Saturday, May 30, 2015

Pro Digital: Year One




May 30, 2015

Pro Digital: Year One

Around this time in 2014, I was driving on my 80-mile commute to my law enforcement job as a supervisor at a college police department in Hampton, VA when I suddenly realized how much I missed forensics and investigation.  The college PD didn’t have much use for the technical skills that I previously poured a lot of time and energy into cultivating and these skills, which hadn’t been used much in about the past year, were getting rusty.  It just so happened that about a year prior, I registered this “thing” called Professional Digital Forensic Consulting, LLC through the Virginia State Corporation Commission.  It was just sitting there, not really doing much, but calling me to it.  So I talked over the financial and practical implications with my VERY supportive wife and we decided to make it work.  Pro Digital was born.

From June 1, 2014 onward, I’ve been working on cultivating Pro Digital into a viable business and a valuable service for litigators, private & corporate investigators and partners in the private and governmental sectors.  If you read this blog regularly, you already know how we value adherence to the forensic methodology, finding & reporting the facts, staying abreast of changes in the industry and offering training where feasible to help foster the growth of digital forensics.  In a nutshell, this is our mission statement at Pro Digital and it hasn’t changed since inception.

I’ve learned a lot over the past year and invested a lot of time in online marketing strategies, training, networking, and of course, state-of-the-art digital forensic tools.  Some of our strategies have worked phenomenally and some have not, but that’s what learning is all about.  Go with what works and ditch what doesn’t.  Even our logo has changed somewhat, evolving from “PD Forensics” to “Pro Digital”, all in the hopes of creating a brand that will stand the tests of time.  



What hasn’t changed is our commitment to providing superior service to our clients.  Everyone should have access to affordable expert services, especially when their livelihood, freedom or reputation is on the line and we strive to offer that by keeping overhead low and maintaining regular communication with attorneys and clients.  We’ve adjusted and refined our rates based upon the market conditions to a point where we feel that we can offer a reasonable estimate of how much your case will cost after an initial consultation.  Most of our business has come from the forensic data extraction & reporting of mobile devices and, as such, we now offer a flat-rate for these services on mobile devices.  It just makes everything simpler for everyone.

From June through December, 2014, we worked 11 cases and provided 1 training course.  From January through May, 2015, we’ve already logged 16 cases and delivered 3 training courses.  We’ve also obtained Expert Witness designation in an additional circuit court in Virginia and have at least three more training courses scheduled through the end of the year.  Some of these cases have come from interesting sources, such as concerned & frustrated parents of children whom they suspect are involved in inappropriate activity online.  This type of work is something we’ve dedicated resources to and, as a parent, I’m honored that other parents feel they can trust Pro Digital with sensitive cases like these.
All of this growth is due in great part to existing client referrals and cultivation of positive relationships with the digital forensic and law enforcement training communities.  As my brother, a life-long entrepreneur says, a referral is the highest compliment that you can pay us, and we are honored to be referred repeatedly by attorneys at law firms of all sizes and areas of practice as well as contacts in private investigations and law enforcement. 

As 2015 progresses, I look forward to continued case work and advancing areas of knowledge by attending the High Tech Crime Investigator’s (HTCIA) Conference in Orlando, FL, on whose committee I’ve been volunteering for the past several months.  The conference schedule is full of great mobile and computer forensic offerings (among other areas) at which I’ll be front-and-center.  Keeping in line with the “Technical to Tactical” training areas that Pro Digital offers, I also hope to attend the Advanced Law Enforcement Rapid Response Training (ALERRT) Conference in San Marcos, Texas in November.  I thoroughly enjoy working with the ALERRT group and rolling out their high-level training to law enforcement all over the region.  Other 2015 highlights may include additional mobile forensic training in tools such as Cellebrite and JTAG techniques, as time and resources allow. 

I’d like to personally thank all of our existing clients who have taken the time to educate themselves about what makes a quality digital forensic service and choosing Pro Digital.  Without you, we wouldn’t be here and this endeavor would be much more frustrating.  I’d also like to thank all of our new connections in the world of digital forensics, including readers of this blog.  This online arena has seen some great interest in the past year, and especially since January, 2015.  At times, it’s garnered a little bit of controversy (I don’t think Mark Cuban is a fan), but that’s fine too, as long as it’s respectful and factual.  As 2015 moves along, we’ll continue to grow this online community and urge all of you to follow us on Twitter, Facebook and check out the Forensicator Podcast (available on iTunes and Sound Cloud).  I truly enjoy the online marketing aspect of this business and look forward to expanding interest in Pro Digital as we grow.

