Pro Digital is Joining ArcherHall

September 1, 2022

I built something someone wants. So, I sold it to them.

When the happenstance came along that I was introduced to the CEO of ArcherHall, a Sacramento-based nationwide provider of litigation support and eDiscovery services, I took it in stride. We had a great call, but I had no expectation that it would blossom into anything. It did, and over several months of discussions we came up with an exciting plan for the future that works well for everyone.

So here’s what’s changing: Not much. 

I will continue to serve current and future clients in the role of Director of Digital Forensics and eDiscovery for ArcherHall out of the former Pro Digital office & lab in the West End of Richmond, VA. We have worked very hard to cultivate the relationships with the attorney-clients with whom we work consistently, and it is our goal to continue to foster those relationships for years to come. Professional Digital Forensic Consulting (dba Pro Digital) will cease to exist as a business entity, and I will join ArcherHall. Because ArcherHall has more financial backing and people performing the casework, the analysis work on future cases will have the benefit of a team of experts working on them with expanded capabilities of tools, training, experience, and knowledge. It’s a win-win for our current and future clients.

I will continue to teach as much as possible at the University and private sector levels. I thoroughly enjoy teaching and it’s a great “side-hustle”. This blog may be moving, but it will still exist. There are a few other exciting things on the horizon regarding publications, which I’ll announce on my personal Linked In and personal Twitter feeds. I will stay an active and vocal member of the digital forensic community and hope to be able to contribute more as I will not have the time investment overhead of running a business on a daily basis.

That’s the biggest part that will be changing: The administrative side of running a digital forensic consultancy will largely be removed from my responsibilities. Clients can expect more structure, team-based communication and an overall more immersive and responsive experience from me and ArcherHall.

The natural question that would be posed is “why?”  In my multiple conversations and meetings with ArcherHall’s CEO, Chief of Staff and Managing Directors, it became apparent that we share the same approach and values in our role as digital forensic service providers.  Those values include integrity, professionalism and a service-based approach forged with an entrepreneurial spirit.  These are the core values that Pro Digital’s clients have come to expect and will remain as tenants of our practice moving forward.

I’ll wrap up this blog and personal note by thanking everyone who has helped make this possible. When I registered the LLC for Pro Digital back in 2013, I did so as sort of a lark and a fallback position. A little more than a year later, I left full-time law enforcement work and invested in Pro Digital fully and have been churning it ever since. Every close person in my personal and professional circles has helped make this possible in some way or another, from my ex-wife to my children to my current fiancée. My brother and my sister, both successful business owners who offered so much advice to help get started and stay in business. Experts in other areas of forensic services, including noted authors, other DF entrepreneurs and very smart people in our industry. Mentors at Cellebrite and IACIS and the Virginia State Police and Instructors with the Department of Homeland Security and the US Secret Service, as well as colleagues from my 2012 BCERT class. If you are reading this, you know who you are, and I am forever grateful for your contributions to the success of Pro Digital and me personally.

In closing, I’d only ask that we, as an industry, always strive to be and do better. I’m not perfect, nor am I the professional ombudsman of the digital forensic service industry. I get educated on areas of improvement regularly and take those lessons in the way they are intended. I can always learn more & do better and am regularly excited to do so. Digital Forensics as an industry can also work toward the standards of constant improvement. Our profession deserves it. Our clients and case stakeholders deserve it. And most importantly, the justice system needs it. Our industry will only grow over the coming decades. It’s incumbent upon all of us to nurture the profession and ensure that it remains a path to the truth in the cases we work.

Onward….

-Patrick

Author: 

Patrick J. Siewert

Director of Digital Forensics & eDiscovery

ArcherHall

About the Author:

Patrick Siewert was the Founder & Principal Consultant of Pro Digital Forensic Consulting, based in Richmond, Virginia (USA). In 15 years of law enforcement, he investigated hundreds of high-tech crimes to precedent-setting results and continues to support litigation cases and corporations in private digital forensic practice. Patrick is a graduate of SCERS & BCERT and holds several vendor-neutral and specific certifications in the field of digital forensics and high-tech investigation and is a court-certified expert witness in multiple digital forensic areas. He continues to keep in touch with the public safety community as a Law Enforcement Instructor and Adjunct Professor at Virginia Commonwealth University.

