Angelo Floiran, a faculty member of the University of New Haven’s Masters in Digital Forensics program, reviews Rob Fried’s new book, Forensic Data Collections 2.0. Rob Fried is Senior Vice President and Global Head of Forensics and Investigations at Sandline Discovery LLC.
As a professor at the University of New Haven, I have often been asked “what is the best tool a detective can get to solve crimes” or some variation of that question. Be it in violent crimes, cybercrimes or even digital forensics. When it comes to digital forensics the tools are the most important. The various software companies in digital forensics are always competing to be the best and show why they are the best tool. However, like any tool for any job, it is only as effective as the hand it is in. This is why the best tool for any part of any investigation is bringing together a group of different people with different experiences and pointing them towards the same job and telling them, “Solve this case!”. Just like it takes electricians, plumbers, carpenters and a lot of other different experiences to build a house, the same efforts are needed to solve a criminal investigation.
In Forensic Data Collections 2.0, Robert Fried has given us the best tool we can have by bringing together not only a bunch of great minds, but he has pointed them at specific scenario’s and set them towards solving the case. The provocation of ideas is so valuable to any investigator. Since no two cases are the same, brainstorming ideas and bouncing ideas off each other is how we develop strategies to approach the specifics we are dealing with in the specific case. This book works to start those discussions. It is not just the various authors saying, “this is how I do this”. The methods are a great start to any discussion because the authors all know what they are talking about – a compilation of approaches does so much more. Now as a reader of this book, you don’t have ‘two heads is better than one’, you have multiple heads being better than one, as Robert and the various co-authors here dive into different scenarios and start the discussion of not how to solve a case, but how to move it forward.
Readers will notice the book starts with Robert explaining the importance of “being a trusted advisor”. Within this section he talks about collaboration and bringing people together. Obviously, this is not just words but actions, because Robert has proven his efforts in collaborating with others through this book. In doing so he is proving himself as that trusted advisor.
When writing a book review for Forensic Focus, they specifically tell you they don’t want the review to turn into a promotion for the book. As I write this review, I feel like I must keep finding words to neutralize the sound of my review. The bottom line is, I would have no problem in promoting this book, because it effectively serves its purpose. It is not a textbook, where I’m going to get the step-by-step instructions for recovering part of an email or image. I’m not going to learn how to forensically image a server either. The book gives me ideas on multiple topics that will come up through the course of different individuals’ duties in digital forensics.
The reason bringing people together is so important is because we all do things differently. The methods I have for a case may not be as effective as the ones another investigator uses. But having read this book, I may come across a case where a forensics expert is going to testify at trial about the process used in the case and that expert will call certain things into question. I remember Anna Albraccio detailing the process of obtaining accreditation for her digital forensics laboratory. Before that article I don’t know if I would have thought about designing questions for an attorney to ask about the accreditation process. The article by Anna, Jason Scheid and Hannah Westwood gives an outline of the entire process. That is a guideline for research to prepare for a totally different case.
It comes down to the application of the information the book provides. These scenarios and the methods to be discussed can be adapted to many other scenarios. My personal favorite section is “It is not enough to know. You also need to educate and communicate”. This immediately made me think of the intelligence process of turning information into intelligence. Ultimately, if you can’t act, you have information. When you can act and do something you have intelligence. Information alone is nothing. It is preparing for jeopardy or Friday night trivia at Wild Wings. In this section, Robert is discussing how to turn certain information into intelligence. It takes effort and communication to take things to the next level. It is a learning process and there is no telling what you may learn through that process.
I don’t think Robert’s intent with that article was the process of turning information into intelligence. But no two cases are the same, and as I referred to this book as “thought provoking”, this article made me think of the intelligence process. It all comes down to how the reader is going to apply the discussion.
The book will serve different roles based on the experience of the investigator. The more experienced investigators will have more that they can apply the book’s discussions to. They have been through more scenarios that they can reflect on. A less experienced investigator or a student would be wise to use this book as a reference guide. The students or those getting into the field can pick the topics and run with them. It can give new ideas for them to start examining different scenarios and expand on finding additional sources.
Ultimately, Forensic Data Collections 2.0 is the start of a conversation and brainstorming sessions. Readers should brainstorm similar scenarios and see what they can add to it, or maybe what they don’t need. It is always about moving forward. And since Robert directs everything to “educate and communicate”, we should all be thinking about how we could contribute to Forensic Data Collections 3.0.
Secure your copy of Forensic Data Collections 2.0 now at forensicsbyfried.com. Exclusively for Forensic Focus visitors, enjoy a 50% discount using the code ‘forensicfocus’ at checkout. This special offer also extends to Rob’s eLearning course, ‘Data Forensics Class: Data Collections’.