On a more personal note, I’d also like to thank my very supportive and loving wife.  She has allowed me to pursue this venture and agreed to be the primary bread-winner (and bill-payer) while we grow Pro Digital.  Without her support, I wouldn’t be able to do this.
Looking forward to a great second year!

Onward!

Author:
Patrick J. Siewert, SCERS, BCERT, LCE
Principal Consultant
Professional Digital Forensic Consulting, LLC
Based in Richmond, Virginia
Available Globally

About the Author:
Patrick Siewert is the Principal Consultant of Pro Digital Forensic Consulting, based in Richmond, Virginia.  In 15 years of law enforcement, he investigated hundreds of high-tech crimes, incorporating digital forensics into the investigations, and was responsible for investigating some of the highest jury and plea bargain child exploitation cases in Virginia court history.  A graduate of both SCERS and BCERT (among others), Siewert continues to hone his digital forensic expertise in the private sector while growing his consulting business marketed toward litigators, professional investigators and corporations.
Twitter: @ProDigital4n6

Thursday, May 21, 2015

The INconvenience of INfosec




May 21, 2015

The INconvenience of INfosec in the Digital Age

I often get requests from civic groups, consumer groups and the media to speak about information security (infosec) practices, trends, etc.  Although infosec is not our primary role at Pro Digital, it does seem as if there is a vacuum of individuals willing to tell folks what they should do with regard to protecting their data, even if it is just the simple things.  What I constantly try to drive home is the notion of personal responsibility with regard to your information security.  YOU are responsible for the strength of your passwords and how often you change them.  YOU are responsible for the data you put out on social media.  YOU are responsible for making sure your mobile device isn’t left unattended in a public place.  YOU are responsible for not leaving your desktop up and accessible when not at your desk.  All of these concepts (and more) really drive the point home that infosec is everyone’s responsibility. 

Being a former cop and investigator, I know there are evil people in the world.  There are just plain bad people who, if they worked as hard as they do at trying to exploit the innocent, hard-working people at a REAL job, they might actually be successful in life.  Sadly, this is not reality.  It’s because of this that I generally keep my head on a swivel, both proverbially and physically.  Even in my own home, I generally lock my desktop when I walk out of my office.  I have decent security on my smart phone and tablet.  At Pro Digital, we also make it part of our mission statement to secure our client’s data.  We take all of these measures because 1) it’s vitally important to maintaining confidentiality and 2) someone else would love to get ahold of this data and exploit it.  But is it inconvenient?  You bet!

Unfortunately, human nature is often to take the path of least resistance, which is in direct conflict to good personal information security practices.  It’s a pain in the butt to change your password every 60 days.  Encrypting your data takes time and can even slow down the speed of access of your data.  It’s hard to keep track of multiple passwords, especially if you take the recommended precaution of using non-dictionary-based words, numbers and symbols.  Multi-level verification with security words, passwords and biometrics makes logging on a longer, tedious process.  Mix all of these factors together and the fact is most people won’t do it (if they have a choice).  But as this chart illustrates, there’s a huge reason why you should do it:



Thanks to the recent Sony hack, everyone thinks our cyber-enemies are in foreign countries.  The fact of the matter is, we have plenty of cybercrime happening right here at home.  And it’s up to YOU to protect yourself.  The government won’t do it, your bank won’t do it, your company won’t do it.  Sure, they’ll put some measures in place to push you along to decent infosec practices, but when it’s all said and done, it’s up to you to make sure all of your passwords aren’t the same.  It’s up to you to put those optional security measures on your mobile device in place.  Here’s another reason:



What’s more important than your money?  You work hard for it, you save, you invest, you make savvy purchases.  Good infosec practices take less time than clipping coupons and will save you much more money in the long run.  Make sure you always know where your mobile device is.  Make sure it’s locked-down and, if it’s lost or stolen, you can wipe the data remotely.  Even though you may want to, don’t use the “quick log-on” option.  This will only increase the likelihood that someone will guess your PIN and access your account(s).
We all love convenience and indeed, convenience is one big reason why we all love our mobile devices.  But what’s more inconvenient than having your identity stolen or your credit score destroyed by someone opening accounts in your name because you didn’t protect your personal information well enough?  I sometimes use clich├ęs in this blog and this is another one of those times: An ounce of prevention is worth a pound of cure!