Email: psiewert@archerhall.com

Twitter : @RVA4n6 

Web: https://archerhall.com 

ArcherHall on LinkedIn: https://www.linkedin.com/company/archerhall/ 

Patrick Siewert on LinkedIn: https://www.linkedin.com/in/patrick-siewert-92513445/ 

How to Deal with Difficult Clients as a Digital Forensic Examiner

 

How to Deal with Difficult Clients as a Digital Forensic Examiner

Businesses large and small often have the unfortunate occasion where they must deal with a difficult client.  In the world of digital forensics, this is no exception. It is essentially how you deal with them that matters.  Truth be told, most of us know that this is not always an easy task.  We often work with attorneys on behalf of their clients.  That being said, in our field, we have the occasional clients that represent themselves, however, a majority of clients are the attorneys which represent another individual(s).

There are several strategies to take into consideration when working and dealing with “difficult” clients.  In truth, there will be some clients that will be difficult regardless of what is done to remedy an issue they may present. However, many difficult situations can be potentially averted if certain steps are taken to minimize any potential issues that could arise. 

1.      Set clear concise boundaries and expectations.  If a client knows where you stand from the beginning of the business relationship, there is likely to be less confusion, deterring an angry client.  Items such as cost, schedule, deadlines and requirements are crucial in this step.  Each case will vary to one degree or another, therefore, those stipulations should be discussed in the initial meeting and put into a contract that all parties sign and date if agreed upon.  It should be noted that if a complication in a deadline arises, it should be addressed immediately and not held until the last minute.  This is applicable for ALL parties in the case.

2.      Be professional.  It is sometimes easy to get emotional in litigation, especially if you feel attacked on a personal level. It is best to remain calm and talk to the client in a professional matter, regardless of the manner to which they choose to respond.  In the field of digital forensics, we are often sought out for a specific task.  How you react to a difficult customer can impact not only your business, but your reputation as well.

3.      Document, document, document!!  As previously stated, not everyone will be happy with a resolution proposed.  There may be instances that arise that you may not have an immediate solution for an issue that pops up.  This is where documentation is critical.  Just as when performing an analysis from beginning to end, documentation is the backbone to cover yourself.  This is no exception. 

4.     If a mistake is made, own it!  Naturally, no one likes to admit they made a mistake.  We are human, mistakes happen.  However, trying to pawn the blame off on someone else, including the client, will do nothing but produce friction.  It is best to be upfront and honest about the mistake, address it and work on a solution to fix it.  Of course, the opposite can also apply in this situation.  If a mistake is made and it was not any fault of yours, do not take the blame on yourself.  This causes a divide in the business relationship.

5.     One big thing…If the client is so difficult that there is no solution that pleases them, know when to walk away.  Do not be afraid to let them know that their behavior will not be tolerated. Digital Forensic Examiners have a specialty that other seek out.  No one should be disrespected in the workplace. 

NOTE:  In the world of digital forensic cases, examiners are accustomed to the technology and forensic programs we work with daily, so often we tend to speak in terms that we understand without realizing that our clients are not as versed in such, making this confusing for them and leading to further frustration.  We must always remember to take this into consideration at the beginning of any professional relationship to lessen the possibility of frustration for all parties.

Wrapping It Up

In today’s business world, having a difficult client is almost a certainty.  How a business professional handles a difficult client makes all the difference.  At the same time, every individual deserves a modicum of respect. You cannot be afraid to walk away from a situation if you are put in a situation that makes you uncomfortable.  Your reputation and business could be on the line as a result of how a situation is handled with a difficult client.  As with any relationship, whether it be personal or professional, constant open communication and boundaries are key to the successful relationship between the service provider and the Client and/or attorney handling their matter.

