Chicago Office
Room 905
E.M. Dirksen Federal Office Building
219 South Dearborn Street
Chicago, IL 60604-1702
Apprx. Coords- -87.62881 41.87915
Phone- 312-431-1333
Website- chicago.fbi.gov
Special Agent in Charge: Robert D. Grant. When he's not harrassing Mayor Daley, read about Robert Grant and the FBI exercising their 2nd Amendment Rights- the Right to Arm Bears >:P
Assistant SA in Charge: Arthur L. Everett
Assistant SA in Charge: Gregory A. Fowler
Assistant SA in Charge: Mitchell J. Marrone
Assistant SA in Charge: James R. McNally
Assistant SA in Charge: Joseph C. Ways, Sr.
Email: Does not accept email
Infragard Coordinator- Matthew J. Rowold (mrowold@leo.gov)
Infragard Website- http://www.infragard.net/chapters/chicago/
This chapter has around 173 members (2004).
If you really don't believe that Infragard is nothing more than a Good Ol' Rich Boys Club protecting their private interests, read Michael Dahn's account of himself, but hold your nose while reading it.
Resident Agencies:
North Resident Agency- PO Box 8068, Rolling Meadows, IL 60008 or 1600 Golf Rd, Ste 1050, Rolling Meadows, IL 60008, 847-290-0525
Rockford- PO Box 218, Rockford, IL 61101 or 308 West State St, Ste 350, Rockford, IL 61101, 815-987-9833
South Resident Agency- PO Box 549, Tinley Park, IL 60477 or 16325 South Harlen Ave, Ste 300, Tinley Park, IL 60477
West Resident Agency- PO Box 3144, Lisle, IL 60532 or 4343 Commerce St, Ste 715, Lisle, IL 60532, 630-505-7546
RCFL Mailing Address- None given
RCFL Physical Address- 610 S Canal St, Chicago, IL 60607
Phone- 312-913-9270
Contact- Rick Voss (r.voss@ic.fbi.gov)
RCFL Website- http://www.chicagorcfl.org/
Participating Agencies- U of Illinois Chicago Police, Illinois Attorney General's Office, Illinois State Police, FBI, Chicago Police Department, Cook County Sheriff's Office, Palatine Police, Kane County Sheriff's Office.
In case you're wondering what sort of stuff they teach at the RCFLs, you can read a description here. But just in case this puppy disappears from their website or Google's cache, here is the page in its entirety:
-----------------------------------------------------------
Available Training Courses
Digital Evidence Processing
Investigators learn how to collect and preserve digital evidence, and to integrate digital evidence into a case. Additionally, investigators are exposed to the advanced tools and techniques used by the CGRCFL, so they can better understand what to expect from a forensics examination. This course requires no prerequisites, but attendees should have a working knowledge of computers. Digital Evidence Briefing for Law Enforcement Executives (Lieutenant and above)
The goal of this training is to provide law enforcement executives with the information necessary to identify, access, and address their agency's digital evidence need. They will also gain the technical knowledge that will allow today's police executive to adapt and understand these dramatic changes. Digital technologies are rapidly being applied to all areas of law enforcement. This course will provide a survey of digital evidence and computer forensics, evidence handling challenges, legal issues with digital evidence, imaging technologies, processing technologies, digital video technologies, encryption, and review technologies. This course is taught in a forensic laboratory, devoted solely to the examination of digital evidence in support of criminal investigations. The Chicago Regional Computer Forensics Laboratory (RCFL) specializes in cases involving terrorism, crimes of violence, theft or destruction of intellectual property, internet crimes and child pornography, and fraud. Instructors Rick Voss and Dave Knutson are with RCFL Lab Director, and Deputy Lab Director.
Registration is through the http://www.nemrt.com website.
Image Scan Training
The Federal Bureau of Investigation's (FBI) Computer Analysis Response Team (CART) developed the Image Scan system to help investigators locate the presence of picture files that may contain contraband on a computer. This system allows the investigator to view a variety of graphic formats during a consensual search, and protects valuable digital evidence by booting up a computer using the Linux operating system. After mounting the hard drive in a "read only" manner, Image Scan prompts the investigator to search for picture files only. During this process, the tool logs every step taken by the investigator, further documenting what occurred during the search process.
CART successfully completed field-testing of Image Scan in May of 2004, and has offered to make this tool available to all law enforcement personnel upon request. The North Texas RCFL in conjunction with CART's Unix Program, designed and developed Image Scan instructor training, and has educated several Examiners working at FBI-sponsored RCFLs. These individuals are the only authorized instructors/distributors of Image Scan outside of FBI Headquarters.
