January 1, 2025
What Is “The Philosophy of DF/IR”?
“If it is not right, do not do it, if it is not true, do not say it.”
-Marcus Aurelius
Welcome to the newest Digital Forensics/Incident Response blog (for now)! I created this space for several reasons. First, I have a passion for writing about our industry and the nuances that reside within it and come about because of our practice of forensic data analysis. The intersection of data, evidence and the law is a fascinating thread on which to pull and the more we pull on it, the more we unravel the tapestry of our practice and work to hone and refine how we conduct our work. Second, I have been inspired lately by the likes of Brett Shavers (DFIR Training) and others to continue writing. For those of you who are not already familiar, I wrote a DF blog for my company, Pro Digital Forensic Consulting, before the company and I were acquired by a Nationwide Digital Forensic services provider.
Recently, I had the opportunity to interview some practitioners in our industry and one of the questions I asked was, “What is your philosophy and methodology when it comes to ‘X’ case scenario?” This spawned a greater question internally about our collective philosophy as digital forensic practitioners and what that means for us moving forward. I was also shocked that the question wasn’t really answered, which caused me to think perhaps our philosophy isn’t really something we spend a lot of energy thinking about… But we should.
But the real impetus for this new endeavor is that I, like many, find our industry at a crossroads. We have professionals contrasted wannabes. We have liars and charlatans. We have some of the most brilliant minds I’ve ever run across and some of most lackluster “practitioners”, who tend to make us all look a little worse than they should. We are at a pivotal point where the advent of AI technology, the progression of the law and case precedent and how we all choose to approach our work will become more vital if we want to be included in the wider forensic conversation permanently.
I also woke up one day in my late-40’s and realized I’ve been working in the justice system in one capacity or another for a quarter century. From various roles in law enforcement (patrol, school resource, investigations/DF & instructor) to founding a successful consultancy to executive-level at a nationwide provider, each of these roles has afforded the opportunity to audit my own approaches, behavior, methods, production and philosophy. Perhaps some tidbits garnered over those 25 years may serve someone else in the future practice of DF/IR.
Because of all of this, I felt like the time was appropriate to connect the old and the new. Classic & stoic philosophers like Aurelius, Epictetus, Seneca and Nietzsche (among others) give us a fantastic framework on which to build and cultivate our industry approaches and further inform those who work within DF/IR. Their writings and teachings afford us the ability to reflect on who we want to be as practitioners and how we can improve on our personal product and our reputation as an industry and as a forensic science. Their guidance is without political influence or bias and is a logical, sensible and substantive approach to how all practitioners should treat their role(s) within the DF/IR community.
To be clear, I’m not the ombudsman of philosophical approach, professional standards or the general practice of digital forensics, nor do I wish to be. My goal in publishing this blog is to draw the corollary between what has been stated in the past to what is being practiced in the present. This may incorporate current cases, social media postings, podcasts, other personalities within DF/IR, etc. It will strive to be current and relevant but keeping in mind the principles of the cited philosophers who will be the springboard for various article topics.
As an administrative note, this blog is not a part of my employment, nor is it intended to express the opinion of my employer. The thoughts & opinions expressed here are strictly my own. I welcome comments, but they will be moderated because the internet can be a wild, unwieldy place where anything goes, unless someone monitors what goes.
It is my hope that these articles will foster more discussion within our community and more scrutiny over fellow practitioners to help us all improve our services, regardless if you’re employed by law enforcement, government contractor, private sector service provider, corporation or a DF/IR entrepreneur. All are welcome, so let’s get started!
More to come…
About the Author:
Patrick Siewert served 15 years in full-time law enforcement and investigated hundreds of high-tech crimes to precedent-setting results in Virginia (USA). Patrick is a graduate of SCERS & BCERT and is a court-certified expert witness in digital forensics, mobile forensics and historical cell site location analysis. He has published dozens of articles, consulted for local, regional and national media and is cited in numerous academic papers. He was the Founder & Principal Consultant of Pro Digital Forensic Consulting, based in Richmond, Virginia (USA) and currently serves as Director of Digital Forensics and E-Discovery for a Nationwide (US) provider of DF/IR and e-disco litigation support services, while keeping in touch with the public safety community as a Law Enforcement Instructor in multiple disciplines.
Email: Patrick@ProDigital4n6.com
Patrick Siewert on LinkedIn: https://www.linkedin.com/in/patrick-siewert-92513445/
Patrick on X & Substack: @RVA4n6
Pro Digital (old) blog site : https://prodigital4n6.blogspot.com/