Wednesday, May 13, 2020
So You Want To Start A Digital Forensic Business
May 13, 2020
So You Want To Start A Digital Forensic Business
Pro Digital Forensic Consulting is about to embark on it’s 7th year in full-time operation. It’s hard to believe that when I made the decision to transition from law enforcement to the private sector, my little company would have come this far, servicing hundreds of clients through the years. Because of my background and the contact I have with the DF community via this blog and professional associations, I usually receive inquiries about starting up a digital forensic consultancy/business several times a year. In fact, I got another one just the other day via Linked In. And with the current state-of-affairs (Covid-19 shut down) and people’s livelihoods being somewhat in question, it seems natural that some might consider taking on a new venture. So, in the spirit of answering some of the frequently asked questions about what to expect if and when someone starts a digital forensic business, it seems a good idea to write down my thoughts and experience for future similar inquiries. To be clear, I could (and may) write a book about this topic, but this blog is fairly well-established, so it seems the appropriate vehicle for sharing these lessons learned. As a slight disclaimer, this article and the tips to follow are geared mainly toward sole-proprietor and small consulting firms. I’m pretty sure Kroll and KPMG have this figured out J.
Tip #1: Have A Supplemental Income Plan
Virtually no business starts off day 1 churning revenue and making a profit. When Pro Digital was launched full-time in June of 2014, we billed a whopping $7,800 for the from that point to the end of 2014. It would have been much less were it not for one large computer forensic case which accounted for nearly 85% of the billings for 2014. Alongside the work that went into opening a business, I was also fortunate to have some things to fall back on personally, such as part-time and/or contract work, some of which had nothing to do with forensics. The take-away here is that it’s important to have a supplemental income source that you can use to help keep your newly-formed lights on while the business is growing and you’re working on creating awareness and “buzz” for the business. The downside is the marketing and awareness campaigns for your new shingle are a full-time business in themselves, so it can be double the work. I’ll touch on marketing more in Tip #6.
Tip #2: Keep Abreast of Trends
Most of my notable work in law enforcement was working for a full-service agency on the Internet Crimes Against Children (ICAC) Task Force. Accordingly, all of my training and equipment was paid for by grants and other funding. My last year in law enforcement was in an administrative role for a small campus police department, which had no use for any digital forensic expertise, so the skill sets that I’d worked on for the previous 5+ years sat on a shelf and collected dust. When the business was launched full-time, I quickly realized how much things had evolved, changed and blown past me for the year I was not doing forensics. This is a field driven by current events and evolving technology. Try explaining the differences between and HFS+ and APFS file systems to someone who hasn’t been doing Mac forensics for a year or more. It’s a vast change and the changes don’t stop. I was amazed at how much I’d forgotten in that year and the learning curve was much steeper than I would have liked. It’s imperative to keep up to date with the field. Blogs, webinars, free training, list serves and colleagues are all great resources to keep current with what’s going on in the world of digital forensics.
Tip #3: Invest In GOOD Tools & Equipment
The start-up investment capital for Pro Digital was not a lot of money and was all self-funded. Accordingly, I did some research on tools and cost/benefit analysis on the investment in those tools and/or training. Initially, I purchased tools and equipment that wouldn’t break the bank and would get the job done. It wasn’t long before I realized that certain things will save me time and therefore, money. Along with that, it’s hard to work cases using tools no one has ever heard of before, particularly when the more tech-savvy attorneys with whom I work know the difference between one tool and another. Some of these tools I still use. Some of the software companies have basically gone belly-up and some I’ve gotten rid of over the years for one reason or another. Additionally, some tools have been purchased for case-specific needs. But the point remains that you need to invest in these things as if you were working a case for a loved-one. Would you want the analyst on your father’s case using sub-par tools that no one really uses? Probably not. Spend the money and get the good stuff. You’ll make your money back many times over. The adage is true, you have to spend money to make money.
Tip #4: Be Picky About Your Clients
When you’re hungry, everything looks like filet mignon. The problem is, if you eat everything you’re “fed”, you’ll have a host of side-effects that will be hard to manage. We used to work any and all cases that caused the phone to ring. The most notable and frequent of these are the “I’ve been hacked” cases. It is an unfortunate truth that there are many mentally ill people in the world and the internet gives them free reign to research to their hearts content and contact those whom they feel may be able to assist them in whatever issues they believe they are having, many of them tech-related. But these cases are a forensic and business quagmire. If you’re fortunate enough to get a client who will actually pay for your services, they will never be happy with the results. This could eventually have an adverse effect on your professional reputation as well. This is a reputation and referral-based business, so if you have clients that are in a position to ruin your reputation or malign you publicly, you will likely see fewer referrals over time.
As a matter of policy, Pro Digital has transitioned to a purely litigation support model. If you are not actively involved in litigation or a representative of a corporation that needs digital forensic services, we likely will not take your case. If you’ve hired a PI to work your case, we may take it as a referral from a trusted source. We don’t need anybody’s money *that* badly to work a case for someone who is obviously suffering from some form of mental illness or someone who wants to spy on their spouse to dig up enough dirt to file for divorce. This is an ethical decision, but can also lead to legal issues if you’re not careful, i.e., theft of property, theft of data, unauthorized access to personal information, etc.. Also consider that if you are the digital forensic equivalent of an ambulance chaser, eventually you’ll devalue these services for everyone, including yourself. Be picky. It’s worth it. You’ll get the clients you want and you’ll preserve your professional reputation, this much I know and have seen first-hand. The big take-away here is always ensure you have written consent from the owner and/or an order from the court to access whatever you’re acquiring and analyzing.
Tip #5: YOU Are Your Brand
Digital Forensics is a small community. Whether you are in law enforcement, have transitioned out of law enforcement or have branched into digital forensics as an arm of your IT or infosec training, we generally know each other and recognize names and faces. We also recognize when someone is either a charlatan or is pushing an obvious agenda to try and attract clients. Everything you put out for public consumption (including blog articles) is subject to scrutiny, whether it be by the DF community, potential attorney-clients, opposing counsel, referral sources and/or other professional contacts. If you have an opinion about something, make sure you’re on solid footing before getting into public discourse about it. Take this recent example from a public post on Linked In from a professional contact (name and ID redacted):
I’ve worked many independent analysis cases for criminal defense attorneys and have been appointed by the court dozens of times. I don’t know what this person is referring to, nor do I agree with their approach to putting this comment out publicly. Business is relationships and everything that you put in writing can come back to haunt you. I’ve received more referrals from my former law enforcement colleagues than I can remember over the years. Do you know why? Because I don’t take a public stand with an obvious agenda which maligns professionals. Not only would I never call out the law enforcement community as essentially being crooked and/or liars, I don’t believe that they are because I haven’t seen it in my 7 years working full time in the private sector. I have seen errors. I have seen mistakes. I have seen over-zealous investigators. But I have not seen liars. There’s also nothing “science” about this post. It’s an opinion and it’s part of an agenda to market specifically toward the criminal defense bar.
The reality of our industry is that the majority of who it serves is law enforcement and government, including government contractors. The government is generally not on the cutting edge of anything, but they’ve certainly been on the cutting edge of digital forensics. Can private practitioners access tools like Gray Key? No. But I have almost never had a need for Gray Key. Why is that? Refer back to tip #4. I virtually always get a pass code and any necessary passwords either by consent or court order. The only exception to this has been when the owner doesn’t remember the password, usually on an older device. And to be clear, about 70% of the cases we work deal with mobile devices.
When in business, it may be beneficial to remember the wise words of Michael Jordan, who still has his own shoe brand, despite being out of basketball for over 15 years. When asked at a press conference why he stays out of politics, his reply was simple: “Both Republicans and Democrats buy shoes!” Discretion is the better part of valor.
As a final point to this tip, I was in a discussion with a colleague in law enforcement recently while at a conference. They said to me very confidently “The customer is always right, so you have to do what the client says no matter what!” My reply: “No I don’t!” What’s the point? Your professional integrity and reputation is your most valuable asset in this business. Lose it and you’re done. We will not alter any facts or data in any report or testimony to counsel or their clients, period. I’m sorry if the data doesn’t support your case. The data stands on its own and is irrefutable. Truth is not fungible.
Tip #6: Market Yourself (Because No One Else Will)
When I was a member of the ICAC Task Force, I was a fairly big fish in a pretty small pond. The agency for whom I worked had less than 60 sworn officers and was in a rural area. I did all of the tech-based investigation, search warrant planning & execution, evidence collection and as time progressed and casework grew, the forensic analysis. And because many of these cases garnered a lot of public interest, the command staff frequently put me as the media relations person with these cases. I never liked it. As a cop, I considered myself a modest personality. Others nominated me for awards and I was never comfortable in the spotlight. When I launched the business, I quickly realized all of that had to change.
Because I had media contacts already in place, I offered my knowledge and experience as a local media resource for tech-related stories. For a while, I was getting multiple calls every week from local media. Because I had a lot of time (i.e., no clients) in the beginning, I also churned out blog articles virtually once a week. I issued self-written press releases and worked hard on SEO for the company’s website. I also began sponsoring several associations for litigators in my area because, as previously noted, this is a referral-based business. In short, I had to become my own cheerleader because no one else was going to do it. Furthermore, I learned VERY quickly that just having a good professional reputation and a business does not make the phone ring. If you build it, they will not come – at least not like they did in Field Of Dreams.
If you want the business, you have to go get it. And you have to keep on going out there to get it. The minute you lapse on marketing, the phone will stop ringing. This is why I’m constantly trying to add fresh content to the Pro Digital website. Having a website is great. Paying for Google ads is fine, but content is key. I had to learn this and be taught what works and what doesn’t over time. And I still make mistakes and spend money where I probably shouldn’t, but no one gave me a blueprint for running this business. Tips, advice, counsel & support? Yes. But this is such a niche business, it requires a special marketing skill set. If you don’t have it, you will likely fail. This is the biggest area I think many ex-law enforcement are not comfortable with and probably what turns many of them off to launching their own business. Quiet professionals don’t normally like the public spotlight.
Wrapping It Up
Some may read this article and wonder why on earth I would tell potential competitors how to run a successful digital forensic business? One last tip I’ve learned over the years: There’s plenty of work to go around. I find it silly that a competitor of mine seemingly reported the Pro Digital Twitter as “spam”, which caused Twitter to shut it down. I don’t want their clients. I have my own and I am fortunate to bring on new ones every month. If any of these tips can help someone be successful, I’m happy to share what I’ve learned. No one taught me these things when I started out. Hopefully by sharing some of these tips, I can pay it forward to the next old cop who wants to try his hand at something new(ish). Until then, I’m off to work the next case and hopefully clear out my backlog queue. Good luck!
Patrick J. Siewert
Professional Digital Forensic Consulting, LLC
Virginia DCJS #11-14869
Based in Richmond, Virginia
Available Wherever You Need Us!
We Find the Truth for a Living!