Law enforcement personnel that conduct on-site investigations for child pornography are encouraged to take the Image Scan training. To receive a notification regarding the training's upcoming availability, click here and provide your contact information.
Basic Data Recovery and Analysis (BDRA)
This 4 1/2 day class presents hands-on instruction and discussion about evidence identification and extraction, hardware and software needed to do a seizure, how to recover erased files, high-tech legal issues, and more. If your duties include the investigation and prosecution of high-technology crimes, and the seizure of electronic evidence, this course would benefit you. For more information, go to www.cybercrime.org.
Forensic Tool Kit Applied Decryption
This advanced AccessData training course provides the knowledge and skills necessary to use the unicode compliant Password Recovery Toolkit (PRTK) and Distributed Network Attack (DNA) tools to recover passwords from industry standard applications and systems. Attendees should be conducting computer based investigations and be familiar with the AccessData suite of tools. FTK and Registry Viewer will also be utilized.
While learning how to create effective attack profiles that include biographical profile dictionaries, user-defined dictionaries and unicode compliant characters with PRTK, students will determine how many commonly applied encryption schemes work. Using the techniques learned in class, students will crack applications such as:
o PGP
o WinZip
o Quicken
o CuteFTP
o PDF files
o BestCrypt
o Quickbooks
o VersaCheck
o Microsoft EFS
o Microsoft Money
o Microsoft Access
o Microsoft PST files
o SAM Logon Passwords
o Windows XP Credentials
o Microsoft S Office products
o and many other applications ...
Beyond PRTK, students will create and use a Distributed Network Attack environment. Applying network technology, students will assign Master Controllers and Supervisors as well as trusted / untrusted workers - to include Linux based machine workers.
To further enhance attack profiles - students will use AccessData web-crawling and pass-phrase generation technology to create unicode and code-page dictionaries for alternate language attacks. Auto-Complete Students will also utilize Forensic Toolkit (FTK) to locate and decrypt YAHOO Instant Messenger .DAT files, parse Internet Explorer .DAT files (History and Temporary Files) for hit rates, use counts and more - including Netscape history files, the download manager, user favorites, etc. Students will also parse America Online client files for user history, search terms, address books, buddy lists, email and more. Students will use the Registry Viewer to analyze Instant Messenger data such as:
- Shared file permission status and file transfer information
- Block or allow information for user contacts (buddy lists)
- Last user access information and Recent contacts via the messenger
This course is open to law enforcement personnel only.
Registration is through AccessData at www.accessdata.com.
Forensic Toolkit Internet Forensics
This course provides students with the knowledge and skills necessary to conduct an effective Internet application based investigation. Students should already be familiar with the AccessData suite of tools, and have experience with internet based investigations. This is not an undercover investigations course - it is data recovery focused. Students begin immediately working a mock missing person case initiated from an instant message found on the computer screen of the missing person. The case takes the student to several different machines with multiple internet chat, browsing and email platforms. In addition to using Password Recovery Toolkit (PRTK) to break sign-on passwords for the following Internet applications and Messengers: " MSN Instant Messenger " YAHOO Instant Messenger " America Online and AOL Instant Messenger " Internet Explorer and Netscape Communicator Auto-Complete Students will also utilize Forensic Toolkit (FTK) to locate and decrypt YAHOO Instant Messenger .DAT files, parse Internet Explorer .DAT files (History and Temporary Files) for hit rates, use counts and more - including Netscape history files, the download manager, user favorites, etc. Students will also parse America Online client files for user history, search terms, address books, buddy lists, email and more.
Students will use the Registry Viewer to analyze Instant Messenger data such as: "Shared file permission status and file transfer information" Block or allow information for user contacts (buddy lists) "Last user access information and Recent contacts via the messenger This course is open to law enforcement personnel only. Registration is through AccessData at www.accessdata.com.
-----------------------------------------------------------
Springfield Office
900 East Linton Avenue
Springfield, IL 62703
Apprx. Coords- -89.64655 39.76474
Phone- 217-522-9675
Website- springfield.fbi.gov
Special Agent in Charge: Weysan Dun
Assistant SA in Charge: John H. Stafford
Email: springfield@ic.fbi.gov
Infragard Coordinator- Bryan Taube (bryan.taube@infragard.org)
Infragard Website- http://infragard.midwestcc.com
This chapter did not submit information for the 2004 Annual Report.
This division does not give the listing of its resident agencies. Refer to the map of how they are geographically broken out. If you go to their page at http://springfield.fbi.gov/contact.htm#Geographic%20Location and scroll your mouse over the different sections, you will get contact phone numbers for those counties. Google may provide more information in their mapping service.