Baby Steps

Getting into digital forensics is a tough job.  Writing about it regularly is even tougher.  Since passing the exam, I have been working on a marketing package to pass out around town, had meetings with my bosses trying to convince them that "Yah. Really. We can charge $225/hr and up for these services", landed my first official retainer fee, set up a proposal for e-discovery work and performed my regular myriad of break-fix, server upgrade and auditing work. I've also helped produce an outline for a book idea with my good friend and forensic-y mentor Chris and sent in a column idea to Into the Boxes. It's been a bit of a whirlwind, but never you mind. I live to serve.

I was contacted by a civil defense lawyer about the feasibility of admitting all the content of a Yahoo user group into court.  I mulled it over a bit and tried out a few techniques I've learned over the years for dumping websites, did a little proof-of-concept and turned in an estimate for work. This could turn into a significant amount of work sorting, searching and carving usable info for the defense.  I accomplished my proof of concept using a combination of freebie web tools and some yellow-belt linux kung-fu.  If I land it and wind up doing all the work I'll be sure to post a more in depth analysis.

I updated my resume, wrote a Curriculum Vitae, created a sheet of services my company can offer and turned it all over to our technical writers and marketing people. I hope I don't get a pile of useless mush with pretty colors back. 

I have a friend and client here in Montana who is a defense lawyer, he just happens to be working a Federal CP case.  He received a copy of the crime lab report from the DOJ and was noticeably frustrated by it's content. Technically it's a solid report, but it is not well written or organized and it is not written in terms that are easily understandable to anyone but another forensic analyst.  No worries, I'm officially on the case. My first retainer fee and official work: Translate a DOJ crime lab report into something a lawyer can read. I know, I know(insert lawyer joke here) .  I'm thankful to have somebody that trusts me enough to give me a first break and help me attain expert witness status. My hope is that it will progress a bit further and I will actually get to produce my own report on the evidence at some point. The current report does not contain any timeline analysis, registry analysis, browser history, or many other components that I would consider crucial.  Surprising to say the least, the report was written by an acknowledged pioneer in the forensics field.  Who knew?

The book. Chris is the author of  "Unix and Linux Forensic Analysis". He met with his old publisher a few weeks back and they asked him to consider a few projects they had in mind. One of them was right up my alley and he asked me to co-author with him.  Needless to say, I accepted. I believe my answer was "You bet your ass!"  This is going to be a very cool project and I think a very good book.  I will not be divulging any content but if all goes well, this blog will continue on in support of the book.

I emailed ITB with a column idea where I would field questions that people have asked me about forensics in general.  I don't have any god-like technical forensic powers, but I have a different perspective on the field that most of the contributors have lost. You don't get to be a recognized expert in a field without being where I am at some point. It's really the best thing I could come up with, I don't have much of a pool to draw from.  E-mail them and ask them to do an "Ask Grayson" column. I think it would be fun.

If anybody missed it, Eric Huber who writes "A Fistful of Dongles" wrote a blog post about my blog posts! Well, it was less about me and more about experienced guys getting out there and sharing their knowledge, but I appreciate the plug nonetheless. I hope to actually meet some of the people I correspond with someday. Thanks Eric.  

Keep plugging away, hard work will always be rewarded in the end.

G