Jonathan Krause is the owner of Forensic Control, which he established on 2008. Based in London they provide computer forensics services to law firms and corporate clients.
Jonathan, can you tell us something about your background? How did you get started in computer forensics?
Well, I’ll begin by saying I’m not from a completely techie background! I’ve got an MA in Town Planning which I guess may be unique in computer forensics? I’ve also worked as an English teacher in Japan and in the book trade in London so you could say my career has been diverse, which I definitely see as an advantage. Varied career and life experiences certainly help in contributing to my investigative ‘mind-set’ and in dealing with people from many different backgrounds.I’ve been working in IT security for over 8 years, the first 4 of those years working as a firewall administrator for a central government department. I felt my career wasn’t progressing there and saw that the Metropolitan Police in London were looking for computer forensic analysts at their Hi-Tech Crime Unit at New Scotland Yard. After a lengthy selection process I was fortunate enough to be asked to join and feel that I probably had the best introduction to computer forensics I could’ve hoped for. It was an excellent environment staffed by highly talented people and my time there really emphasised the importance of procedures and quality control alongside technical competence as key areas of a successful forensic operation. Since then I’ve worked at a variety of places both on temporary contracts and permanent positions including at QCC Information Security and a short spell at BDO Stoy Heyward, both in London. I’m lucky in that I’ve worked in a variety of forensic organisations which has given me a good perspective on understanding what makes for a quality forensic service.
What trends do you see in the industry and what new challenges do you envisage in the future?
That’s an easy one; I predict there will continue to be rapid change. Apologies if that sounds like a cop-out but it’s a truism and one of the things I like most about this field; what you’ve learnt is good enough for today but you have to keep learning, testing and experimenting to keep on top of things. Having said that, some things don’t change such as the basic principles of evidence handling.
On a more specific note, we’re seeing storage moving away from the end user’s machines and towards being accessed increasingly through networks on centralised servers which may be difficult or impossible for an investigator to access. As such there may be less to be gained from looking at local hard disks and more emphasis required on extracting and analysing local volatile data. This can be a complex area but the techniques here are improving all the time.
What does the phrase "best practice" mean to you in relation to computer forensics?
That’s an interesting question. Within computer forensics the aim of best practice should be to provide an efficient method of producing the best possible end product which is admissible in a court of law. In the UK this is likely to mean adhering to the Association of Chief Police Officers’ Good Practice Guide for Computer Based Electronic Evidence. This is a respected guide but does not suit all being primarily aimed at law enforcement so its relevance may be limited. I believe the industry would benefit from a more inclusive approach to best practice being developed; one that could be applied broadly to both law enforcement and non-law enforcement work, that all were welcome to contribute to and that isn’t tied to a specific legislature.
We should also bear in mind that best practise is most effective when it fits in with individual needs and circumstances and not the other way around!
What would you most like to see improved within the computer forensics industry?
I can only answer this from a UK perspective; I think in order to improve the reputation of computer forensics and its practitioners we’re in need of a professional body that all practitioners are obliged to join which publishes standards that members must adhere to. I’m thinking of a body similar in role to the Solicitors Regulation Authority or the General Medical Council. I think we’re quite far from this though; first there needs to be an agreed set of standards and second, which organisation could carry out this role?
What qualities do you think are most important for work in this field?
A good computer forensic analyst needs to be a ‘jack of all trades’. Technical competency on its own isn’t enough; you should also be good at explaining technical matters to non-technical people, be able to communicate your findings clearly in reports and presentations, think objectively and above all to have an open mind. Don’t assume or second anything without testing and proving your assumption.
One of the questions we're often asked at Forensic Focus is "how do I get started in a computer forensics career?" What advice would you give?
Qualifications and training do go a certain way to the ‘making’ a computer forensic analyst but I think someone wishing to enter the field needs to show a bit more than that.
As well as having the qualities as in the previous answer I think if an individual could display their enthusiasm and ability it would be impressive. This could range from having set up some sort of home ‘lab’ (cheaply done with old computers and something such as Helix) to even offering to work for free or for a reduced rate for a set amount of time to show your capability; however this won’t be an option in most law enforcement roles unfortunately.
What is the most rewarding part of computer forensics? What aspect do you find most challenging?
I’ll combine my answer and say that I find it rewarding because it is challenging. Every day is different and it’s a constant learning process; there’s no time to get bored or complacent. Each case is a challenge in itself and can almost be viewed as a game; you’re pitting your wits and experience against a computer/its users and you have limited time and resources to complete your task. It’s just an enjoyable job.
When working on behalf of law enforcement the rewards are even more tangible – feeling that you’ve played a key part in contributing to the justice system (whether putting away the bad guy or clearing someone’s name) is very satisfactory.
What do you do to relax when you're not working?
We’ve got a one year old boy so much of my time is taken up with playing with and looking after him. Apart from that I go and watch Nottingham Forest whenever I can, and enjoy all sorts of music and film. I’m fortunate enough to live within walking distance of London’s South Bank area so the family is often there on weekends taking advantage of their events and exhibitions. Travel is something else I also greatly enjoy with Japan and Andalucía being two particular favourites.