Q&A with Keith J. Jones, Digital Forensics, e-Discovery and Computer Security
CriminalJusticePrograms.com spoke with Keith J. Jones, owner and senior partner with Jones Dykstra and Associates (JD&A), a firm specializing in digital forensics, electronic discover and computer security. JD&A covers legal, corporate and government projects. In addition to his work at the firm, Jones is also the author of Real Digital Forensics: Computer Security and Incident Response and The Anti-Hacker Toolkit.
Below he shares his experiences in the field and what students should keep in mind if they're interested in pursuing digital forensics.
Q: What is your current position?
I co-own a company named Jones Dykstra and Associates, and I have a business partner whose name is Brian Dykstra. I have the title of Senior Partner here.
Q: What exactly are digital forensics, e-discovery and computer security?
Let me start with the broad subject first; that's going to be e-discovery. In 2006, there were some federal rules that changed and basically made electronic data a part of civil trials. If you have two parties suing each other, both parties have a right to discovery. One party may say, "I want all the emails that have to do with a certain subject," [Short Code Error: type value must be either online or ground]. That's where e-discovery comes in. It's kind of like walking into a barn full of hay, grabbing a handful of relevant hay and handing it to somebody so they can do the review. Computer forensics is more granular than that. If we're talking about putting our arms around the relevant hay in e-discovery, we're now talking about trying to find a needle in a haystack.
The third thing is computer security. These three aren't mutually exclusive, though, so you may start e-discovery sets, and then you'll find something that you've got to investigate. Also, in some aspects, there's computer security. [Short Code Error: type value must be either online or ground], so-and-so company may have exposed X amount of credit cards - somebody usually has to investigate that and figure out what data was exposed, how much of it was exposed and what that means for the company. Do they have to notify credit card holders, etc.?
Q: How did you get started in this field, and what kind of preparation does someone pursuing this career need?
When I went through the university, they didn't have computer forensics as a profession, per se. You couldn't leave with a degree that said, "I do computer forensics." I have dual bachelor's degrees: one in computer engineering and one in electrical engineering. I worked at the School of Criminal Justice at Michigan State University when I was there, and I was always interested in the computer crime side of things. I stayed around for my master's degree in electrical engineering. That allowed me to apply for the technical side of the legal profession - investigating computers and so forth.
[Short Code Error: type value must be either online or ground] either an investigator and then learn the technical aspect, or you're a technical person and learn the investigative aspects.
Q: Does it help to have a background in investigation?
The nice thing is that the people who are graduating now grew up with computers, so teaching them the technical aspect is a lot easier than teaching somebody who never touched a computer in his or her life. If you take your average college student, they already know what Facebook, Twitter, and all those things are. You [Short Code Error: type value must be either online or ground] already have an understanding of things like evidence management, and so forth, from their college careers.
Q: What is an average day like for someone entering the profession?
My average day is a little different because being an owner of a company encompasses [a lot of different responsibilities]. The more associate-level employees - those who don't have to worry about finances and all that [type of stuff] - work on the data from day to day. They'll have a project or two floating around. An employee may be working on two to four projects simultaneously. In the legal world, things don't move very quickly. If I'm working on four projects, I may not work on two of them each week. [Short Code Error: type value must be either online or ground], we gave data to an attorney or a business manager who now has to make a decision. We're just waiting for them to look at what we gave them, come back to us and say, "OK, now I'd like you to look at so-and-so's laptop."
Q: In general, are there any specific traits that work well in this career?
First and foremost, [Short Code Error: type value must be either online or ground], there will be times when you'll be presenting your findings to a group of maybe 10 people, and you have to be comfortable. Later, if you do testimony, you might have a whole courtroom full of people, and news people there. So, being comfortable communicating is key.
[Short Code Error: type value must be either online or ground] multifaceted. You need to understand the legal world plus your technical world. A lot of times there may be a disconnect if someone's very heavily technical or very heavily into the legal world. We'll talk to the IT staff for a client, and then we'll talk to the attorneys for the same client.
Q: What are some of the challenges in the field?
As you progress in your career, you're not always just sitting in front of a computer. You can do the greatest things on a computer in an investigation and if nobody understands it, it really doesn't matter. It's important that [Short Code Error: type value must be either online or ground], but now it's all over TV with CSI, etc. Computer forensics really isn't as cool as it looks on TV. There is a lot of pressing the page-down and arrow-down buttons. Just be aware that there aren't a lot of flashy things, 3-D renderings, and so forth.
Q: What kind of changes have there been in digital forensics in the last few years?
There have been a lot of changes. Any time you talk about a technical field there are a lot of changes. Even something as simple as Facebook becoming more popular means we're going to see more cases that will involve questions about Facebook. It doesn't necessarily mean we're getting evidence from there, but it's just another one of those avenues that lawyers have heard of, and they'll ask for any type of information that might be able to come from it.
Probably the biggest change that I see right now concerning computer forensics, specifically, is regulation. Right now, because computer forensics and e-discovery are so new it's, for lack of a better phrase, sort of like the wild, wild West. You can set up shop and say you [Short Code Error: type value must be either online or ground], and that's very difficult because you could find yourself on a case in which you just have to stop, so that you don't get into legal trouble.
Q: What do you see for the future of the field?
Hopefully, we will get this regulation issue figured out. I think you're going to see investigations everywhere. Back in the day we only worked on computers. Then smart phones came out, and now we're regularly doing computer forensics using them. So as technology progresses, and you have new devices, new tools and new operating systems, there will be new investigative steps for whatever that particular device, tool or software is.
Q: Can you tell us about your books: The Anti-Hacker Toolkit and the Real Digital Forensics: Computer Security and Incident Response?
The Anti-Hacker Toolkit is a book I wrote that basically outlines all the different security tools. It falls more in the computer security realm with a little bit of computer forensics in there. It's more of a shop manual, if you will. The other book, which is newer, is Real Digital Forensics. One of the things that is really important [Short Code Error: type value must be either online or ground].
Q: Any other recommendations for aspiring digital forensics professionals?
Volunteer for the project nobody wants if you're new. You'll learn a lot. Getting exposure to actually doing the work will usually help you. Shadow somebody if you can - that's usually the best way to get your foot in the door.