Fingerprint Scanning Technology

How to Pick a Good Digital Forensics Company

By Dr. Rey LeClerc Sveinsson, ERMProtect

From investigating cybersecurity breaches to conducting discovery in civil litigation, the practice of digital forensics plays an essential role in many aspects of companies’ compliance, data protection, and risk management efforts.

Digital forensics refers to the use of scientific techniques to gather, analyze, and present evidence to any court. This means digital forensic investigators need both legal and technical expertise to conduct a proper investigation. Evidence that is gathered by someone without the right training and experience can be considered inadmissible by a court of law.

In digital forensics, there is no governing body at the federal or state level that accredits examiners as being competent in their field. The industry does not have a bar exam or other system in place to ensure digital forensics investigators possess the minimum qualifications necessary to practice in this field. This complicates selecting a digital forensics company. And those complications multiply when numerous forms of digital evidence are present in a case.

With this in mind, your choice of digital forensics companies is extremely important. You must choose a company that not only has the capacity to effectively locate essential data, but the expertise to acquire, preserve and present it to ensure admissibility in court. Here are several factors to consider when hiring a digital forensics company:

Industry Expertise in Digital Forensics Services

A digital forensics company should be able to clearly delineate its methods to:

  • Handle and transport hardware containing sensitive data.
  • Maintain industry-standard controls limiting data access only to those who need it for investigative purposes or for the client company’s operational / litigation needs.
  • Maintain industry-standard cybersecurity and responses to attacks that might destroy data on devices within the digital forensics company’s possession.
  • Maintain and document a chain of custody for all data that is sufficient to achieve admissibility as evidence in both state and federal court.
  • Document methods and techniques to preserve, analyze, and store evidence.

Digital Forensics Certifications

Digital forensics companies should employ personnel who have current industry-standard certifications. This will improve the likelihood that they will be able to qualify as a digital forensics expert in courts. Relevant certifications include, but are not limited to:

  • Certified Computer Forensic Examiner
  • Certified Cyber Forensics Professional
  • EnCase Certified Examiner
  • Global Information Assurance Certification (GIAC) Forensic Analyst Certification
  • GIAC Forensic Examiner Certification
  • GIAC Advanced Smartphone Forensics Certification
  • GIAC Network Forensic Analyst Certification
  • PCI Forensic Investigators (PFIs)

Industry Experience in Digital Forensics Services

The digital forensics company must be fully capable of addressing all tasks pertinent to the investigation, whether it’s analyzing social media, web-based mail, or deleted files. Otherwise, you may run into roadblocks that stifle your company’s efforts — and potentially require hiring another, better-equipped digital forensics company.

You may also need a company experienced in electronic discovery, litigation support, cybersecurity consulting and other related services. Choosing a company that offers all of these services can enhance the efficiency of service delivery and reduce costs.

Deep Insights in Digital Forensics Investigations

A good digital forensics company needs to be extremely competent. This is an area in which there is no room for compromise because mistakes can be extraordinarily costly. Digital forensics companies must be able to consult, advise, and lead the way forward —instilling confidence every step of the way.

The examiners must have knowledge of different operating systems and hardware architectures. They must understand the rules of evidence. They must be able to distinguish between correlated and causal events. As technology and threats evolve, they must participate in ongoing learning to keep up.

References and Reputation in a Digital Forensic Company

The reputation of a company can sometimes be a deciding factor. Good digital forensic companies are well known in the business and legal communities. They are actively involved in relevant industry associations. Check references. And, for high-stakes cases, consider asking the company about their claims and litigation history.

Choosing the Best Digital Forensics Company

Digital forensics can make or break a litigation case, resolve - or fail to resolve - data breach incidents and make all the difference in a court of law. Find a digital forensics company whose examiners have relevant certifications, demonstrable experience analyzing various types of digital media, a good reputation in business and legal communities, and excellent references.

ERMProtect has 24 years of experience handling digital forensics cases. If your organization needs help, email us at [email protected] or call 305-447-6750.

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

soc 2 auditor

Top 10 Tips for Choosing a SOC 2 Auditor

Choosing a SOC 2 auditor can seem like a complicated process, but keep in mind that the most important factor is picking someone who will be a valuable partner …
cryptocurrency compliance

What Does Crypto Compliance Mean Today?

Compliance helps protect crypto investments. Here we discuss popular crypto compliance standards to be aware of …
types of pen tests

Types of Penetration Testing

Penetration tests are an effective defense mechanism because they mimic real-world attacks. Here the the pen test types you need to know …