Sam, can you tell us something about your background and how you became involved in computer forensics?
Prior to university, I’d never considered computing as a potential career; in fact, I hadn’t really used computers apart from playing games. I decided I wanted to be a physicist and solve the world’s particle physics problems. After embarking on a physics degree, I became more interested in computers (even though they were running 3.1 and Solaris!) I made the radical decision to change my degree course to a BSc in computer science even though I was a complete novice in the area. However, I learnt very quickly and really enjoyed the challenges and problem solving. I was also lucky to work in two summer internships in IT departments at Morgan Stanley during my degree, so I at least had an appreciation of bigger businesses.After my undergraduate degree, I embarked on research into the human factors involved in 3D imagery on 3D display systems – again a completely different area from my previous computing experience. However, I liked the mathematical challenges and the combination with human vision psychology. At the same time I was also working in contracting in web development and providing tutorials in all different types of computer science for undergraduates. I really enjoyed the teaching but I found being a programmer quite monotonous – it was a great insight into proving that a full time role in computer programming was not for me.
The research time and ability to develop a questioning mind is invaluable in my career today but after a few years of academic research I was really looking for a business driven challenge. An opportunity with Keith Borer Consultants, a forensic science company based in Durham, was presented to me and I started working as a mobile telephone/cell site examiner. There was lot of flexibility and encouragement and I was able to perform research and development into whichever digital fields I wished to explore – so I opted for them all!
What services does Sam Raincock Consultancy offer? What is a typical working week like?
The business is primarily concerned with providing a combination of computer investigation/expert witness services and IT security assessment services to corporates and solicitors alike. I love solving complex problems so I particularly enjoy computer forensic cases involving technically complex scenarios/problems or software system assessments (how does software A produce B logs and what do C logs actually mean).
In the telecommunications field, SRC can offer a full range of services but primarily concentrates on taking expert instructions in complex connection record and cell site analysis cases and providing advice to other companies in these types of cases.
My current passion is working in the breadth of the IT security fields with particular interest in ISMSs, the effective use of encryption, procedures for forensic labs, corporate investigations, process improvement post incident and the ISO 27001 standard. Very recently, I was accepted to work as an assessor with A2LA regarding digital and telecommunications lab assessments. I am very excited to be a part of the American new forensic lab standards.
I also provide training in all of the above and in my ‘spare’ time I write papers and perform research. I am also studying for the CISSP and ISO 27001 lead auditor certs.
Currently, a typical week is very long – around 80 hours if not more. Working in so many fields is quite a challenge but there is also the business element too – I have become my own accountant, marketing manager, IT Manager etc. However, I love the all round skills it is providing me with and how it enables me to work with a diverse range of partners, bodies and clients.
What new challenges do you envisage for digital forensics in the future?
I consider the current biggest challenge involving defining a suitable and workable quality standard throughout the range of areas. I personally believe this should include a strong element of individual based competency assessments and defining levels of expertise similar to how CRFP functioned. However, any form of auditing and assessment criteria must be a good thing if it will be a progressive move to providing more emphasis on quality and justice.
What would you most like to see changed or improved in the field of digital forensics?
Cell site analysis – a field in which the general location of a mobile telephone can be established based on its past connections.
Currently, the area is poorly researched with little emphasis on determining, through scientific testing, how variable the mobile network can be. In previous cases, I have found some serious errors including completely reversing opinions about if a mobile telephone could have been at a given location.
Additionally, the current portrayal of this area to jurors concerns me, since it is often perceived to be a strong scientific area which can almost pin-point a mobile telephone (too many people watching CSI!).
I would like to see changes with respect to how CSA reports are used in courts so that it is made clear to the jury the limitations of the evidence. Ideally I’d like experts to obtain their status via research and knowledge of how the network behaves and how this relates to CSA with clear distinctions between cell experts and those interpreting a limited number of handset readings per case.
Are there aspects of current computer crime legislation which you feel should be improved?