So what else should you do?  Take the time to come up with new passwords.  Change them often, at least several times a year (perhaps when you change the batteries in your smoke detector).  Don’t ever, EVER use the same password for all of your accounts.  Embrace and use multi-level authentication because it will protect you.  Don’t use common words or words that can be found in a dictionary for your passwords and make sure you mix up symbols, numbers and letters.  Need an example?  Let’s say your favorite color is purple and your mother’s birthday is September 25.  Instead of making your password Purple0925, try Purp13#0925.  Sometimes, it’s just that simple. 

Free wi-fi is great and it’s everywhere.  Unfortunately, you should never use open wireless networks like those found in coffee shops, restaurants and hotels.  Yes, I know this means you’ll be using up more of your cellular data on your mobile device, but trust me, open networks are fodder for hackers and quite easy to compromise.  Think of how a packed Starbucks or a crowded hotel is a target-rich environment for someone who knows what they’re doing.  At home, make sure your wireless network is secure and using a password scheme similar to what is mentioned above to connect.  Hide and don’t broadcast your network so anyone connecting to it needs to know the specific name and password to log on to the network.  If someone sitting outside your home can access your network, in theory they can access every single device connected to the network including mobile devices, laptops, desktops and gaming systems. 

When making purchases online, use a credit card with ID theft protection.  Don’t make purchases from websites that are from countries that may have opposing interests with the US or western ideologies.  Most internet browsers offer a very definitive symbol to let you know they’re using good security, so pay attention before you input and send your credit card information, it should be easy to tell when you look in the browser bar.  On mobile devices, only make purchases through verified, trusted apps.  This is generally less of a problem on Apple devices than on Android devices because Apple vets all of the apps on the App Store and holds developers to a standard.  Android apps can be open-source which means they can be made and posted by virtually anyone.

Good infosec is everyone’s responsibility, but first and foremost, it’s yours.  Larger companies and banks have armies of data security experts on their side to help you, but even they sometimes get beat.  And no one wants to be a victim, so let’s all agree to do whatever we can do to prevent it, right here and now.  The encroachment of digital devices for every aspect of our lives is only going to increase.  Make the decision now to be a responsible user of the technology

Author:
Patrick J. Siewert, SCERS, BCERT, LCE
Principal Consultant
Professional Digital Forensic Consulting, LLC
Based in Richmond, Virginia
Available Globally

About the Author:
Patrick Siewert is the Principal Consultant of Pro Digital Forensic Consulting, based in Richmond, Virginia.  In 15 years of law enforcement, he investigated hundreds of high-tech crimes, incorporating digital forensics into the investigations, and was responsible for investigating some of the highest jury and plea bargain child exploitation cases in Virginia court history.  A graduate of both SCERS and BCERT (among others), Siewert continues to hone his digital forensic expertise in the private sector while growing his consulting business marketed toward litigators, professional investigators and corporations.
Twitter: @ProDigital4n6

Thursday, May 14, 2015

Pro Digital: Frequently Asked Questions



 
May 14, 2015

Pro Digital: Frequently Asked Questions

Recently, a colleague in the eDisovery field was talking to me about another prolific blogger.  The blogger in question had a simple theory to his blogs: Answer the questions people have about your business and you’ll not only foster good relationships built on trust, but also have more well-informed clients. 

This made a lot of sense to me, so at the risk of being repetitive, here are some Frequently Asked Questions that people often throw at us with regard to our services, rates, etc. 
You can also find these F.A.Q.s and other information about Pro Digital Forensic Consulting on our website: www.ProDigital4n6.com

 

 

Q:  Who are your main clients?

A:  Our main clients are attorneys who have been retained in legal matters ranging from criminal defense to intellectual property cases to employment disputes and domestic matters.  Our services also cater to Investigative Professionals, both in private and governmental service.  We also offer our public sector clients free consultation for law enforcement and prosecutor's offices and greatly value our partners in government.  Other areas where Pro Digital Consulting may add value are:

  • Companies conducting internal audits/ forensic accounting investigations 
  • Internal, civil and/or administrative cases where disputed records are stored electronically, 
  • Individuals seeking to recover and document lost and/or questioned data from computers and/or mobile devices and (see disclaimer below)
  • Corporations who wish to retain, preserve and secure their old data in a safe manner.

