My latest passion is computer forensics. I began training in May 2005 and have logged more than 300 hours since then. I developed the five new computer forensics courses that make up the department's new Bachelor's Degree in Computer Forensics.
People often ask if computer forensics can be defeated. I always admit that it is possible to remove data so that it can't be recovered, but the following quote by Bruce Schneier explains why it is virtually impossible to remove all evidence:
“Modern applications and operating systems are very complicated, and interact with each other in many different ways. Hiding the existence of something means controlling all those interactions, which turns out to be a very hard problem.”
Most recently, I've become extremely interested in cell phone/smart phone/PDA/GPS forensics. These devices must be handled very differently than hard disks.
If you don't understand the following phrase (posted to a cell phone newsgroup I belong to), you aren't a real mobile examiner: "Im trying to link SHU box to DCT to get a pm read its a Nokia 2310."
Training:
NTI 5 Day Computer Forensics
EnCase Introduction to Computer Forensics
EnCase Intermediate Analysis and Reporting
X-Ways Forensic 4 Day (Software and File Systems)
PA State Police ILOOK 3 Day Training
ASRData SMART Linux Forensics (5 day)
EnCase Advanced Internet Examinations
EnCase Advanced Computer Forensics
EnCase NTFS File System and Artifacts
FTS Cell Phone Bootcamp (2 day)
BK Forensics Cell Phone 101 (3 day)
Paraben Level 3 Cellular/GPS Signal Analysis (2 day)
Selected Cases:
Lead examiner in a multi-jurisdictional case involving local, state and federal agencies including the Bloomsburg Police Department, Pennsylvania State Police and U.S. Marshals.
Lead examiner in a case involving inappropriate use of a computer in a local school district.
Assisted local and state police in several murder and rape cases by providing cell phone analysis.
Appointed by a judge as a neutral court expert in a case for the State Investigating Grand Jury.
Lead examiner in a bad faith e-discovery case against a national insurance company.
Lead examiner in a wrongful dismissal case against a local credit union.
One of a team of four examiners in an internal investigation for a Fortune 500 financial institution. The case involved evidence from several countries and approximately 3,000,000 email messages.
Lead examiner in a cell phone case involving threats for a local police department.
Lead examiner in a theft of intellectual property case for a multinational company. The case involved evidence from several states including hard disks and smartphones.
As of February 2007, I am a Certified Computer Examiner (#674). For information on the certification or ISFCE (the organization that administers the CCE), click on the logo above.
I also recently completed the EnCE certification. For more information on this certification, click on the logo above.