Mark McCluskie, EMEA Head Of Investigations, Nuix

by

Mark, you've recently joined Nuix as EMEA Head of Investigations. What does a day in your life look like?

Being new to both Nuix and a corporate environment, each day is turning out to be considerably different and very busy! In essence, it’s about working with our customers, helping them to get the most from Nuix; using my previous experience and knowledge I know what they need to do to be successful. Helping customers drive efficient workflows is one of my key objectives.An example I can share went like this:

I was in Cork where I met with my colleagues to discuss how we could improve various aspects of some of our products, I then travelled to the UK to meet with a customer who has just purchased a Nuix Lab and some Web Review & Analysis licences.

They were seeking advice and guidance on how best to approach some large-scale investigations and how to make the most efficient use of their hardware, software and digital forensic staff.

During the meeting we discussed plans that would enable them to have a collaborative view of all their data in the cases, and to enable both an intelligence and evidential review to be carried out simultaneously on the same data set. Then it was a quick journey to the airport and return flight home. A busy day.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

You previously worked in law enforcement – what's it like moving from LE to corporate forensics?

It’s a strange feeling; being so long in LE I felt sort of institutionalised to some degree. I knew all the various teams and units involved in investigating complex crimes, and knew who to turn to for specific assistance. I also had a great team of highly skilled forensic officers and detectives in my unit who were dedicated to solving complex digital crimes. That comfort comes from time, which I’m sure will build quickly in my new role too. Being in LE, we had an almost militaristic structure and discipline, which I suppose is not so evident in corporate work. That was a very noticeable change.

There are benefits of course. It’s a massive opportunity to continue doing what I used to do, help in a small way to keep people safe and put the bad ones away if possible. Also working in a corporate environment and it not being so structured I am enjoying the ability and freedom to grow ideas and am empowered to deliver on them.

Collaboration is one of the most frequently cited challenges in digital forensics, both between LE / corporate / academic and between nations. In your opinion, what can we as digital forensics practitioners do to address this?

I think this was more of a problem 5-10 years ago than it is now.

I’m sure we have all worked in, or been part of “little empires” where some in the industry strive to become experts, or highly skilled in some area of DF / Cyber, and want to build their lab/unit/firms up to be the envoy of others. That research, expertise or skill set is to be admired, yes, but if we as a community wish to grow, detect or prevent crimes, make our digital world a safer place, then I believe we need to share and work much closer together.

Part of the role of the Investigation Team in Nuix is to promote collaborative review, working with customers to ensure they get the ‘right data’ in the hands of the ‘right people’, whether that be internally or externally for them. We have seen massive growth with technology and its capabilities, but all that technology should not be a hindrance or barrier to collaboration, but rather a conduit to enable sharing of relevant data/ evidence / intelligence, all to help make the world a much safer place.

I fully understand the competitiveness between commercial firms, and indeed the fact that corporates are there to make money, but none of us can solve all the problems ourselves.

Courtesy and professional respect with each other will go a long way, and of course, a willingness to go the extra mile for others with a problem no matter which box they or their employer fits into.

Challenges between nations is I’m afraid, way above my pay grade! However, I can testify that in the majority of my recent large scale LE investigations, most of the nations we needed assistance from were more than willing to help; even if not at that high official level, than almost always between the LE agencies themselves.

The bigger problems of course are the nations who simply don’t want to, or be seen to, offer assistance to help solve crime. Nation states who promote or quietly endorse cyber crime for their agendas will become an even greater problem for both the majority of other nations, and indeed, the wider global population who will be affected on a personal level.

You have a lot of experience of working on large-scale investigations; what are some of the specific challenges associated with these, and how can they be addressed?

To some degree, this has been part answered the previous question; with challenges around assistance from corporates, or other nations.

However, I will cite just 2 other specific examples;

1) Where is the “data” and do UK (or indeed other) LE agencies, have full legal authorities to capture that? Examples (hypothetical of course) would be: you are examining a suspect’s or custodian’s mobile device, and it’s either damaged, or encrypted, but you would have access to their “Cloud” account; can you, should you, do you, pull that data down? (Presuming they don’t give permission.) Where is the cloud data? Which country? Which server farm?

2) The sheer volume of data from multiple devices in one case or investigation. Long gone are the days of single examinations, on single devices, with single reports. It doesn’t really matter if corporate or LE, but we now have problems with the scale of data from computers, home, office, laptops, 2 or 3 phones and tablets, all per SOI (Subject of Interest). Add multiple subjects to a large case and in reality, where do you start?!

This is one of the reasons I joined Nuix, who provide a solution to this problem. We need to look at tools that can deal with all the (big) data, structured or unstructured, from many sources, then provide that “single pane of glass” insight into the case, using things like, multiple / remote reviewers, advanced analytics and artificial intelligence. The latter is a reasonably new concept in DF, but I firmly believe, in a year or two, we will see great advances in using AI to progress a lot of the “bulk” in DF
investigations.

What can awe expect to see from Nuix's investigations team over the next year or so?

We are starting to really see an increase in the number of ‘labs’ using ‘labs’! It’s a confusing term sometimes, but whilst there is tremendous value in using some of our stand alone products such as Workbench, I understand it is just another tool in the DF’s toolbox, and I appreciate we all have had our favourites tools, the ones we have used for a long time, or become highly familiar or skilled with using.

