Tell us about how you first got into digital forensics, and what kept you in the field. How have you seen it evolve over the past 20 years?
The cliché is that many folks that ended up as a LEO using technology to fight crime stemmed from the fact that they knew how to make the printer turn on (or some variant of that). ???? I definitely fit that cliché but then as we started addressing the concept of “they have the information you’re after on the computer in the kitchen” during search warrants, it became apparent we had a whole new “search and seizure” and subsequent “what do we do with this now that we seized it?!” problem set to figure out.I was one of the lucky ones that was able to attend training (more than one even!) to counter that problem set early on, and that set my mind down a completely new path – still rooted in law enforcement, but from the enforcement side to the education angle.
How do you personally stay current with all the rapid changes in digital technology and forensic methodology?
Like the rest of the community, I read, sometimes cry, sometimes smash my head on the wall, sometimes jump for joy. The common thread in my last 20 years is a constant learning curve. During the computer forensic reign, there was a consistent flow of new hardware, new software, new file systems, new workflows, new best practices, etc.
The ediscovery boon brought more new models and workflows; incident response continues to feed the learning curve; but mobile – wow, pick a new phone or new app and try to keep track of the changes on a full-time basis – phew !!
You built much of your career as a digital forensics trainer and leader. How did you specifically get into training?
Back in the law enforcement timeline segment, I was fortunate to enjoy educational opportunities in the undercover realm – teaching cops how to unlearn the cop mentality. Turns out in the eternal question of “Do you make a cop into a techie? Or a techie into a cop ?”, it was very effective teaching a cop to learn to be a techie. And though you have to weave some adult learning concepts into the conversations, they are still good conversations as everyone likes to learn new things! If there was one job that would make me actually give a badge back, it was one that still let me interact with and help LE get their jobs done better!
What do you like best about training? What do you feel can still be improved upon?
This is a tough answer as I am obviously biased. ???? When I can make you have a better day with the tools you obtained from my company, that makes me tick… I love when a light bulb flashes in someone’s head, especially when they in turn pass that knowledge on… when you can pay ROI forward for folks when they acquire new technology… you are mastering the science and art of technology education.
Oxygen work with a number of national police organizations, including IACIS, for which you've provided training and leadership. What's universal across countries and law enforcement agencies? What are some differences?
By and large, around the globe, the most universal concept I see is a backlog of data. There are several analogies for the amount of data we produce every day – even in the last 5 years vs. the last 25. My experience has been that working smarter (technology analytics) and getting the correct work in the correct hands does wonders combating those frustrations.
In terms of differences, some of the larger challenges around the globe (though different relative to jurisdiction / law / culture, etc.) are time (there is never enough of it in the digital forensic world); money (the wrong side of the law have more of it); and education (the more people on the same page, the better everyone works together).
You mentioned IACIS. The International Association of Computer Investigative Specialists is a beacon of light combating the education issue. Practitioners from around the globe obtain access to uniform / globally-accepted education and subsequent certification programs that allow challenges from around the world to be normalized into conversations that benefit everyone with the problem.
I should probably qualify that I’m not intentionally trying to plug IACIS but I spent many years volunteering with the organization – it definitely filled my love tank for education.
What have you learned about the digital forensics community's needs over the course of your career, and how will you bring this learning to bear in your new role as Oxygen Forensics' Director of Training?
The first things to drop off when the economy struggles are travel and training dollars. Add to that the fact that it’s hard on people to travel from home / be out of the office / etc… and you have a recipe for “remote training”.
The training delivery mechanics at Oxygen Forensics already include onsite and Learning Management System delivery. Our next push will be to engage a remote learning capability allowing students and instructors to meet in the cloud. This interaction is still live with an instructor and hands-on with the product, except in this fashion no one has to travel. Saves time and money for everyone!
Additionally, electronic course materials can be integrated options as new content is developed. Have you ever shipped a box of books? Ayyy!
The ultimate goal is to provide the richest “knowledge content” deliverable, in the most time efficient and cost effective models available. It really is “all about the student!”
What advice do you have for new forensic examiners seeking their first training courses? For experienced examiners looking to keep their skills fresh, and to learn new skills?
Diversify your technology. There is no one magic bullet of technology that does it all. Having more than one tool available when doing this type of work might not be the guaranteed best way to do things every single time, but it can certainly help when it comes time to validate findings and maybe find other artifacts.
Always be learning. Or know how your tools operate. I would offer the most recognized industry standard of “button pushing cowboy” as the analogy professional educators and practitioners strive to avoid. No one wants set bad precedent or case law by not being able to describe how they discovered the artifact that makes or breaks the case.
Finally, take advantage of the networking opportunities available. This is a niche industry to be sure. Collectively aggregating knowledge 20 years ago was one thing, but the collective global knowledge available today (through listservs, books, online repositories) is massive and can’t afford to be overlooked. We alllllll help each other.
What do you see as the most interesting or significant change to come to the industry, and how do you feel Oxygen Forensics is in the best position to address it?
I surfed the computer forensic wave for 20 years. The tools and technologies I was using 20 years ago just wouldn’t cut it today — I could process an America Online email filing cabinet with the best of them, but today’s mobile upheaval has turned that computer forensic wave into a mobile technology tsunami! Oxygen Forensic Detective is my surfboard now… and with its constant technology innovation and customer-centric industry support, it puts our training team in a great spot to support our industry users and the company in a great spot to do what we do best: make the world a safer place!
Find out more about Oxygen Forensics' products and training programs on their website.