Lee, can you tell us something about your background and why you decided to work in the field of computer forensics?
I used to work in construction law. My father is an expert witness in construction and I worked with him for a large international company. I was originally planning on doing a degree in quantity surveying and had already been accepted to study that subject at university when I was made redundant. It was around this time that Larry Sewell (formerly of Guidance Software) moved in to our community. I’d already thought about going into computer forensics but after meeting Larry, and him telling me more, I realised it was something I wanted to do. I was already looking at changing my degree to computing so when the university started a computer forensics degree it made sense for me to jump ship.I’ve been involved in digital forensics now for just over 6 years.
Can you tell us something about where you work? What type of work do you do there?
I work for a digital forensic contractor in the North West of England. Most of our work comes from police forces around the country but we also see defence and private work come in from time to time. As a contractor for the police we work on cases involving indecent pictures of children, fraud, theft, drugs, and so on. I’ve worked at my current company for just over a year where I am currently employed as the deputy lab manager. I also get to work with my brother, Simon. It’s fun to poke fun at him from time to time.
What inspired you to start recording the Forensic 4cast podcast?
I’m a big fan of Leo Laporte from TWIT and have followed his shows for several years. I’ve known about Cyberspeak for quite some time too and have been a listener of that show for a while. Forensic 4cast started off as a marketing idea. I was at my former employer and we’d had a staff meeting in which the marketing team had asked for any ideas to promote the company. I suggested doing a podcast but the idea fizzled. A few months later I got my first Apple MacBook and was introduced to GarageBand. After playing with it for five minutes I called Simon and told him that we were going to produce our own digital forensic podcast. We’ve been having fun ever since.
How do you decide what to include in each episode?
It’s not as difficult as you may think. As we keep saying digital forensic news tends to trickle out rather then come in tidal waves so we don’t have a great deal to talk about sometimes. We just start talking about the latest stories and if we think there is a valid taking point we stop and discuss it. We don’t rehearse anything that we’re going to say we just read the news articles and feed of each other. We’re still trying to find our feet in a lot of respects and the podcast is still evolving. If someone says “Yeah, I’d love to be on the podcast” then we’ll work it in. I’d love to have more guests but the time difference between the UK and the US makes it difficult to arrange especially when I’ve got a young family at home.
What is the most enjoyable aspect of recording the show? What is the most challenging?
The best thing about the podcast is all the people I’ve met. I flick through my email address book now and its a veritable “who’s who” of digital forensics, and the amazing thing to me is that all these people are so friendly. Its incredible that I speak to well known people in the field and they are instantly accepting of me and treat me like an equal. I think it shows a tremendous fellowship. The other thing is that we are starting to be recognised by our voices. I have been practising my signature just in case someone asks for an autograph.
As far as the most challenging aspects of recording the show, there are always critics. Its impossible to please everyone and that sometimes causes people to speak out in a negative way. I remember one person posted a comment on the site which was quite extraordinary. I had to edit out all the bad language but allowed it to be posted. Everyone is entitled to their own opinion so all comments are welcome regardless of whether I like what they say or not.
What trends do you see in forensic computing and what new challenges do you envisage in the future?
This question comes up frequently. Every year we hear about new technologies that will make our investigations so much more difficult in the future. I think its a little like seeing a cloud on the horizon and pulling out your umbrella as a result. When Vista was released everyone was up in arms saying “bitlocker is going to kill computer forensics” but it didn’t. When Truecrypt was released it claimed that no one could tell if data was encrypted or if it was just random. Now we find that entropy testing can tell us if the data is encrypted. The forensic community adapts and changes just like the people that use this technology. We will see difficulties, that’s certain, but I’m confident that we’ll find ways to overcome whatever difficulties come our way. Take a look at Google Chrome for example. The public beta was released and, within 24 hours, the internet was saturated with Google Chrome parsers. I’m not saying that this will always be the case but we have a very responsive community.
Are there aspects of computer crime legislation (either generally or in specific jurisdictions) which you feel could be improved to allow investigators to work more effectively?
I think its important for the law makers around the world to understand our type of work. That is where the potential problem lies in this field. The PI law issue in the USA was allowed to pass in certain states because the law makers didn’t fully understand the role of digital forensic investigators. They were being misinformed by PI lobbyists on a lot of issues. A large number of them have now been educated and have since made better decisions. This is our responsibility. If laws pass that hinder our work we’re too late. We need to take an active role in educating our politicians about what we do.
One of the questions we're often asked at Forensic Focus is "how do I get started in a computer forensics career?" What advice would you give? What qualities do you think are most important for work in this field?
I started working in the field the Monday after my final exam at University. Some people think that was lucky, I choose to think that people create their own luck. I started my search for a job several months before my exams. I blitzed as many forensic companies as I could find and cold called them to ask if they were offering graduate positions. I wasn’t concerned about where I worked, or who I worked for, I just wanted to get started. One of the companies I called was CY4OR. I scored an interview with them and the rest, as they say, is history. I’ll always be thankful to them for the start they gave me.
I think it is important to make sure that people remember you. If you’ve written some digital forensic software put it on the web and post a link to it on Forensic Focus. It’ll get your name out quickly. Write a blog. Record a podcast. Talk with people from the field. Potential employers will always be more impressed with someone that can hit the ground running.
What are your plans for the future?
My immediate plans are to continue working at Zentek. We’ve just moved to some fantastic new offices where we have room to expand. It’s an exciting time for us and I feel like I’m helping to grow the business.
Long term? My wife is American and she misses her family. We’re looking to get things in order for us to be able to move there within a couple of years. This should be an interesting experience as I’m going to have to relearn a lot of what I currently do as I’m sure that procedures and practices will have subtle (and not so subtle) differences from here in the UK.
What do you do to relax when you're not working?
My family is my life. My two children (aged 5 and 2) take most of my free time. No matter what I’ve had to deal with at work I know that I can come home and the stress of it all disappears when my kids run up to me and try to hug me to death. We often go to the park or play on the Wii together and they love it.
I’m also a big reader. I’ve got a huge list of books that I’m currently trying to work my way through so hopefully I can find the time amongst my work load and producing the podcast to do so.
I cannot stress enough how important it is that people in this line of work find something to hang on to. Its easy to get caught up and become very cynical and even depressed with what we see on a regular basis. Things like family and hobbies help to keep us same and well balanced.
Lee can be contacted through the Forensic 4cast website.