As a discipline, we are moving (slowly) away from that single examination / report to more of a collaborative approach. Forensic Labs are growing in size, due to demand. Our Nuix Lab solution is being deployed in more and more of these physical DF labs, and agencies, but there is a lot more work to do here. Yes, the ‘big’ data bit is sorted and scalable, yes the multiple and remote viewers are sorted, yes, we have advanced analytics, but there is still room to grow and develop.

Thankfully, Nuix has had the vision to employ Subject Matter Experts (SMEs) and Industry Specialists, in order to become ‘trusted advisors’ to our customers. We have people in our teams that have been in the customer’s’ shoes, and know / understand the challenges that they face. Our mission, and specifically of our team, is to help those customers get the best from our technology, whilst at the same time listening to them to ensure we build the right and best technology. Examples of recent feedback
and developments include integration with Project Vic & O Data compatibility, Photo DNA, Mobile Integration & partnership with MSAB. I see a lot more of these types of developments coming in the next year or two.

Finally, when you're not working, what do you enjoy doing in your spare time?

What is “spare time”? Only joking.

I spend a lot of it motorcycling. Both in a club with my ex LE colleagues, and with my Local Institute of Advanced Motorists (IAM), which is a UK charity, where I volunteer as an Advanced Observer to those bikers wishing to improve their riding skills.

Holidays are of course also a firm favourite, along with good food and wine. I used to play the piano many years ago, and have recently taken the notion to get another one and start trying that again, I pity the neighbours!

Mark McCluskie is EMEA Head Of Investigations at Nuix, a full-service digital forensics company covering small and large-scale investigations.

Leave a Comment

Latest Videos

Forensic Focus

Forensic Focus
In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools. They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi. Show Notes: A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234 YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/ Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools.

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_7QiFTiuY7Vw

AI In CSAM Investigations And The Role Of Digital Evidence In Criminal Cases

Forensic Focus 22nd March 2023 11:44 am

Throughout the past few years, the way employees communicate with each other has changed forever.<br /><br />69% of employees note that the number of business applications they use at work has increased during the pandemic.<br /><br />Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.<br /><br />Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.<br /><br />Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.<br /><br />With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.<br /><br />Join Monica Harris, Product Business Manager, as she showcases how investigators can:<br /><br />- Manage multiple cloud collections through a web interface<br />- Cull data prior to collection to save time and money by gaining these valuable insights of the data available<br />- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box<br />- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee<br />- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 11:00 am

As a hybrid working environment continues to be a way of life for many professionals, the way employees communicate has been altered as well. The scope and volume of data that needs to be collected and reviewed from computers, mobile devices and cloud applications is evolving. As the devices and collaboration platforms employees use changes, the approach to collecting data generated on emerging devices and platforms grows increasingly complex as a result. In a 2022 Endpoint Intelligence benchmark survey, only 65% of legal professionals are confident in their ability to collect relevant data from endpoints. Understanding this ever-changing collection landscape is essential for legal and litigation technology professionals as modern data increases in volume in discovery. Join Monica Harris, Product Manager at Cellebrite Enterprise Solutions for an educational discussion on the what, when, why and how of modern data collections for legal teams.

As a hybrid working environment continues to be a way of life for many professionals, the way employees communicate has been altered as well. The scope and volume of data that needs to be collected and reviewed from computers, mobile devices and cloud applications is evolving.

As the devices and collaboration platforms employees use changes, the approach to collecting data generated on emerging devices and platforms grows increasingly complex as a result. In a 2022 Endpoint Intelligence benchmark survey, only 65% of legal professionals are confident in their ability to collect relevant data from endpoints.

Understanding this ever-changing collection landscape is essential for legal and litigation technology professionals as modern data increases in volume in discovery.

Join Monica Harris, Product Manager at Cellebrite Enterprise Solutions for an educational discussion on the what, when, why and how of modern data collections for legal teams.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_jVTDS1UTTtA

We’re Not in Document Land Anymore: Modern Data Collections for Litigation Technology Professionals

Forensic Focus 6th March 2023 10:00 am

Load More... Subscribe
This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Digital Forensics Round-Up, March 23 2023
News

Digital Forensics Round-Up, March 23 2023

ByForensic FocusMar 23, 2023
UPCOMING WEBINAR – Identifying And Triaging Security Risks In Your Organization
News

UPCOMING WEBINAR – Identifying And Triaging Security Risks In Your Organization

ByCellebriteMar 23, 2023
AI In CSAM Investigations And The Role Of Digital Evidence In Criminal Cases
Podcast

AI In CSAM Investigations And The Role Of Digital Evidence In Criminal Cases

ByForensic FocusMar 22, 2023
Tips And Tricks: Data Collection For Cloud Workplace Applications
Webinars

Tips And Tricks: Data Collection For Cloud Workplace Applications

ByCellebriteMar 20, 2023
ADF Solutions Offers Complimentary Mobile Forensics Training On March 22nd
News

ADF Solutions Offers Complimentary Mobile Forensics Training On March 22nd

ByadfsolutionsMar 16, 2023
Digital Forensics Round-Up, March 16 2023
News

Digital Forensics Round-Up, March 16 2023

ByForensic FocusMar 16, 2023
Share to...
BufferCopyFlipboardHacker NewsLineLinkedInMessengerMixPinterestPocketPrintRedditSMSTelegramTumblrVKWhatsAppXingYummly