From investigating cybersecurity breaches to conducting discovery in civil litigation, the practice of digital forensics plays an essential role in many aspects of companies’ compliance, data protection, and risk management efforts. This is true for companies of all sizes and in all industries. In today’s world, virtually all companies generate and store massive amounts of data on a daily basis; and, when issues arise, being able to access and preserve data can be of critical importance.
With this in mind, as a company executive, risk manager, or in-house lawyer, your choice of digital forensics companies is extremely important. Not only do you need to choose a company that has the capabilities required to effectively locate essential data, but you need a company that can store data in a manner that preserves its admissibility as evidence in court. You also need a digital forensics company that can act quickly under emergency conditions, and that has lawyers, experts, and other professionals on staff to manage and oversee the investigative and data preservation processes. There are several other factors to consider as well. Broadly speaking, here are the five keys to picking the best digital forensics company:
Key #1: Industry Expertise and Certifications
When choosing the best digital forensics company, the company you choose should demonstrate adherence to the best practices established by the Scientific Working Group on Digital Evidence (SWGDE) and the National Institute of Justice (NIJ). These best practices touch on all aspects of digital forensics practice, but place particular emphasis on ensuring that data gathered through forensic means remains admissible in both state and federal court.
In order to demonstrate adherence to the SWGDE and NIJ best practices, digital forensics companies should have documented policies and procedures, and their forensics personnel should follow strict and systematic protocols for uncovering data, analyzing data, and handling hardware. When consulting about a potential engagement, a digital forensics company should be able to clearly delineate its methods for adhering to SWGDE and NIJ best practices such as:
- Handling and transporting hardware containing sensitive data (both company-owned and third-party);
- Maintaining industry-standard (or better) access controls to ensure that access is limited only to those who need it for purposes of the digital forensics company’s services and/or the client company’s operational or litigation needs;
- Maintaining industry-standard (or better) data security and responding to threats and attacks—including active attacks attempting to destroy data on devices within the digital forensics company’s possession;
- Maintaining and documenting a chain of custody for all data that is sufficient to maintain admissibility as evidence in both state and federal court; and,
- Documenting all other pertinent data pertaining to the digital forensics company’s investigative, preservation, and analytical efforts, including date stamps, identification of individuals involved, and location of storage or transportation.
In addition to adhering to SWGDE and NIJ best practices, digital forensics companies should also employ personnel who have current industry-standard certifications. This includes certifications such as:
- Certified Computer Forensic Examiner
- Certified Cyber Forensics Professional
- Certified Cyber Security Analyst
- Global Information Assurance Certification (GIAC) Forensic Analyst Certification
- GIAC Forensic Examiner Certification
- GIAC Advanced Smartphone Forensics Certification
- GIAC Network Forensic Analyst Certification
When choosing the best digital forensics company, it is important to consider the company’s other areas of service as well. In the vast majority of cases, companies that need data forensics services will also need corporate investigation, electronic discovery and litigation support, cybersecurity consulting, and other related services. Choosing the best digital forensics company that offers all of these services can enhance the efficiency of service delivery and reduce costs—while also facilitating a comprehensive and cohesive strategy which is far more difficult to achieve when working with multiple vendors.
Key #2: Specific Experience in Your Company’s Area of Need
Within the overall practice of digital forensics, there are many subspecialties, each of which requires its own unique knowledge base and skill set. As a result, when choosing the best digital forensics company, it is important to ensure that the company you choose has specific experience and expertise in your company’s area of need. Some examples of different types of digital forensics services include:
- Computer forensics
- Cell phone and other mobile device forensics
- Automotive data forensics
- Audiovisual forensics
- Forensic accounting
- E-discovery and litigation support
This is just a small sampling; and, within each of these examples, there are numerous specific issues with which the company’s digital forensics personnel will need to be familiar. From social media to web-based email, and from deleted files to encrypted datasets, if your chosen digital forensics company is not fully capable of addressing all pertinent considerations within the scope of its engagement, it will run into roadblocks that will stifle your company’s efforts—and that will potentially lead to the need to hire another, more well-equipped digital forensics company.
In many cases, relevant subject matter knowledge will be necessary as well. This is particularly true in the context of pending or potential litigation. In order to identify relevant data sources (and relevant data), your data forensics company will need to have lawyers and other professionals on staff who can work closely with the company’s certified data forensics experts to formulate and execute an appropriately targeted investigation and data preservation strategy.
Key #3: Lawyers and Former Federal Agents On Staff
Digital forensics inherently involves a host of legal issues. This includes evidentiary issues as discussed above, but it includes substantive considerations as well. What data does your company need to collect? What data does it need to preserve for potential discovery via the implementation of a “litigation hold”? What are you looking for in the data, and how can you leverage the data to your company’s advantage? These are all critical questions that your digital forensics company should be able to help you answer.
In order to do so, it will need to have lawyers on staff. Even if your company separately engages a law firm for purposes of an investigation or litigation matter, choosing a digital forensics company with lawyers on staff will give you confidence that the company is taking adequate steps to address the legal issues inherent in collecting data in connection with (or in anticipation of) civil or criminal litigation.
It can also be extremely helpful for a digital forensics company to employ former federal agents who have prior experience overseeing digital forensics efforts at the Federal Bureau of Investigation (FBI) or other agencies. The federal government devotes substantial resources to training its personnel in data forensics, cybersecurity, and evidentiary matters; and, as a result, former agents (with relevant experience) can offer a wealth of insights after transitioning to the private sector.
Key #4: Nationwide Capabilities and 24/7 Accessibility
In many cases, digital forensics can require travel across the United States. Information technology (IT) service providers and data storage vendors can be located across the country; and, oftentimes, collecting necessary data will involve inspecting assets on-site in person. With this in mind, the company you choose should not only have sufficient personnel to send digital forensics experts to remote locations as needed without compromising other aspects of its service delivery, but it should have the technological resources required to maintain seamless and secure connectivity at sites throughout the United States as well.
“In today’s world, digital forensics companies need to be prepared to act – and react – 24/7. From working within limited access windows to collecting crucial data on an emergency basis, if a digital forensics company is not ready to deploy its personnel and resources around the clock, it is not prepared to serve its clients in all possible scenarios.” Attorney Nick Oberheiden, Ph.D.
The potential need for on-site work at far-flung locations also means that the company you choose cannot adhere to a strict nine-to-five schedule. Its personnel must be available as and when needed—and they must be prepared to work around the clock when necessary in order to meet critical deadlines.
Key #5: Deep Insights in All Aspects of Data Collection, Analysis, and Preservation
Above all, the best digital forensics company that you choose needs to be extremely good at what it does. This is an area in which there is no room for compromise, and in which mistakes can be extraordinarily costly. Your digital forensics company must be able to consult, advise, and lead the way forward—and it must give you utmost confidence every step of the way.
From knowledge of different operating systems to knowledge of hardware architectures, and from understanding the rules of evidence to being able to distinguish between correlated and causal events, digital forensics is an extraordinarily complex field that requires knowledge that is as deep as it is broad. This is not easy to achieve; and, as technology keeps evolving and threats keep changing, it is an ongoing process. Not only must a digital forensics company be able to meet the demands that its services entail, but it must be able to do so efficiently and without wavering from the standards it has a duty to uphold.