Every year I look forward to the forensic tool group. It's the area in which I spend most of my research and writing time and I really enjoy seeing and testing the new tools that have emerged in the past year along with seeing the advances in old stand-bys. To paraphrase comedian Steve Harvey on the TV show Family Feud, we got a good one for you this year. We have something old, something new and, well, you know how the rest goes. So, before we dig in, we have time for a little forensic philosophy.
Over the 30-plus years that I have been in the digital forensics field, I have seen a lot of changes. These changes have not only been in the tools but in the people who use them. I remember an experienced cop telling me years ago, when I asked what we should include in a university program in digital forensics, that we academics were just going to mess things up for the old pros. And besides, he was getting ready to retire and he didn't want to have to go back to school.
As it happened, we did create the program and then I went on to another university and did it again, and today there are quite a few universities with great digital forensic programs. But, there is one thing about which I've always wondered: If forensic science is the marriage of law and science, why is it that many digital forensic practitioners – not all, mind you, but a great many – know just enough law to testify as experts. Cops tend to know the law as do some academics and a few others, but the state of the practice is: we have a way to go.
So here is some encouragement, both to the practice as a whole and to schools that teach digital forensics. Get some law in your programs. For practitioners, take a law course or two at your local community college. Now that I am retired from the university and have a little time on my hands I am working on a law degree (yep – going to law school at 71 years old) so that I can contribute to a field that needs to be created, called cyberjurisprudence. Cyberjurisprudence would marry cybercriminology to the law creating a class of practitioners with deep knowledge in both. Add digital forensics and digital investigation and you have the whole package.
Why bother, you might wonder. The answer is in the news media every day. We are in a period of unprecedented complex cyberwarfare. It might be bad guys after your PII or it might be nation-states sponsoring cyberterrorism and cyberwar. But, at some level, these activities are either acts of war or crimes. And sometimes they are both. We have two battle forces on our side which deal with this: the security practitioners (proactive, we hope) and forensics practitioners, who clean up the mess after an incident. For both of those practitioners questions of law come into the mix regularly.
So what to do? Learn more. Be creative with your learning. And really prepare for the emerging generation of cyberwarriors and cybercrooks. To fight these gumballs, you cannot learn enough. And don't be like my old friend the retiring cop. We really do need that advanced education.