Checklist for hiring a digital forensics investigator
By AdvocateDaily.com Staff
Lawyers hiring digital forensics experts are too often relying on a Google search, then falling for cutesy company names offering geeks or nerds for hire because they don’t understand the field, says B.C. digital forensics investigator Tyler Hatch.
“We’ve taken over a couple of files recently where people have hired what they thought was a professional, and they weren’t. I can’t make sense of it except to say that lawyers frequently don’t understand what we do,” says Hatch, founder and CEO of DFI Forensics Inc.
In cases where people are accused of posting intimate photos online, installing spyware on a partner’s phone, stealing company secrets, cyber hacking, and a raft of other personal or commercial digital infractions, it is crucial that a properly certified digital forensics investigator be engaged, says Hatch, whose company has offices in Vancouver and Langley, B.C., Calgary and Toronto.
He cites a recent case in which a man was accused of posting nude pictures of his ex on the internet. She sued him, and her lawyer, looking for evidence connecting the online photos to the accused, engaged someone who described himself as an IT specialist, but he “completely botched it.”
“We were engaged by the other side for a technical issue, and I noticed when looking at the materials that there was something not right with this guy,” Hatch tells AdvocateDaily.com. “I decided to look into it further, and it turned out that not only was he unqualified, but he was basically just out to get money. He was booted off the case, but by that time, he’d already been paid.”
To help prevent others from making similar mistakes, Hatch has compiled a five-point checklist to help lawyers when hiring a forensics digital expert.
What’s in a name?
“If you’re hiring someone from a firm with ‘geeks’ or ‘nerds’ in its name, they’re probably some kind of audio-visual installer or computer repair,” he says. “They’ll be able to hang a flat-screen TV on your wall or fix your laptop, but they won’t be a very good forensics investigator. The name is a marketing term to relate a technical field to people who aren’t very technical, but it has nothing to do with forensics.”
Hire a professional with forensics credentials and experience, Hatch stresses.
“If someone is marketing themselves as an IT specialist, they’re not trained in forensics and don’t use the same tools,” he says. “When you’re acquiring evidence, it’s vital to do so in a way that is forensically sound, ensuring it can be used in court.”
Confirm qualifications, experience
“It’s important to confirm the person’s education, training and certification,” Hatch says. “Look for specific forensic certifications rather than experience testifying in court. In our field, the findings we make tend to be so black and white that we seldom have to testify in court.”
Law enforcement-grade tools
As in any trade, some tools are mandatory in forensics, he says.
“Investigating a laptop is very different from looking into a phone, and a Windows computer is not the same as an Apple laptop,” Hatch says. “Some standard tools to look for are EnCase, Cellebrite, FTK Imager and Magnet Forensics. Forensic tools are able to make a copy of a hard drive without updating any of the timestamps or interfering with the evidence in any way.
“There are free, open-source tools, but there’s a vast difference in what they can do. Our entire field developed from law enforcement, so if you’re not using that level of professional-grade technology, you’re not going to get the best results.”
Expect an honest assessment of risks
Hatch says some vendors treat potential clients as a sales opportunity, but a true forensics professional understands it’s a consultant’s game.
“Many people will sell you the benefits, but they don’t do a good job advising you of the risks and limitations,” he says. “I take great pride in advising my clients, to the detriment of the short-term benefit of my company in some cases, if there may be a 75 per cent chance that we won’t find what you want.”