Here’s a selection of questions I get on a regular basis, as a freelance digital forensics inspector and analyst, and specialist.
What does a digital forensics specialist do?
I extract data from cell phones and computers, and analyze it for the purpose of a civil or criminal case. I write up a report on my findings, which may be included as legal evidence for the case.
What training do you have? What are your qualifications?
I have a Master’s Degree in Computer Science with a Focus on Security from Boston University (2017) which trained me on file systems, extraction methods, and the legal aspects of data acquisition and analysis.
Do you take on criminal or civil cases?
I have taken on both criminal and civil cases, with a slight majority (about 60%) being civil cases.
What areas have you worked in most?
The areas I’ve worked in most are:
- Data theft
- Breach of contract
- Wrongful termination
- Insurance fraud
- Child pornography
This is not a complete list, just the highlights.
Who do you work for?
I work on a freelance basis, and only on cases where I feel my services will be of actual assistance.
Do you work for prosecution or defense?
I take both types of cases, but the majority have been defense, largely because the prosecution is often the state and they have their own digital forensics analysts.
What is the process for data extraction?
Data extraction is performed differently on phones and computers.
- Phones: I attach the phone to my computer via a cable, and use software on my forensics computer to pull the data from the phone. This ordinarily takes around 2-3 hours, depending on the amount of storage on the device. Then I return the phone to its owner and perform the analysis on the data I’ve extracted.
- Computers: I attach an external drive to the computer, and extract the data from the computer onto the drive. Then I can return the computer to its owner, and perform the analysis on the data on the drive.
In both types of extraction, the emphasis is on (a) pulling a full and complete data set from the device, (b) performing the analysis on the copy, not the actual device, and (c) returning the device to its owner as quickly as possible, especially in the case of phones.
What is the process for data inspection?
I use software to parse and search the data on the device. This is critical since modern devices often contain many gigabytes of data, and inspecting such a large volume of data manually would take an inordinate amount of time.
My go-to software is Cellebrite Inspector, but I have access to numerous other tools for specific tasks, such as EXIF for photo/image inspection.
Can you testify as an expert?
I have testified in the past, and am always willing to back up any of my work or reports with expert testimony. To back up the veracity of my statements, I have a Master’s Degree in Computer Science with a Focus on Security, and have passed security clearance when needed.
Who can hire you?
I take cases only through lawyers.
One exception is that I will take cases from individuals who have recently lost a loved one and wish to have the data on his/her cell phone or computer analyzed to get more clarity on how and why. In such a case, I will ask for proof that the individual has the rights to the phone or computer.
I most emphatically do not take on investigations of a living spouse’s phone or computer without their permission or a court order, for any reason.
Can I call for a consultation?
Yes! I am always happy to discuss your case, and the role that digital forensics may or may not play in it. The first call (and often the second) is free, and I will give you my honest opinion about whether I can help you, and if not, I will try to point you in the right direction.
What happens if I decide to hire you?
The first thing we’ll do is discuss the scope of the work and come up with a time estimate. Then we’ll sign a short agreement and you’ll pay a deposit, usually 50% of the total estimated.
Then you send me the RFP or court order, and also the complaint. If I have questions about the RFP, we work together to resolve them before I begin work.
Then I provide a list of the tasks to be performed, and a rough time estimate for each. As the work progresses, I keep you apprised of how much time is spent on each step, especially if roadblocks come up that make a step take much longer than expected. We work together to resolve these issues.
I produce a preliminary report for you, and you can request that the report include/exclude privileged or irrelevant data, or request a different format. The goal is a report that you can read, refer to, and use to forward the case.
When the job is done, I return any of the funds not used.
What is your rate?
My standard rate is $300/hr, with a lower rate for longer jobs or repeat business.