Author: 

Tami Smith

Digital Forensic Examiner

Professional Digital Forensic Consulting, LLC 

Virginia DCJS #11-14869

Based in Richmond, Virginia

Available Wherever You Need Us!

 

We Find the Truth for a Living!

Computer Forensics -- Mobile Forensics -- Specialized Investigation

About the Author:

Tami Smith is a Digital Forensic Examiner and Consultant of Pro Digital Forensic Consulting, based in Richmond, Virginia (USA).  An Army Veteran, she is a Suma Cum Laude graduate of Computer Forensics and Digital Investigations, she has had the opportunity to practice in the field, examining civil and criminal cases with the discipline of her military experience.  Tami holds vendor-neutral and specific certifications in the field of digital forensics and high-tech investigation and is also a Private Investigator in the state of Virginia. She continues to hone her digital forensic knowledge, education, and experience in the private sector.

Email:  Inquiries@ProDigital4n6.com

Web: https://ProDigital4n6.com

Pro Digital Forensic Consulting on LinkedIn: https://www.linkedin.com/company/professional-digital-forensic-consulting-llc

Tami Smith on LinkedIn:  https://www.linkedin.com/in/tami-smith-1b28ab29/

 

Keys To Success in Digital Forensics: Incident Response vs. Litigation Support

February 22, 2021

Keys To Success in Digital Forensics:  Incident Response vs. Litigation Support

Digital forensics as a practice and as a service has been evolving for since its inception.  Among the evolutionary explosions we’ve seen in the field are the hardware, the size of data repositories, the data storage technology and the tools we use to acquire and analyze the data we come across in our analysis cases.  The advent of remote work, cloud data storage, universal use of email and internet-based applications and the development of bad actors on a worldwide scale has confirmed that the field of digital forensics will be not only present, but necessary now and well into the future.  We’ve also seen offerings in academia growing with colleges offering coursework in both undergraduate and graduate programs focusing on digital forensics.  What is sometimes overlooked, however, is the nuance that there is more than one path within the field of digital forensics.  So which path will you choose:  Incident Response (IR) or Litigation Support?

Incident Response Path

To help to identify which path is appropriate, it’s probably best to first define the particular path.  Digital Forensic Incident Response (DFIR) is defined loosely by a myriad of online resources as incorporating digital forensics techniques to identify bad actors at the heart of malicious attacks on networks networks and systems.  This can include malware/spyware infections, hacker attacks, data theft, data leakage, etc.  This is often referred to as an arm of Cybersecurity and is part of what many cybersecurity professionals do.  But all one has to do is look up jobs for a Cybersecurity Responder or Engineer to read the litany of responsibilities that are associated with these positions to realize that it is truly only one part of the listed responsibilities.  I’m often boggled when I search for job openings in Digital Forensics and find the dozens of listings that have very little to do with digital forensics at all, but because the job of a DFIR responder is partially to deal with these incidents, forensic response is listed as one of the desired skills.  The argument could be made that the forensic component is a dedicated position in itself.

Regardless of that, the work of a DFIR responder is somewhat different than that of a litigation support professional in several ways.  First, the manner in which you acquire the data to be analyzed can be very different.  It is a common practice in IR work to acquire logical data from a network repository for analysis and not a “dead box” physical acquisition of the data.  This is a practical consideration because networks in enterprise environments can’t be shut down for a physical acquisition.  Many times, network logs, Windows event logs, registry entries and IP log files play a crucial role in determining who is responsible for the incident.  Acquisition and analysis of these logs can be tedious and may only lead to part of the conclusion about what happened.  The job of an IR digital forensic professional is absolutely necessary, particularly in large corporations and those that store sensitive personal information.  We hear about data breaches of personal information almost weekly and security-minded practitioners struggle with constant pulpit-pounding of good practices leading to good security.  

