March 12, 2001

As the community groped for answers to the shooting rampage at Santana High School, investigators in an elite FBI laboratory here turned to the one piece of evidence that so often harbors a suspect's innermost secrets: his computer.

Just after sundown on the day Charles "Andy" Williams shot 15 people, killing two, sheriff's deputies and FBI agents searched for evidence in the two-bedroom apartment Williams shared with his father. They emerged with seven rifles -- and the family's computer.

Seizing computers as evidence has become routine in almost every serious crime, not just those involving computer hacking or Internet fraud.

"Whenever we do a crime scene search, we plan on a computer being there," said FBI Special Agent Jeffrey Thurman.

And when a computer is seized, at least in San Diego or Imperial counties, it often ends up at the only regional computer forensics laboratory in the country, an FBI office in Serra Mesa.

That's where Williams' computer went.

Behind the mirrored windows of the lab's office building, 18 investigators from local, state and federal law enforcement agencies, ranging from the Drug Enforcement Administration to the Chula Vista Police Department, daily comb through reams of data stored in computers tied to crimes.

These investigators have become as proficient at computer science as at police science.

They ferret out e-mail, photos, address books, any kind of digital tidbit that might help solve a crime or explain why it happened.

Since opening 14 months ago, the lab has examined computers in almost every type of case, from homicides to bank robberies to credit-card theft.

A killer's diary, a bank robber's demand note or a thief's list of stolen credit cards is just as likely to be recorded on a computer as on paper.

And finding that kind of evidence is -- for a prosecutor -- like unearthing a gold mine.

"Computers are playing a pivotal role in every type of case that we see," said Deputy District Attorney Michael Groch.

"There's a whole new category of crimes made possible by technology, but there are also traditional crimes -- murder, bomb threats, drugs -- all of which technology has a role in."

More than games

John Gunn, director of the lab, attributes the increase to the proliferation of computers and to a change in attitude by law enforcement.

"Officers are starting to recognize that good information is being found on computers," Gunn said. "They don't see them anymore as just something that someone plays computer games on."

He can't say exactly how many computers the lab has examined. That's because in half the cases, more than one machine is involved. One recent case involved 63 computers.

The crimes the lab sees most? Child pornography, followed by fraud and computer crimes, such as hacking.

Cases in which the lab has uncovered digital evidence include:

 The case against biotech executive Michael Craig Dickman, nicknamed "The Gap-Toothed Bandit," who was sentenced last month to nine years in prison for robbing six banks in San Diego County. Copies of his demand notes were found in a laptop computer he had asked his sister to remove from his Cardiff apartment.

 The conviction of an Oceanside couple, Arthur Gerardo and Valerie Beidler, in October for the murder and torture of a roommate who helped them make fake identification cards and forge checks. A computer seized from their house contained pictures of checks and drivers licenses that had been scanned and then altered.

 Operation Bullpen, an investigation into a sports memorabilia scam in which millions of dollars worth of baseballs, posters, trading cards and other items bearing fake autographs were sold by a ring operating out of Escondido. Federal prosecutors announced last month that six people had pleaded guilty in the case.

Hidden secrets

Digital information can be copied perfectly, unlike a photocopied note. The forensics exam is then done on the digital copy to preserve the original.

It's all but impossible to pore over every file on a computer, especially in an era of hard drives that can hold 30 gigabytes or more of information. Twelve gigabytes of text, for example, would stack 24 stories high if printed out.

What the forensic investigator looks for first on a seized computer is dictated by the nature of the crime.

In a child pornography case, for instance, the investigator may search for photo files first. In a homicide, the investigator may look for written documents.

Investigators often hit pay dirt by resurrecting deleted computer files.

Many computer users don't realize that deleting a file doesn't wipe it clean from the hard drive. Computer forensics investigators are able to track down those files.

Depending on the sophistication of the computer's owner, investigators occasionally have to crack encrypted files and passwords.

Sometimes, files are concealed in secret places on the hard drive.

Other times, they're hidden within other files. Photos, for instance, can be hidden within text files.

An examination may take weeks, or just a day or two, as was the case with Williams' computer.

Mindsets betrayed

Among the things she might have seen are e-mail exchanges between Williams and his ex-girlfriend, Kathleen Seek, who lives in Maryland.

Kathleen said last week that Williams wrote e-mails to her about how miserable he was after moving from Maryland to Southern California. She said he mentioned suicide in several messages.

Former Florida law enforcement officer D. Douglas Rehman, a computer forensics expert who is not involved in the Williams case, said anyone examining the teen's computer would likely start by looking at Web pages he had visited and e-mails he had sent, information that is generally stored in a computer.

"You're looking for who he exchanged e-mail with, what kinds of Web sites he was looking at," Rehman said. "You're looking for any computer activity that's going to help show his mindset."

No matter what Williams' computer revealed about his motive, if anything, DePriest sees computers increasingly betraying their owners.

"People put everything on their computers these days," she said.