Thanks to TV shows like CSI and NCIS most people have some general idea of what it means to collect evidence. I usually explain that we collect and examine evidence from the electronic devices that fill our lives. Sometimes the evidence is for a civil lawsuit. Other times it is for a criminal matter. Many times people don't think of electronic evidence in terms of non-criminal matters, so I usually offer up the example of the person who leaves “Company A” and then goes to “Company B,” its direct competitor. Company A may use us to see whether their former employee took formulas, customer lists or other proprietary information with them.
What do you think needs more attention?
I think digital forensic practitioners need to be aware of, and become more involved in, the recent actions in some states that require private investigator licensure for those who offer digital forensic services. This is a bad fit.
What security threats are overblown?
While not a security threat per se, the effect(s) of cloud computing on our arena (digital forensics and electronic discovery) seems to have some practitioners and attorneys worried. I think that we will need to make changes and learn new techniques as practitioners, but I don't see cloud computing as presenting the problems that others envision.
What annoys you?
“Black Box” solutions that offer to solve all of a company's (or vendor's) e-discovery needs. These “solutions” don't solve the problems they claim they do. They tend to be selling tools, not technical offerings, and they make it more difficult for vendors who are trying to address a client's needs honestly.
For what would you use a magic IT security wand?
I'd eliminate spam. I think the electronic world could use the bandwidth.