Since 2004 I have been involved in conducting digital forensic analyses and have performed well over 1,000 examinations of computers, servers, mobile devices, IoT devices, drones, game consoles, and just about anything else that can be examined. These examinations have been done to support criminal investigations, civil litigation, HR investigations, and research. I have also been qualified as an expert witness in state and federal court numerous times in the area of digital forensics, cybersecurity, and technology-facilitated crimes.
Through this experience I have been able to build several teams, forensic laboratories, facilities, security operation centers (SOC), and incident response capabilities. This has included bringing in the people, processes, and technologies necessary to be successful at digital forensics and incident response. Part of this experience has included going through the entire process of ISO 17025 laboratory accreditation and at the time, I was the director of the only such accredited non-federal standalone digital forensics laboratory in the U.S.
There are a lot of lessons I have learned over the years and I hope to provide some of those here, as well as some best practices and resources that practitioners and digital forensic leaders may find useful.