Jason, can you tell us a bit about yourself and how you got into digital forensics?
Absolutely. I started in the digital forensic industry in 2005 and a friend of mine started a company called Tableau LLC back at the time – not to be confused with Tableau Hardware. He convinced me to leave a stable job in IT security at a healthcare company to come help him grow the company. And the rest was history.So I’ve been in the industry since then. We grew Tableau LLC, and he sold the company in 2010 to Guidance Software. And then just two years ago, Guidance Software was acquired by OpenText and now we’re here.
How long have you been working for OpenText so far?
Two years. One thing I didn’t mention which has actually been more relevant lately: before digital forensics I was in IT security, and then IT infrastructure. That’s been interesting.
About three months ago I took an expanded role, leading product management for all of the security business unit. So that’s basically everything that used to be in software and hardware. That’s my current role: Director of Product Management.
So now you're working both on your previous projects like Tableau, and also on EnCase and OpenText's other solutions?
That’s correct. To be specific, this could be EnCase Forensic, Endpoint Investigator and Endpoint Security, and others. Some ancillary products. And it’s been challenging, but also extremely thrilling, to have a great team.
It’s been fun to bring the teams closer together because they’re feeding off each other now. Our goal is to allow the customer to see that we’re a unified product team.
Can you tell us about the latest digital forensics products and solutions from OpenText?
Sure. We announced a few releases at Enfuse 2019, some progress we’re making in a few different areas. For our forensic software, EnCase Forensic, in the new release we’ve made a bit of change in our strategy, we’re proactively doing performance testing and trying to make our product faster. In the past, it’s been more of reactive strategy.
So it’s just a start, but we’ve released a few improvements to three key workflows where examiners can save up to 50% or more of their time doing things like acquiring a drive, previewing and parsing the MFT remotely or locally in NTFS, and then using our enhanced agent, just copying files. I wanted to show the community that we’re dedicated to actually making our products perform better and be more stable.
Some other things in that same release: mounting Apple Time Machine backup, and modifying deleted files from there. And then a number of other features for EnCase forensic and for Tableau Hardware. We just released and talked about one feature at the keynote [during the Enfuse conference].
One of the most exciting things in this release is the pause and resume feature, which gives users the ability to adjust to changing crime-scene conditions, or whatever priorities they have. They can pause a job and resume later. And this even works across power cycles. And it also does forensically sound checkpointing, so that if there is a power loss, they can recover the job.
Another big feature in that same release is the remote web interface. Customers have been asking for that for a long time, and we were finally able to provide it. It’s remote access, secure access, multi-user access. You just have to have network connectivity to the TX1. It’s disabled by default for security reasons, but it’s really easy to enable it. And you get access to everything and it looks exactly like it does on the local interface. It can be used for monitoring. It could be used to deploy or send the TX1 remotely. And if you have a more trained examiner who is just getting remote access to it, they can monitor it or manage data, or whatever they need to do.
What do you think are the current and future challenges in digital forensics?
It’s interesting that in the past 14 years in the industry the theme has not changed: digital evidence is getting larger. There’s more data, and that’s never changed. I don’t think it ever will. It’s funny: it’s a new challenge, but it’s not. So that’s something we’re always struggling with.
But now, in the last few years, as digital evidence is located everywhere, the challenge, I think, is finding ways to allow examiners to find that evidence, to collect it from everything from IoT devices to cloud storage, and on and on. And not just collecting it, but then once you collect it, actually being able to tell a story with that data. So that’s one thing.
Part of data being everywhere, too, is the encryption that’s becoming more prevalent by default in all these devices. So we’re trying to make sure it’s a major theme of ours to both detect when encryption is enabled and then give the user the ability to decrypt it with credentials. And then there are other tools in the industry we partner with.
So that theme of just data everywhere, getting access to it, is very challenging. We have some things we’re trying to do to make that easier. The other thing that’s extremely challenging is that, as always, there aren’t enough good guys to go after the bad guys. And so we are trying to make our products easier to use. EnCase has been known as a deep dive forensic tool, and we don’t plan on changing that. But what we need to do is figure out a way to allow untrained examiners to use our tool and get a little bit of value out of it, without going through extensive training. And the same for trained examiners who don’t have time. So we’ll be looking at ways to add more data, summary views, and triage type capabilities to get people to do that.
What is the best way for an examiner to keep their knowledge up to date in such a constantly evolving field?
I’m definitely not an expert on that. However, just being in the industry, I think if someone is a forensic examiner, they’re there because they like to learn. If they don’t like to learn, they’re probably eventually not going to be good enough.
With constant learning, the challenge is, how do you keep up? One thing that’s interesting is that 15 or 20 years ago, there weren’t classes in universities for digital forensics: now there are. So I obviously encourage people to try to get either certifications or maybe even a full degree. There are so many opportunities for higher education. Myself, I really enjoy the online free learning, like the classes on Coursera. There are countless quality classes there, even for digital forensics.
And then just attending these industry events, like Enfuse and many others. One thing we’re going to start doing is bringing back user groups. You know, where did the user forums go, that used to exist? Guidance Software has them, but they’re not marketed. This kind of goes along with the theme, I think, of socializing and sharing knowledge, because the vendors can’t always do it. The community needs to do it. So I think learning from your peers through forums.
And there are a lot of great books out there that again, you can learn a lot from. And the last thing would be forensic journals.
What advice would you give to a young person who wants to become a digital forensic investigator?
That’s a good question. I think having a technical background helps. But I tell people, don’t let a lack of that stop you, because you can learn how to do anything, and you can be valuable at many different levels. I think just fundamentally, if you want to do it, set a goal and make sure you decide how to work towards that goal, and work back from there. Start taking classes; start with free classes. If you don’t have the money to pay for more classes, read as much as you can. You can find a mentor in the industry, I think that’s great as well.
When you're not working, what do you enjoy doing in your spare time?
I always love reading: forums, journals, publications, just even historical non-fiction books if it’s not technical or business related. I have four children in high school, which pretty much takes up all the extra time.
I love the outdoors; I live in Wisconsin, so I spend as much time outdoors as I can. I do a lot of volunteering with children: organizations and sports teams and technology committees, and things like that.