Regular readers of this blog know well that I put forth regularly that “forensics” means the acquisition, analysis & reporting of facts associated with the data in such a manner that is presentable in a Court of Law.  While it is no doubt possible that an IR professional could work a case that would lead to litigation, it is far less likely than in the litigation support realm.  As such it’s probably safe to say that IR practitioners could reasonably be more on the technical side than the presentation & explanation side.  However, every incident has at least one stakeholder, so the ability to explain very technical matters to very non-technical people is still a vital skill.

Litigation Support Path

It’s probably safe to say that when many people decide on a Digital Forensic course of study, they probably think of litigation support as their main path, probably due to the romanticization of the field in TV shows like CSI.  We hear about data breaches in the IR realm all the time, but we rarely hear in popular media the outcomes of their investigations.  Litigation support can be (and often is) the exact opposite.  Most law enforcement digital forensic practitioners are involved in litigation support and do so in very high-profile incidents.  Many private companies are also involved in digital forensic litigation support.  So what does a litigation support analyst do?  We acquire, analyze and report on evidence most often specific to a particular person, company, etc.  The means by which we acquire this data often differs from the IR path because we generally have physical access to the suspect or target media to be analyzed. This means we can acquire physical repositories, instead of just logical data.  Of course, mobile forensics can be a large exception to the last statement, but generally speaking and with current technology, we are able to acquire physical memory of stand-alone computer systems and workstations.  (However, that will probably not always be the case.)

Law Enforcement works criminal litigation support by identifying a criminal suspect, seizing their electronic equipment, acquiring & analyzing same as part of their investigation and reporting about their findings.  Part of their reporting often comes in the form of formal expert testimony in court, which is one of the biggest differences between IR and Litigation Support.  It requires further refinement of the skill of presenting very technical matters to very non-technical people.  

Private companies who engage in Litigation Support also have a similar approach to casework, but work Civil disputes as well.  These civil cases may be everything from divorce/custody matters to intellectual property theft to employment disputes to independent analysis in criminal defense cases.  No matter the court of the case at hand (i.e., criminal or civil), the litigation support professionals seek to add clarity, value and definition to the matters they work as part of the adversarial justice system.  

Similarities between Incident Response & Litigation Support

We’ve highlighted the main differences between IR and Litigation Support, but there are naturally many similarities.  The basic knowledge of how data is stored and analyzed is probably the largest similarity.  Both paths need to have a good basic understanding of data storage and forensic implications thereto.  Another similarity can be in the tools we use.  Fortunately, most modern and popular digital forensic tools, whether open source or proprietary, are capable of handling both IR and litigation support work.  The nuance factors in with the examiner’s ability to properly use the tool, given the particular type of case or incident.  Some forensic tool vendors like to say their tool has “been validated in Court”.  This is a misleading statement.  Tools don’t get validated in court.  Examiners get qualified as Experts in Court and their findings are validated because of their requisite knowledge, skills, abilities and experience.

Finally, the most important part is that the approach philosophy is and needs to be the same across the digital forensic spectrum.  In every case, we operate on the approaches of objectivity & neutrality, analyzing the data as the data is presented to us and never allowing personal bias or beliefs about the suspected parties involved to cloud our ability to prove or disprove what happened.  Digital Forensics is a scientific discipline.  It requires us to constantly evaluate evidence in a neutral environment to arrive to a conclusion of fact.  As experts in the field, we are afforded the ability to draw conclusions based upon our knowledge and experience, even if the data doesn’t explicitly show us what those conclusions are.  But those conclusions are always supported by the data and never created out of conjecture or bias.  

