±Forensic Focus Partners
New Today: 2
New Yesterday: 5
±Forensic Focus Partner Ads
· Forensics and Bitcoin
· Investigation and Intelligence Framework (IIF) – an evidence extraction model for investigation
· Extracting data from dump of mobile devices running Android operating system
· Development of Digital Forensic Tools on Mobile Device, a Potential Area to Consider?
· Can You Get That License Plate?
· How To Decrypt WeChat EnMicroMsg.db Database?
· A guide to RegRipper and the art of timeline building
· Recovering Evidence from SSD Drives in 2014: Understanding TRIM, Garbage Collection and Exclusions
· FT Cyber Security Summit 2014 – Recap
InterviewsBack to top Back to main Skip to menu
Jim Kent, CEO EMEA, Nuix
Actually I started out as an engineer designing and manufacturing fuel injection systems for cars. I did that for quite a few years before I decided to leave and become a policeman. I did two years of plodding the streets before going into undercover work, drugs squad and vice.
Whilst I was in CID in the late 1990s, a colleague and I built up one of the region’s first high-tech crime units – it started out with just a few desks and the office was about the size a cupboard.
After three or four years, the area of high-tech crime was booming and we were working through case after case but our backlog kept growing. I realised something had to change, and that was me. I met Alan Philips and Dan Haagman from 7Safe and worked with them to develop an ethical hacking training programme for the police. Then I joined them to build a forensic capability within 7Safe.
During my time at 7Safe, I provided services to law enforcement and corporate organisations and that helped me make the transition from a detective to a businessman. I was lucky enough to be involved in some very high-profile cases through the Serious and Organised Crime Agency (SOCA) and became a contributing author to the Association of Chief Police Officers (ACPO) guidelines for digital forensics.
Around 2008, I saw an opportunity to build an eDiscovery offering that 7Safe could sell in the city of London. This was completely out of my comfort zone – I was dealing with global law firms, presenting at board level, working with banks and huge corporate entities to win deals. This is when I first met Eddie Sheehy and Morgan Sheehy from Nuix. I saw the potential of Nuix and started using it to support 7Safe’s eDiscovery service. We brought an interesting twist to the market by merging techniques from digital forensics and eDiscovery.
Tell us more about your current role. What are your main responsibilities?
My role within Nuix is to lead and build the business in the EMEA region in the areas of investigation, eDiscovery and information governance – all the general responsibilities of a regional CEO.
I also have a global role as the Head of Investigations. This part of my job is to put all the power of Nuix into the hands of investigators. We work with clients and global law enforcement agencies to design a product that meets the needs of the ever-changing digital investigations field. The latest version of Nuix Investigator is the culmination of great product development, feedback and testing.
Last year when we interviewed Eddie Sheehy he told us about Nuix's core strengths of speed when processing unstructured data and the ability to handle huge data volumes. Can you go into more detail about the newly patented Nuix indexing engine which underpins these capabilities?
The patent is new but the technologies behind it have been part of Nuix since the beginning.
Essentially, everyone agrees that to process large amounts of data within a reasonable time, you need to divide the tasks amongst multiple processors. The Nuix engine has a different way of dividing up those tasks to grid computing technologies such as Hadoop. It balances the load to ensure all the processors are fully utilised even though they might be handling tasks that are very different sizes – for example a text file and an entire disk image.
It also has a fault tolerance system built in to make sure it processes every item you feed into it – or marks any unreadable items so you can follow them up later.
Finally, each processing engine can break up large items, such as the disk image I mentioned, and divide up those tasks amongst other processors.
What that means in practical terms is we can process data much faster than other technologies. Not only that, but the more computing power you throw at a task, the faster it will get done. It also makes sure we handle data with true forensic rigour – Nuix software doesn’t leave anything behind or skip tasks that are too hard.
Since that last interview, the Nuix product line-up has grown to include Nuix Luminate. Who is Nuix Luminate aimed at and what does it do?
