Sunday, August 7, 2011

Hanging Together Through CDFS

The recent launch of the Consortium of Digital Forensics Specialists has generated quite a bit interest and I’m excited to see how well received it has been. There has been great interest in the organization and I’ve been following many of the conversations that have occurred in places where the community congregates online. One of these conversations has occurred on my Google+ profile. I’m going to use this blog post to address the commonly raised questions that have been raised. Even though I am on the board of directors for CDFS, I want everyone to understand that these are my own personal answers to these questions and should not be interpreted as an official CDFS communication.

Did we really need yet another digital forensics organization? Why not just use one of the existing organizations as a vehicle for all of this?

The existing organizations aren’t structured in a manner that can act as a unified voice for the digital forensics community. One of the strengths of our community is that we have a number of well developed and respected organizations that have done a tremendous amount of work over the years in building out their membership rolls as well as offering high-quality training and certification options. That also means these organizations are in competition with each other as they work to attract people to spend scarce training and certification dollars with their organization rather than another organization. That’s healthy competition for these organizations and the community as a whole. However, it also means that as soon as an organization enters, for example, the certification market, it loses the ability to act as that unifying entity that speaks for the entire community. We aren’t going to get organizations putting their own certification and training dollars at risk by endorsing a competing organization as the voice of the community.

There are also organizations in the digital forensics world that exclude people who work criminal defense cases. That’s a decision that each organization has to make for itself. When an organization decides to exclude a substantial portion of the community, it loses any chance it has at acting as a voice for the larger digital forensics community. Even if you don’t offer training or certification options that put you into competition with organizations that do, how can you speak for the digital forensics community as a whole when you exclude a large portion of it?

So we’re left with respected established organizations that for one reason or another will never be able to act as a rallying point for the larger community. The concept behind CDFS is to have these great organizations as well as individuals come together to work towards the mutual goal of having a united voice for the digital forensics community in areas such as public policy in a manner that doesn’t compete with the member organizations.  CDFS will not offer training or certification because doing so would make it just like the other digital forensics organizations and would undermine its ability to speak for the community.

Why should I join? What’s in it for me?

Not a lot of goodies at first, that’s for certain. The organization isn’t offering up any sort of products such as training or certifications because that would undermine the ability to act as a rallying point for the community. You join because you care about the future of digital forensics and you want to have a say in the issues of the day that will impact if and how we get to practice digital forensics.

There are some very serious public policy questions revolving around the issue of government regulation of what we do. For example, professional licensing and lab accreditation are two major issues that could radically impact the community in the future. If laws and regulations aren’t created with substantial input from the community, they will be written by others who might not have the best interests of the public and the digital forensics community in mind.

And, yes, I meant to say “if” we get to practice digital forensics. You might be the greatest digital forensics practitioner on the planet, but if you live in a state whose licensing standards are crafted in such a manner that you can not qualify for, it could become unlawful for you to continue to work in the field. That’s not a result that benefits the public, your family, or our community.

Yes, it’s yet another yearly expense. I’m having a hard time myself keeping track of all of the money I have to pay out each year to maintain organizational memberships and certifications. I’m starting to take a hard look at what I am going to keep up in the future and I will likely start cutting back in some areas. However, I spent the money on an individual CDFS membership because this is important to the future of what we do. The cold hard truth is that these organizations cost money to operate and since the CDFS isn’t going to be entering revenue generating areas such as training and certification, it’s going to live or die based on the organizational and individual memberships.

Ben Franklin said it best when he said, “We must, indeed, all hang together or, most assuredly, we shall all hang separately.” This is where we are at as a community. If CDFS fails, we will be back to the current status quo where none of our existing organizations is able to act as a unifying force and we’ll be unable to rally the community to promote and defend what we do.

It’s time for all of us to hang together.

(Update since the initial posting of this blog entry: I had someone who is very sharp suggest that “stand together” might be a better way of stating this. I always thought that Franklin used the “hang together” phrase as meaning “stand together” otherwise they would all hang separately in the terminal sense of the word. It occurs to me I could be really wrong in that interpretation which makes the last sentence and the name of the blog post really odd sounding. I love early American history, but I don’t claim to be an expert. If someone who is actually an expert could let me know the answer, I’d owe them a beer and would be happy to pay up.)

New Digital Forensics Blog: Forensic Methods

Chad Tilbury finally succumbed to the siren song of blogging and has established an excellent blog over at Forensic Methods. Chad is a certified SANS Instructor who teaches several of the primary digital forensics courses at major conferences. He’s also one of the people who has helped Rob Lee and company develop these courses.