Wrapping It Up

In every field, there are nuanced sub-sects.  If one decides to be a doctor, they can become a surgeon or a psychiatrist.  If one decides to be a lawyer, they can become a corporate risk manager or a criminal litigator.  The refined skill sets for the two paths within the same field are where the differences lie and Digital forensics is no different.  There are nuances within the two paths of Incident Response and Litigation support that dictate which skills will be highlighted and which will be of less value to hone and refine.  Knowing the difference is key to the practitioner’s success, particularly early in the field of practice. Can a DFIR practitioner choose to switch between IR and Litigation support (or vice-versa)?  Absolutely!  Many litigation support professionals from law enforcement retire to work for IR shops.  The take-away here is to start the thought process about which path is the best fit for you.  Ultimately, everyone involved the practice of digital forensics wants to get to the heart of the matter, just like all doctors want to help their patients and all lawyers want to serve their client in the best manner possible.  So do some soul-searching and drill down about what path you’d like to choose.  And as a wise man once said, “Go with your gut, but use your head!”

Author: 

Patrick J. Siewert

Principal Consultant

Professional Digital Forensic Consulting, LLC 

Virginia DCJS #11-14869

Based in Richmond, Virginia

Available Wherever You Need Us!

We Find the Truth for a Living!

Computer Forensics -- Mobile Forensics -- Specialized Investigation

About the Author:

Patrick Siewert is the Founder & Principal Consultant of Pro Digital Forensic Consulting, based in Richmond, Virginia (USA).  In 15 years of law enforcement, he investigated hundreds of high-tech crimes to precedent-setting results and continues to support litigation cases and corporations in his digital forensic practice.  Patrick is a graduate of SCERS & BCERT and holds several vendor-neutral and specific certifications in the field of digital forensics and high-tech investigation and is a court-certified expert witness.  He continues to hone his digital forensic expertise in the private sector while growing his consulting & investigation business marketed toward litigators, professional investigators and corporations, while keeping in touch with the public safety community as a Law Enforcement Instructor.

Email:  Inquiries@ProDigital4n6.com

Web: https://ProDigital4n6.com

Pro Digital Forensic Consulting on LinkedIn: https://www.linkedin.com/company/professional-digital-forensic-consulting-llc

Patrick Siewert on LinkedIn:  https://www.linkedin.com/in/patrick-siewert-92513445/  

2020 Key Influencers in DFIR

October 6, 2020

2020 Key Influencers in DFIR

One of the things I enjoy most about the field of digital forensics is that it’s a community of people who all generally have one set of goals in mind:  Find the truth, get to the facts, uncover the evidence using tried & true methods and present those findings to an ultimate finder-of-fact, whether it be a corporate CEO, an attorney/client, a prosecutor/judge/jury or whatever the case may be.  We encounter daily challenges in our work and we collaborate relatively well because as the technology evolves, so do our approaches to the various challenges need to evolve. 

 
Like many industries, there are influencers – those who contribute to the profession in ways that go far above-and-beyond typical members of the community, whether it be by sheer volume of notable work, publications, time & effort put forth, etc.  In digital forensics, those influencers may stand out even more because of the exclusive and specialized nature of the work we do and the relatively small community in which we work.  Some are daily contributors while some share their knowledge and experience with a measure of humility or quiet dignity.  I’ve chosen to highlight five such personalities in our industry for this article.  They have not paid me, I don’t know all of them personally and I may never have even spoken to one or more of them, but their contributions to our field are valuable and deserve recognition.  In compiling this list, I attempted to run the DFIR gambit of key computer forensic influencers, mobile device forensic influencers, incident response influencers and those who may influence all of the above and/or a different specialty that is more on the periphery of our industry.  So, at the risk of spawning much heated debate, let’s go!

Key Influencer #1:  Eric Zimmerman

If you don’t know Eric Zimmerman and his contributions to our community, you’re at a decided disadvantage.  A former FBI Special Agent and government forensicator, Eric has been contributing his vast knowledge and expertise to the DFIR community for many years.  I was first introduced to his wealth of knowledge and generosity when he released OS Triage, a free tool for law enforcement examiners to quickly triage and identify evidence on-scene that may (or may not) contain illicit images.  The tool was simple, effective and really useful to those of us who 1) didn’t want to spend time analyzing evidence that wasn’t relevant and 2) had limited physical space in which to store such evidence.  Since then, Eric has developed other free tools such as Shellbags Explorer and Timeline Explorer, all of which most of us have used in one case or another (or a few dozen).  I personally love Shellbags Explorer for, well… Exploring Shellbags!  It does a great job at graphically representing the folders that have been touched by the user to help belay any argument that someone else did it.  Among the offerings on Zimmerman’s Github are Link File Parser, MFT Parser, Volume Shadow Copy Mounter and more.

Now with Kroll, Zimmerman continues to create and share tools with the community that are exceptionally useful in conducting varying types of analysis (oh, and they’re free).  The Kroll Artifact Parser & Extractor (KAPE) is a fast, flexible way to find, extract and analyze artifacts in your case.  Simply put, it’s the next generation of free tools from Zimmerman and it is being used daily to help examiners save time and find the evidence they need.

  
As an X-Ways Forensics user for the past several years, I’ve also found the book X-Ways Forensics Practitioner’s Guide -- which Zimmerman co-wrote with another awesome influencer, Brett Shavers -- to be an invaluable resource.  Sure, I’ve been through the XWF Level 1 & 2 training, but sometimes I don’t remember every single tidbit of the 56 hours or so of those courses, so this book is a super helpful reference guide for both new and experienced XWF users.  I think both Zimmerman and Shavers would tell you that if you’re not using X-Ways Forensics in your PC analysis, you’re wrong :).

I’d also be remiss if I didn’t mention Eric’s participation in the IACIS list serve.  If anyone has a question, Eric frequently chimes in with a pointed, yet helpful response.  Heck, sometimes he even makes me laugh!  We are truly a better community for Eric being a part of it and sharing his vast knowledge, skills & abilities with us all.  

Key Influencer #2:  Heather Mahalik

I’ve never met Eric Zimmerman in person, but I have met Heather Mahalik in person and we’ve had a few email exchanges over the years, including one surrounding this exchange with Shark Mark Cuban.  A former government examiner, Heather now works with mainly with Cellebrite as a consultant and SANS instructing their mobile forensics courses.  A virtual bottomless well of knowledge about mobile device forensics, Heather has also co-written the book Practical Mobile Forensics, which is another must-have in your reference library if you’re going to be conducting analysis on mobile devices.

As far as helpfulness, willingness to share their knowledge, ability to test theories and publish the findings we need to know in the ever-changing landscape of mobile forensics -- and just plain giving back to the community -- I’m not sure any influencer in our industry is as generous as Heather.  Heather’s ongoing blog, Smarter Forensics frequently jumps on the most current issues with testing of new operating systems and/or applications, validating the findings and putting the initial impressions and impact on our industry in a simple, concise, easy-to-understand format (example, see her blog on iOS 14 here).  

Also very active on the IACIS list serve, Heather always seems willing to answer any questions members may pose, particularly with regard to the functionality of Cellebrite and the tool’s ability (or lack thereof) in decoding, parsing, searching, etc.  Anyone who does mobile device analysis can see why Cellebrite hired her – In addition to being a virtual walking encyclopedia of mobile forensic knowledge, she’s a terrific ambassador for the company and vocal proponent of all the great things we can analyze, report and testify upon with regard to mobile device evidence.  She also hosts a regular webinar, discussing current trends in forensics.  She truly gives of herself, her time and her knowledge to help us all out consistently and is clearly passionate about our field.

Key Influencer #3:  Harlan Carvey

Harlan Carvey is sadly another influencer I’ve never met -- which is odd because he lives about a half an hour from me – but I digress.  Harlan has been in the DFIR game virtually since leaving the USMC.  Included in his resume are heavy-hitters like IBM, Nuix, SecureWorks and Crowdstrike, to whom he’s referred me and my clients several times. Harlan is probably best known for his books and his contribution to the community with free/open source tools like RegRipper.  Another walking encyclopedia of incident response knowledge, Harlan has penned the books Windows Forensic Analysis, Investigating Windows Systems, Windows Registry Forensics, Perl Scripting for Windows Security and Digital Forensics With Open Source Tools (to name a few).  Basically, go on Amazon and type in Harlan Carvey.  Correction:  he’s not a walking encyclopedia of Windows Forensics, he wrote the encyclopedia!  

Harlan has also contributed to our community with his free, open source toll, RegRipper, which does exactly that – rips through your (exported) suspect system registry files to present a clear, concise view of the artifacts contained therein.  While many of us don’t, it’s true that you can perform forensic analysis on PC (and Mac) systems with mainly open-source tools and if you’re going to do that, I suggest that RegRipper be one of your main, go-to tools in the toolbox.  It’s a fantastic contribution to our community.  Also on Harlan’s Github are presentations that he’s given and other tools/tips that he has shared for the benefit of everyone.  

Keeping in line with the “giving of self” theme that is a large component of a contributor to our community, I recall reading a proverbial “tip of the hat” about Harlan, which I believe was written by the aforementioned Brett Shavers.  He stated that Harlan never hesitated to answer his questions and give him guidance.  He was always open, willing and gracious (paraphrased).  I have also seen a bit of this from Harlan myself.  He frequently contributes substantively to conversations on LinkedIn and provided some welcomed guidance to me personally with regard to launching into the incident response realm.  Many of our colleagues simply ignore requests or don’t have the desire to take the time.  Harlan is not one of them.  He is thoughtful and generous… And he’s forgotten more about incident response than I’ll probably ever know.  Harlan also wants you to contribute.  He truly recognizes DFIR as a collaborative community, so if you can pitch in to make RegRipper a better tool, Harlan wants to hear from you!

Key Influencer(s) #4:  The Hawk Analytics Team

Ok, I recognize that a for-profit company may come with a bit of an asterisk on this list, but stick with me…
I’ve been acquainted with the folks at Hawk Analytics for several years and have attended their training. In case you’re not familiar, Hawk Analytics makes a tool for cellular records analysis called CellHawk, which helps analysts map and display cellular and other location records. The tool also helps identify known associates by phone number, frequent locations, patterns of usage, incorporates an animated timeline of usage and more.  If you are involved in the analysis and mapping of any records with date, time and GPS coordinates – like records for ankle monitors for sex offenders or those out on bail or parole – CellHawk is a must-have tool.  It’s robust, flexible and keeps improving.

  
But what separates the Hawk Analytics team from others in the industry is their passion and dedication to getting to the facts.  They do not speculate about things which they are either not trained in or the tool isn’t equipped to handle.  Many analysts who are involved in these types of cases erroneously attempt to estimate radio frequency range of cell sites.  This is bad practice without specialized equipment and the team at Hawk Analytics knows this.  Founded by former cellular engineer Mike Melson, Hawk Analytics and their team genuinely have a desire to do good.  Many times behind the scenes, Mike and his team will assist agencies with search & rescue to help find missing and/or endangered persons, despite having families of their own and the obligations of running a company.  Even if you’re not a CellHawk user, their team will be more than willing to discuss quirks or anomalies in your record returns or assist with interpretation based upon their vast experience.  Even though I may do independent CDR analysis for criminal defendants, they’re always willing to help because they are guided by the truth and don’t engage in conjecture or speculation.  

In the spirit of giving to the community, Hawk Analytics also has a free toolbox, which will help you identify the cellular carrier for phone numbers in your case and even compile a preservation letter or search warrant template for you at the click of a button.  Did I mention it’s all free?  Mike and his team truly epitomize professionalism and seek to make a positive difference in their own little corner of the world (i.e., their expertise).  If you value integrity in your vendors, Hawk Analytics is definitely the way to go.

Key Influencer #5:  Larry Daniel

Lastly, in a departure (and perhaps surprise to some), I’d like to give recognition to Larry Daniel of Envista Forensics as being a key influencer in our field.  Having transitioned from law enforcement to the private sector, I have known Larry both in my former life and my current one.  Some of you may not know Larry while some of you may have gone up against him in court.  To be clear, Larry and his company are essentially business competitors of ours, but that’s sort of like saying your local corner convenience store is a competitor with WalMart, as Envista is a much larger operation than Pro Digital and they conduct all manner of forensic analysis, not just digital forensics.  Regardless, I’ve come to know Larry as a savvy businessman and a very knowledgeable and formidable forensic and cellular records analyst.  I respect Larry not only for his business acumen, but for his tenacity.  Larry didn’t have the advantage of the government or a huge corporation sending him through digital forensic training – he did it all himself and learned it from the ground up.  He is, as his son and co-worker described to me once – a “serial entrepreneur”, but one that has had a great deal of success in the private sector side of our industry.  
 

Larry founded and grew Guardian Digital Forensics in Raleigh, NC and several years ago sold the company to Envista Forensics and took over as Principal Consultant of their digital practice.  Since diving head-first into the DFIR pool, Larry has published numerous articles, presented at EnFuse and multiple litigator’s conferences and authored two books – Digital Forensics For Legal Professionals and Cell Phone Location Evidence for Legal Professionals.  These books are fairly basic, but in writing them, Larry tapped into a previously uneducated audience that was severely lacking in knowledge about digital forensics and cellular analysis – criminal and civil litigators and paralegals.   I think it’s safe to say that Larry has written the book(s) on digital forensics for the private sector legal professional.

Practitioners like Larry make everyone better.  They challenge us to cover all the digital bases and make sure we know the evidence when so much is at stake, whether it be child custody, a large sum of money or someone’s freedom.  Quiet professionals like Larry are no different from the quiet professionals that work in DFIR roles in law enforcement, for government contractors and big corporations.  We all strive to get to the truth, analyzing the available evidence and utilizing our training, experience and wisdom.  

Wrapping It Up

This list of DFIR influencers isn’t all-encompassing.  For every person on this list, there are probably hundreds behind the scenes working hard to prove or disprove the incident or allegation.  We all know there are blowhards and charlatans in every industry and digital forensics is no exception.  But by the contributions of the people on this list, we are all benefitted.  It’s my hope that one day, someone can point to an article or a book that I’ve written or a major case that I’ve worked and say that I’ve contributed to the community in a positive way.  Even though all of the people on this list are still active practitioners, their legacy in our field is already carved out.  

It’s my hope that this list will continue to evolve over the next year (and beyond) and we can re-visit and tip our hats to five (or so) more influencers that make our industry great and help make us all better at what we do.  Thanks to everyone on this list for all that you do to help us improve and grow… and keep up the great work!

Author: 
Patrick J. Siewert
Principal Consultant
Professional Digital Forensic Consulting, LLC 
Virginia DCJS #11-14869
Based in Richmond, Virginia
Available Wherever You Need Us!

We Find the Truth for a Living!

Computer Forensics -- Mobile Forensics -- Specialized Investigation

About the Author:
Patrick Siewert is the Founder & Principal Consultant of Pro Digital Forensic Consulting, based in Richmond, Virginia USA.  In 15 years of law enforcement, he investigated hundreds of high-tech crimes, incorporating digital forensics into the investigations, and was responsible for investigating some of the highest jury and plea bargain child exploitation investigations in Virginia court history.  Patrick is a graduate of SCERS, BCERT, the Reid School of Interview & Interrogation and multiple online investigation schools (among others).  He is a Cellebrite Certified Operator and Physical Analyst and Instructor, as well as certified in cellular call detail analysis and mapping.  He continues to hone his digital forensic expertise in the private sector while growing his consulting & investigation business marketed toward litigators, professional investigators and corporations, while keeping in touch with the public safety community as a Law Enforcement Instructor.
Email:  Inquiries@ProDigital4n6.com
Web: www.ProDigital4n6.com
Pro Digital LinkedIn: https://www.linkedin.com/company/professional-digital-forensic-consulting-llc
Patrick Siewert LinkedIn:  https://www.linkedin.com/in/patrick-siewert-92513445/