John Huperetes is a sub-contractor to the US Department of Defense and any views herein do not represent those of his contractor or of the DoD.
John, please tell us about your current role.
I am contracted to be “senior forensics instructor” and assist in developing and delivering cyber investigation training courses for DoD organizations, Defense Criminal Investigative Organizations (DCIO), military counterintelligence agencies, and law enforcement organizations.
This gives me the opportunity to review and sometimes experiment with bleeding edge digital forensics, and transfer the acquired knowledge to others.I started off tinkering with electronics at a very early age. I was much better at shredding electronics than putting them back together. I moved to programming, first for processors, memory and controllers, thereafter databases and finally networks. A few consulting stints and I shifted to security permanently.
Incident response in security naturally pushes into forensics. A few more permanent and consulting jobs, and about a decade ago I took a job with a large financial firm working on forensics.
I got a call from a contractor for my current job, and that is how I ended up here.
What is the most challenging thing about your job? What do you find the most enjoyable?
The most challenging part of my job is always having an open mind toward new techniques and ideas. It is not just a time consuming but also an exhausting process. It is not unusual in our field to learn something, just to later discover that there are caveats galore! I enjoy the camaraderie of the experts, instructors and students, and the new discoveries I get to make.
In your opinion, what are the current hot topics in digital forensics? What should we be looking out for as forensics professionals?
There are many – some are technology related, some are regulatory, some are community and some are just local issues.
I think major overlap of distinct technologies, yet specialization in various areas is one of the hot topics. For example mobile phones and smart devices are getting closer to being general purpose computers. At the same time there are some very special forensic requirements around these devices which are not present (yet) in most computers. Some say specialization is required, and some say existing methodologies can be ported without issue. Some say special training is needed, and some suggest general purpose is sufficient.
Another hot button topic is licensing and certifications. With all the tribulations other forensic branches are going through, it is just time before ours is scrutinized.What licensing should be imposed, if any, on the industry? Who decides what is a valuable certification? Which certifications are worth pursuing?
Finally, push button forensics is a topic that comes up often – the “CSI effect”, whereby waiting for some beeps and blinking lights will resolve everything in just a few minutes. Unfortunately we have some practitioners who lack some fundamental knowledge yet present themselves as experts. We do have some tools that work almost in push-button fashion. Yet, when such a “CSI effect” practitioner is probed further the answers are muddled and cringeworthy. Remember the “caveats galore”? By its very nature, push-button tools cannot and will not account for all the out of norm caveats.
What advice would you give to people who are just starting out in digital forensics? What do you wish you’d known when you first started?
Quit, and become a farmer.
Your labor will be positive, as you will feed or clothe someone. As a forensicator, your work will rarely be about exoneration. As a farmer, your outcome is almost always positive to the humans. As a forensics investigator, the outcome is almost always negative to at least someone. That can grind a person down.
Ever hear of a farmer that needs periodic psychological consultation because they have nightmares from looking at their crops? There are plenty in the digital forensics field that will attest to sleepless nights.
A long time farmer will be able to take a hand shake and trust his fellow man. As a forensics investigator one can become jaded and learn to mistrust most people. A certain mistrust, even paranoia in our field is not unusual.
A farmer can come home and talk to the family about Bessy giving less milk. You will most often not be able to, and would not want to discuss your work at home.
Our field is a vertical market. That is, few buyers and they are in specialized industries. Our industry is jam packed with “experts”, and big name firms with their “experts”. Everyone who has seen a few episodes of CSI and NCIS is an “expert”. Your chances of hitting it big financially is slim.
You will not get $1,000 suits. You will not drive the latest model cars. You will not be working with perfect 10 looking co-workers.
If you still insist on being in digital forensics, make sure you enjoy reading, have the aptitude to do digital track-down of information, then join the military. Once you become a civilian, get several “certifications of the day”, possibly a forensics or security baccalaureate, and join a firm to apprentice. Later down the road you might be able to hang out your own shingle.
I wish I had known in the beginning that it is not necessary to know everything, just to know where to look and whom to ask.
What do you do in your spare time?
I spend time with family, work around the house, hike, cook, and read. I try to stay way from the computer and TV.
John posts in the Forensic Focus forums under the username 'jhup'.
