Computer forensic examiners are from Mars, attorneys are from Venus
by Keith Chval - Co-founder of Protek - Wednesday, 27 March 2013.
In addition, it also provides an opportunity for the examiner to identify and suggest possibilities in which the digital evidence may yield benefits in the case beyond what counsel was initially envisioning.

It is fairly common for counsel to call us with a very limited purpose in mind with respect to how the digital evidence might be of benefit in their case. They are not aware of the ins and outs of computer forensics and the potential nuggets of gold that may lie within the digital evidence, and where else they may benefit their case.

In learning the facts and legal objectives in play, you will often be able to identify other possibilities for how the digital evidence could be helpful that counsel had not even considered. In the process you will be making yourself a valuable partner and making him look good!

Sergio Acosta, former Chief of the General Crimes Section of the U.S. Attorney’s Office in Chicago, and current Hinshaw and Culbertson partner, shared his take on what works best here, “I’d say expressing a genuine interest in the facts and nature of the case is a big positive. As a former prosecutor, I still have that investigative team mentality. I have been most impressed with forensic examiners who exhibit a teamwork attitude and approach..."

Project planning: A clear, focused, yet thorough plan with reliable time and cost expectation

You must take the lead in identifying how, through your examination and investigation, you can help counsel in taking on the issues that they are facing. In most instances, you cannot just passively sit back and leave counsel to try to design and direct your work.

Very few attorneys know enough about the possibilities and limitations of computer forensics. That’s why they’ve called you! Here again is a golden opportunity to make them look good by listening to the facts and strategies of their case, and offering a thorough, yet focused, forensic investigation plan.

Equally important to clearly explaining what you may be able to do and how you will pursue that, you must also be prepared to be clear on what you cannot do, including possibly dissuading erroneous notions counsel may have about the secret powers of computer forensics.

A very common refrain from the panel of litigators was dissatisfaction in how examiners handled this aspect of their engagement. Either the examiners didn’t think broadly enough in terms of how they could be of help, or they oversold what they could do.

All expressed great appreciation for the examiner who jumped in and quickly mapped out a clear examination plan and objectives tailored to their facts and strategies.

Equally appreciated was the examiner who considered the challenges presented by an attorney’s quirky situation and, rather than throwing up her hands and giving up, figured out an effective work-around… at a reasonable cost!

Time is of the essence

Iain Johnston, co-founding partner of Johnston & Greene in Chicago, handles very sensitive, high profile investigations and litigation where the financial stakes can be high, and individuals’ careers can hang in the balance.

His response pretty well captures the urgency of the situation, “When the stuff hits the fan, I’m reaching out to a computer forensics consultant for a reason; i.e., there is a crisis. So I need the consultant to be very responsive.”

Tension is often high and nerves on edge during this initial period of uncertainty where counsel and client don’t yet have a handle on the situation, let alone how they’re going to come out on the other side of it.

You MUST be hyper-responsive, if not proactive wherever possible. Once you are

“at the scene,” you need to help bring sense and order to the situation for counsel and his client by quickly assessing the situation and providing a clear and concise roadmap for tackling the digital issues at hand.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th