With our history of public service and dedication to helping young people make good decisions in their online activity in the digital age, we also offer services for concerned parents at greatly reduced rates.  These services include data extraction and analysis of your child's mobile device or computer usage and reporting back to you to make sure there are no issues you may need to address as a parent.  Please visit this page for more information on these services.

While we recognize the need for individuals to obtain data in various forms, we generally do not accept clients who are not formally represented by an Attorney and/or who have not retained a Private Investigator.  The main exception to this is our services for concerned parents, detailed further on this page. If you are interested in a referral to an attorney or private investigator prior to Pro Digital taking your case, please contact us. 

Q:  What are your rates?

A:  Because every case is different, Pro Digital Consulting has adopted a fee-based rate schedule which depends upon particular case need.  Most mobile (cell phone, smart phone, tablet) examinations range from $1000.00-$2000.00 per item, depending on the scope of the examination.  Computer forensic (PC/Mac) cases are billed at a rate of $175.00 per hour.  It is roughly estimated that computer forensic examinations take about 10 hours per device/piece of media/hard drive.  However, with ever-growing access of big data technologies for end users, those time estimates may increase.  

Cases and media examined in bulk may be negotiated at a different rate.  Feel free to contact us for an independent case needs assessment.   

Case assessments vary in scope and complexity and are therefore billed on a case-by-case basis, but rates generally start at $500.00 and increase depending on need.

The Pro Digital staff serves clients locally in Central Virginia and is available to travel virtually anywhere to facilitate data acquisition and assist with your case.  Certain travel expense rates may apply, depending on location.  Additionally, because of the portability of many digital devices, it is always possible to ship an item(s) to us while still preserving the chain of custody and for added convenience to our clients. 

Testimony in court, depositions or administrative hearings are billed on a per diem basis with routine expenses charged for cases taking place in other states.  Please contact us for a case-specific assessment so we may tailor a rate for your needs.

Q:  What tools do you use?

A:  We strive to offer the best and most state-of-the-art forensic tools available on the market.  Many hours of training and research go into our decision to invest in a particular tool which we feel may be of utmost benefit to our clients.  Among the tools we are proud to offer are Cellebrite Universal Forensic Extraction Device (UFED) and Lantern by Katana Forensics for mobile forensic cases.  For stand-alone computer forensic cases, we primarily incorporate Xways Forensics and supplement with Internet Evidence Finder by Magnet Forensics, as well as some open-source tools.  All tools are independently tested and validated and updated regularly.

Q:  Do you offer any reduced rates and/or Pro Bono services?

A:  Yes.  It is our philosophy at Pro Digital Consulting that everyone deserves a fair trial and access to high-quality expertise and competent representation.  Toward that end, we offer reduced rates and Pro Bono services to clients who have previously qualified for indigent or court-appointed defense.  Above all, we believe in the methodology of digital forensics and that the data doesn't lie.

Q:  My data is very sensitive.  How do you ensure confidentiality and security?

A:  In the digital era, most people rely on their devices to hold the keys to the most valuable parts of their lives, such as banking information, passwords and/or client contact information.  As part of our mission statement, we will keep any and all findings in our examinations in the strictest confidence and see this as a vital part of our service.  We go further by not only physically securing digital media evidence, but also by encrypting the acquired data to prevent any outside parties from unauthorized access.

Hopefully, this snapshot has given you some good info about what we do, the tools we use, our rates and even some of our philosophy.  
Thanks for reading!
Author:
Patrick J. Siewert, SCERS, BCERT, LCE
Principal Consultant
Professional Digital Forensic Consulting, LLC
Based in Richmond, Virginia
Available Globally

About the Author:

Patrick Siewert is the Principal Consultant of Pro Digital Forensic Consulting, based in Richmond, Virginia.  In 15 years of law enforcement, he investigated hundreds of high-tech crimes, incorporating digital forensics into the investigations, and was responsible for investigating some of the highest jury and plea bargain child exploitation cases in Virginia court history.  A graduate of both SCERS and BCERT (among others), Siewert continues to hone his digital forensic expertise in the private sector while growing his consulting business marketed toward litigators, professional investigators and corporations.

Twitter: @ProDigital4n6