electronic media. HashKeeper is a software
application that quickly eliminates known operating system files
and focuses on electronic files created by the user/subject of the
investigation.
Both RAID and HashKeeper are available free of charge, and thousands
of these applications have been distributed to appropriate law enforcement
and intelligence agencies worldwide.
See our RAID and
HashKeeper pages for further information.
To
Top
Cost to Client Agency
NDIC's DOMEX branch provides its service at little cost to
the client agency when the missions are conducted in-house at
NDIC. In these instances we ask that a case agent or prosecutor
travel to NDIC at the client agency's expense to provide background
on the case and address analysts' questions. The resulting analysis
will be stronger with this agent/analyst interaction.
If the client agency requests onsite support from DOMEX staff,
the client is responsible for all travel-related costs. Additionally,
if NDIC personnel are required to testify as a result of their
support to an investigation, NDIC travel-related costs will
be borne by the client agency.
How to Obtain
DOMEX Support
Support is available to federal agencies or multiagency law enforcement
task forces and is determined on a priority basis. Any agency wishing
to obtain support should submit a formal request to the Chief of
the NDIC DOMEX Branch.
The request should be made via the client agency's established
protocol and should include:
- the investigation summary,
- the priority of the investigation within the requestor's
division,
- and an estimate of the nature and volume of the seized material
to be analyzed by DOMEX.
Optimally, all requests should be submitted to NDIC in advance
of the projected seizure to ensure adequate case and logistical
preparation. In most instances a telephonic assessment of the investigation
and seized material will be conducted. For complex investigations
or large quantities of seized material, it may be necessary for
a DOMEX advance team to conduct an assessment at the requesting
field office. A final determination of DOMEX support will be made
after the assessment is completed.
Please send all requests for DOMEX support as well as copies
of RAID and/or HashKeeper to:
National Drug Intelligence Center
Document and Media Exploitation Branch
319 Washington Street, 5th Floor
Johnstown, PA 15901-1622
Telephone: (814) 532-4601
Fax: (814) 532-5854
E-mail:
ndic.domex.request@usdoj.gov
To
Top
|
Document & Media Exploitation