The driver behind Nuix Luminate is that organisations have huge amounts of unstructured data – emails, documents, that sort of thing – and they have no idea what it contains. We call it ‘dark data’. It’s stored in complex systems such as archives and collaboration applications, or in very badly organised repositories such as file shares.
From an investigator’s point of view, that’s a big problem because if you have no visibility into that data, you can’t hope to find out what people are up to. It’s also a problem for the legal, risk and records management parts of an organisation, and for the IT department that has to look after and pay for all the storage infrastructure.
Nuix Luminate is an information governance tool. It’s about combining technology and workflows to provide visibility into dark data, using the power of the Nuix indexing engine. Once you know what’s the in the data, you can investigate quickly after an incident. You can also start taking proactive steps to identify issues before they turn into big problems.
Nuix seems to be growing quickly in terms of products, services and personnel. Is 2013 the year you take on Guidance Software and AccessData in the forensic investigations market?
The short answer is yes. We have experienced phenomenal growth over the past year and we have recruited some fantastic people who are real experts in their field. This has been on the back of a huge growth in enterprise digital forensics. Nuix has enjoyed a natural advantage in this area due to the way our software handles very large data sets and workflows.
Previously, some investigators dismissed Nuix because it didn’t have a few in-depth forensic capabilities such as analysing deleted files and slack space. I have argued, and I still maintain, the ‘smoking gun’ is more often found in other places such as web history or email. However, we recognised this as a shortcoming of our software and have included a full range of forensic capabilities in our latest release.
This year, we are really focusing on raising the profile of Nuix Investigator and showing forensics specialists an alternative to the conventional tools and methodologies they use. We recognise that the traditional ways are proven and well accepted, but you have to be open to change if it presents you with a better way of doing things.
Nuix Investigator is competing in a field that’s currently occupied by some very entrenched products but I think we offer something unique to the industry. That comes from our focus on innovation and product development driven by thought leaders who want to make a difference.
What advice would you give to managers working in the fields of forensic investigation, eDiscovery and information governance who are planning ahead for the next 12 months? Additionally, what trends *other than "big data"* do you see in the world of digital forensics?
The next 12 months will be a challenging time because the volume of data will reach the stage where it’s unmanageable for many investigative organisations. This isn’t just vendor hype, it’s about the being unable to get meaningful information out of data. For investigators, it means a backlog of cases getting longer and longer.
The other side of the coin is, what happens if we do manage to wrap our hands around the data and harness the value that’s inside it. This is the whole idea of information governance. We can start taking small steps to understand where our data is, what’s in it and how best to deal with it. That can be from a storage management, investigative, legal or intelligence perspective.
I think investigators can still learn a lot from what’s happening in eDiscovery. The core skill in eDiscovery is grappling with very large amounts of data and getting insights from it as quickly as possible. There are workflow, data collection and analysis techniques that investigators will find very useful as they try to adapt to the challenges ahead.
What would you most like to see changed or improved in the field of computer forensics?
Look, each investigation is different and each unit has its own processes so it’s not up to me to offer opinion on what they’re doing wrong. Also, if an investigator is using the standard tools and methodologies, no one’s going to shoot them. But if they try something new and it doesn’t work, they run the risk of being cross-examined in court and having to answer difficult questions internally. So there is resistance to change.
However, if they can clearly see that things aren’t working, maybe it’s time to be more receptive to new ideas, take some calculated risks, perhaps start with some updated guidelines and structured workflows.
I would also like to see forensics specialists looking at things at an enterprise level rather than case by case, and finding ways to share intelligence between different areas of the organisation or different agencies. The more we do this, the harder it will be for bad guys to get away with it.
What do you do to relax when you're not working?
My wife and I have six children, so I’m not sure ‘relax’ is the right word. When I have time, I go back to my engineering roots and restore classic cars. Right now I’m working on a Porsche 356 from 1956. I’m just about to dip it in acid and take it back to bare metal, then start a nut-and-bolt restoration from scratch. It’s really therapeutic, taking a rusty wreck and turning it into something special.