By: Bradley J. Bartram, Vice President of Information Technology & CTO
The other day, as I was sitting at my desk, my phone rang. The caller was an acquaintance from some years back but now works for one of the high-dollar, big-name accounting/forensic firms downstate. After we exchanged greetings and some minor small talk, he got to the point of his call. He had a team out on an engagement that got caught in a bind. They were dealing with a high availability Linux system and had to get a forensic-grade image of the system’s memory for analysis. The problem was, they didn’t have a tool that was working for them. The rest of the call was spent providing some options that his team could try and some steps they could take to troubleshoot why things weren’t working.
This call raised some interesting points that I wanted to take this space to share. First and foremost, do well known firm names really guarantee superior technical ability? Are you paying for talent or marketing? If you’ve been around in business long enough, you probably know the answer. If you peruse the traditional job websites, you can see a continuous opening for people in this specialty in these high dollar firms.
Secondly, are the people being hired to do a job up to the task at hand? Depending on your need, it may be very simple to find a qualified individual. It may also be quite difficult. Take for example the most common request we get, which is to forensically examine a user’s Microsoft Windows computer. This is normally quite a simple task – much like the oil change of forensics to use a car analogy. Depending on the specifics, there are a lot of resources available to do this task both in terms of people and software tools. As we know, working the keyboard to obtain data is only one small part of the value equation however, but that’s not my point here.
Once we leave the Windows world, things begin to get more difficult, very quickly. What happens when the engagement calls for Macintosh examination? It’s 10% of the market right now, but there are fewer than 10% of the available professionals that are comfortable enough to provide good results. How about Linux? How many professionals can provide value on this operating system and its many flavors? What about servers? We now have big hardware, storage arrays, cloud computing, virtualization, and many different operating systems and configurations. How many forensic professionals have managed big enterprise grade data stores? How many have worked with big hardware and complex software to keep it running in a mission critical environment?
When the time comes for action, your clients don’t want or need someone to extract their data who isn’t fully versed in the nuances of infrastructure – not just Windows desktops. You and your clients want someone to extract and analyze data who has a respect not only for the process at hand, but also understands how this data is important to the business and respects both the data as well as the business processes it supports.
So, who are you going to call? I would recommend the same people that the big expensive firms call when they need help…DIGITS.
Bradley J. Bartram is currently Director of Forensics & Technology at Digits.