Can you tell us something about your background and how you became involved in digital forensics?
I spent 22 years in the Royal Air Force Police specialising as a Counter Intelligence and Information Technology Security investigator; supporting criminal and security investigations by the examination of recovered computer media, using recognised forensic techniques. I have over twenty years experience of carrying out computer audits and investigating incidents of computer misuse, virus attacks, hacking and loss & theft of data. I have been in the private sector, specialising in digital forensics, for the last 8 years and have worked on behalf of law enforcement agencies, solicitors and corporate clients on a variety of UK based and international cases.What services does CY4OR offer?
CY4OR is recognised as an industry leader in the investigation of serious and complex crime, and civil litigation cases. We have extensive experience in conducting investigation on a broad range of digital media including computers, mobile devices and audio and visual analysis. We compliment our forensic offering with full eDisclosure, cell site analysis, data recovery, data destruction, vulnerability assessment and penetration testing services.
What is your own role?
I am responsible for directing all investigation and consultancy services; accountable to the board for all operational and technical aspects of the business.
Tell us more about CY4OR's growing focus on eDisclosure and eDiscovery. How important have those services become compared to "traditional" computer forensics?
eDisclosure was a natural progression from digital forensics for CY4OR. Both disciplines involve handling data in a manner that ensures preservation and interpretation. We have moved with the industry and as litigation and regulatory pressures are now a fact of life for many organisations, as well as dealing with an ever increasing amount of electronic data, edisclosure is now becoming the norm in many cases.
Forensic readiness planning is something we all know is often ignored but can make a huge difference whenever an investigation is required. How difficult is it to convince clients to engage in this type of planning?
The FRP stick isn’t big enough yet. Sarbanes Oxley and Government guidelines are not sufficient and the general consensus is that a generic Internet template is adequate to ensure that their organisation is responsive to a compliance request or to support an internal investigation. In my experience, those corporate organisations that have signed up to a focused forensic readiness plan see the benefits instantly but it is a hard sell.
What trends do you see in forensic computing and what new challenges do you envisage in the future?
The major challenge we all face is understanding the complex storage systems that make up today’s corporate infrastructures; where, and how, to collect and preserve critical data and adapting analysis techniques accordingly. Storage devices will have the capacity to hold much more data; hopefully digital forensic tools and appliances will be developed accordingly. No doubt budgets will dictate that the current trend towards automated tools for collection and preliminary processing continues. Unstructured triage concerns me; let’s hope that standards don’t drop and competency training is adopted accordingly.
One of the questions we're often asked at Forensic Focus is "how do I get started in a digital forensics career?"
There are limited opportunities within the industry to those without a degree or relevant experience; an appropriate University course with a work placement option is a great starting point. Any work experience within the industry is a valuable addition to your CV; also, prepare to diversify as there are lots of disciplines now that can lead to an interesting career in digital forensics. Think about your CV; there are a lot of people trying to break into the industry and employers can be selective.
With regard to that question – but also more broadly – what qualifications, skills or qualities do you look for when assessing potential employees?
Communication skills, oral, written, and technological, are essential. Technically, all my team need to be able to acquire data from a wide range of complex storage structures; therefore hardware, network and security skills are fundamental. With experience I would be expecting to see appropriate vendor specific training; any other relevant training or skills is a bonus. Any programming skills will assist you and don’t overlook specialist niche areas e.g. database forensics.
What would you most like to see changed or improved in the field of digital forensics?
Individual accreditation, not related to a specific product, which is recognised throughout the industry. How much time and money has been wasted on schemes that have gone nowhere? We still don’t have a joined up approach and all certifications equal significant investment; from a private sector perspective, which ones will assist business development?
What is the most rewarding part of your job and what are your plans for the future?
Developing careers, giving opportunities to graduates and seeing individuals progress within the industry; it highlights that my recruitment policy is effective (seeing many former employees working for the larger organisations). Extending information security to the wider threat from cybercrime; enhancing our investigation capability in the corporate market place on the back of the ‘Cyber Security’ revolution!
What do you do to relax when you're not working?
I’m not sure ‘relax’ is an apt description but I follow my team home and away (I enjoy travelling as well); football is an emotive subject and my many friends in the industry will know where my loyalties lie!
CY4OR can be contacted as follows: