Getting into Forensics
Another question I get asked a lot is how I got into computer forensics. Basically I was half asleep during role call one morning when the captain asked if any of us knew how to spell the word computer? At least that is how I remember it. What he probably asked was something like do any of you know about electronics? And I raised my hand.
As a lesson for you, if you are in law enforcement or the military Never Raise Your Hand. It probably won’t go well.
Not saying it went badly, but it did lead to me being where I am today.
During this time ATM machines had not been out very long and the criminals didn’t know how to effectively get the money out of them easily. So they resorted to all kinds of things. Throwing a chain around them which was connected to the bumper of their truck and dragging them down the road to see if they would pop open. And the classic, just put some dynamite on them and blow them up!
That last idea happened a few days before the hand raising incident in the Central Park Mall parking lot next to the bank. Little parts of the machine, the little house around the machine and of course tiny pieces of money were everywhere. Clearly they did not know how much explosive to use, and in Texas you go big or go home.
The district attorney at the time went on the news and said he was going to appoint a special “White Collar Crime Team” to look into this terrible crime wave against the machines. That ended up being me.
I was sent to the factory school for the machines so that I would know what all the pieces were when we found them, and of course so I would know how the machines worked. It was a fascinating week long class and I realized that the Pulse network the machines were tied into was work of art in itself. That knowledge would come in handy a few years later. (That story is coming soon).
Over the next few years if anything had electricity connected to it the deputies that seized the item would drop it on my desk. Along the way cell phones became a thing and I worked with several agencies to find new and interesting ways to get information out of the phones and into the courts. I spent a lot of my time teaching lawyers about what I was doing and hoping they could make a decent case in court. Some did and some didn’t.
At some point I was made aware of The International Association of Computer Investigative Specialists (IACIS). When I learned of the organization I was very intrigued and wanted to go their school, and get their certification. It took some time, but while I was assisting the federal government on a case I talked them into sending me. At that time the process went like this;
You went to a two week school in Florida which covered the gamut of knowledge about computers and forensics. The school was intense. How intense you ask? Mid-way through the second week I walked up to an ATM machine for lunch money and could not remember my PIN to save myself. I was brain fried. Oh, just to illustrate how fried…my PIN was my badge number!, a trick that way too many cops used early on. You should never walk around with your debit card PIN on your chest.
Then after a month of cooling down I started the certification process which consisted of doing an investigation a month, with full reports for 10 months. These were graded by a group of fully certified members and you were critiqued on how well you did.
Lastly you had to recover a deleted document from a hard disk. That document was a 100 essay question test you had to complete to pass. The only advice my mentor throughout the process would give me about the test was “When you think you have written enough to answer the question, write more!”
After all this I received the certification, Certified Forensic Computer Examiner (CFCE). It was the gold standard in this type of certification at the time and I was immensely proud of it. Once I had the CFCE I really felt like I was a legitimate examiner.
Since then I have completed numerous other certifications in the industry. I also helped IACIS with the certification process, mentoring new examiners and I even helped with the web site for a while and helped with the creation and sending out of the hard disk drives the students had to work on.
There is no better way to firmly embed knowledge into your head than to teach it.
I am no longer a member of the organization, but it is still out there and the classes keep getting bigger every year.