I would like to see a review of the indecent images regulations. Firstly, the CPS charging these cases using a set standard throughout the country. Currently, the county the defendant resides in can affect the type of charge or even if the person is charged.
Secondly, I would also like to see charging differences to potentially reflect the public interest. Personally, it is my view that a 17 year old in possession of images of 17 years olds is very different to a 40 year old in possession of images of 10 year olds. However, both defendants end up on the sex offenders register upon conviction with the same charges on their records (making/possession).
With this in mind, I would like to see the sample charging system similar to the statutory rape laws with a different charge being applied to fit the seriousness of the crime in terms of the ages and levels. However, there would be no simple solution to making this part of legislation more effective – with the ultimate goal of ensuring the safety of children and preventing reoffending.
What forensic software do you use and why?
I often examine files in their raw format – secretly I am a bit of a geek! I don’t tend to use a lot of forensic tools. However, I do like FTK for the diverse range of packages it provides. I particularly like the decryption tool and registry viewer.
I also like Encase particularly for the hashset functionality and the ability to run bespoke queries and EnScripts. VFC, Event log explorer, Mount Image Pro, VM Ware, Netanalysis etc. are also great tools to have at your disposal.
What advice would you give to someone considering a qualification/certification in computer forensics?
I would advise them to decide what area of computer forensics they wish to pursue, at what level and if their personality and skillset suit the area they wish to work in.
In general, it is a choice between criminal and corporate work. Each sector provides their own challenges, but different requirements for previous experience and qualifications.
If a candidate is wishing to work in corporate work or in a private company then they will likely need to have a strong academic background and/or proven experience. Hence, my advice to any novice wishing to pursue this area would be to complete an undergraduate and possibly a postgraduate degree at the best university they can apply to. Be realistic because it is competitive field – the big businesses will be looking for first class degrees from the top 10 universities.
Candidates wishing to work in criminal work are likely to have more options available for a less academic/experienced background. For example, applying to the police as an officer and moving (where available) into the computer forensic division and receiving the necessary training. This certainly won’t be the easy option as the candidate would have to embark on learning the large range of skills required for law enforcement.
What qualities do you think are most important for anyone working in this field?
In general, they are going to need good report writing skills with a particular ability to describe technically complex matters simply, the ability to deal with clients/legal advisors/members of the public, an eye for seeing the obvious and presentation skills – they may have to go to court!
The other essential skill is an ability to problem solve to a required level – I’d recommend anyone working in this field to ask themselves honestly if their problem solving involves seeking advice from someone else/attending a training course, if they enjoy the challenge of researching problems themselves or if they are somewhere in the middle. This will affect what type of work they will enjoy and be successful at.
What is the most rewarding part of your job? What aspect of your job do you find most challenging?
The most rewarding part is playing my part in helping to assist with the Justice process (albeit a small part). I have worked on cases where they have overturned based on my evidence. It makes the whole process worthwhile. For this reason, I am looking forward to working on some Innocent Project cases.
The challenging aspect for me is due to my own personality. If I believe I can bring value to a case or help a client fulfil expectations imposed on them then I am inclined to accept it. Hence, I end up working my weekends or burning the midnight oil.
What areas do you see yourself exploring in the future?
I shall hopefully spend the next few years experiencing new business and technical challenges. However, I do have a strong voice in the back of my mind pushing me into IT Law. I find the law fascinating and it allows me to meet some great minds. I am still considering my options but believe I may one day look rather fetching in a wig…
What do you do to relax when you're not working?
For the past year I’ve not really had a lot of spare time and this will not change in the next few years. However, my main passion is cooking and great food and wine. I try, where I can, to combine my passion for food with my work travels.
I also have a lot of interests but particularly love cars, the top level on Technogym steppers, fashion, meeting random people, modern art and design, horseracing, travelling…. I dream of a time when I can go windsurfing and sip bubbles in NYC again.
Sam can be contacted as follows: