Original Post Date: July 15, 2014
Confidentiality as an Imperative in Digital Forensics
As author of this blog and Owner/Lead Forensic Examiner of this company, I gotta tell ya… I love going to training! Some of you may have seen my tweet from my recent time at training in Boston: “Covey said we all need four basic things in life: To live, to love, to learn and to leave a legacy…” and I’ve found all four of these to be very true. I was fortunate enough to attend a training and certification course last week in a great mobile and Mac forensic tool called Lantern. Now, geeks in the industry probably know what Lantern is, what the company stands for and their unwavering support of military and law enforcement. But for those of you who don’t know, Lantern is the primary tool of Katana Forensics (see www.katanaforensics.com). In becoming a Lantern Certified Examiner, Professional Digital Forensics now offers the ability to examine primarily Apple iOS devices (iPhones, iPads & iPods), but also Android devices and Mac computers. It’s a pretty robust tool that, frankly, is a HUGE bargain, especially for a little start-up company.
As I’ve routinely found with organizations such as Katana Forensics, the Instructors were not only well-versed in the tools, but also in the digital forensic industry. One of them was also speaking about his own business of mobile forensics and his experience working with extremely high-profile clients in California… you know, celebrity-types. He emphasized the need for absolute discretion and confidentiality in these cases, which got me thinking about something I hadn’t approached as part of the mission statement of Professional Digital Forensic Consulting: Is confidentiality an imperative in private sector digital forensics?
I would offer the answer is a resounding YES! Not only are many of our clients involved in some sort of civil or criminal legal action, but we are being entrusted by attorneys, investigators, governmental agencies and even private citizens to take one of the most sensitive pieces of their lives (i.e., smart phone, tablet, computer, etc.) and dig deep into it, revealing things about them that they may not want other people to know. Think of it as a virtual diary that, in order to win a lawsuit or perhaps your freedom, you need to let a series of total strangers pour over in the hopes that they can uncover some piece of your life that is contradictory to the issue for which you have been accused. That’s some pretty powerful information and it’s a responsibility not to be taken lightly by any means. Furthermore, most of our services for the private sector are not inexpensive and, if you’re going to pay well to do a job, you must be assured that you’re buying our confidentiality as part of the package.
This topic may seem to be a “no-brainer” to most readers, but perhaps it’s something that is just taken for granted. It was this renewed realization and resolve to incorporate this mandate of confidentiality into our standard procedures which caused me to take two definitive actions: 1) if you visit our website at www.prodigital4n6.com and look under the “About” tab, you will now see a piece about confidentiality in our Mission Statement. I did this because I believe it is a basic tenant of our business and vital to providing professional, reliable services to our clients. 2) As part of all contracts going forward, there is now a Confidentiality Agreement, which both parties must sign. This hard-copy of our dedication to keeping your information safe is a firm symbol of how important the security of your data is to us and how much we appreciate and respect the trust you’ve put in us to do our job right and keep any sensitive information we uncover between us and the client.
Are there exceptions? I’m sure any good lawyer would tell you there are always exceptions. If we suddenly and unexpectedly find ourselves in possession of contraband images (i.e., child pornography) we must report it, unless properly retained by a defense attorney in advance of the investigation. There is no exemption under the law for private digital forensic examiners to be in possession of contraband images outside of very controlled environments. Aside from that, we would require due legal process in the form of a search warrant, court order or subpoena for the data or a consent agreement signed by the client or his/her designee to release the data, and even then, attorney-client privilege may extend to retained expert witnesses. That’s it. So yes, there are some very few exceptions, but you can rest assured we will keep the security and confidentiality of your data as a paramount concern and nothing, absent the above-listed circumstances, will compel us to release your data.
That is our promise to our clients and anyone who may seek to engage us for digital forensic services.
Thanks for reading… until next time!
Author:
Patrick J. Siewert
Owner, Lead Forensic Examiner
Pro Digital Forensic Consulting
Based in Richmond, Virginia
Available Globally
www.ProDigital4n6.com
