Skip to main content

Due Diligence In The Search For & Practice of Digital Forensics

 


May 1, 2025


Due Diligence In The Search For & Practice of Digital Forensics


"If someone is able to show me that what I think or do is not right, I will happily change, for I seek the truth, by which no one was ever truly harmed. It is the person who continues in his self-deception and ignorance who is harmed."


-Marcus Aurelius

Meditations




There’s been a lot of chatter lately about the qualifications, credentials, experience, education and credibility of digital forensic practitioners.  If you don’t know what I’m talking about, I suggest searching on LinkedIn or other related platforms.  Notably, a longtime practitioner in the Midwest has recently been placed under investigation by the FBI for essentially perjuring himself with regard to many of these listed characteristics, a definite bellwether for bad tidings and a position I don’t think anyone reading this post would want to be in.  


But the developments with regard to this practitioner, among others, brings up the real question about due diligence in vetting a digital forensic expert.  This isn’t a new topic by any means.  I wrote about it more than 10 years ago and the principles remain true, but that article didn’t touch much upon the responsibility of the main players in the due diligence game: The attorney-client and the expert.  The Court can also factor into the equation as well, but generally Courts go where attorneys try to direct them.


As a matter of practice since I started this blog, I again turned to GrokAI to help with a definition by prompting “What are three main factors in due diligence of selecting an Expert?”  Here’s what Grok said:


  • Qualifications and Expertise
  • Reputation and Reliability
  • Alignment and Communication Fit


Notably, two of the categories are generally well-documented and *should* be verifiable.  The third is a bit softer in the skillsets required.  We’ll explore all three from multiple angles…


Qualification and Expertise


What is an “Expert”?  What Makes an “Expert”?  Well, the legal definition and the formal definition don’t’ really explain much.  Paraphrasing how “experts” are adjudicated as such in most courts in the US, it is the knowledge of a particular subject matter that is more than the layperson.  That’s not a very high bar.  In fact, the bar is so low that it can cause major problems when someone is testifying and goes over their proverbial skis.  So how do we prevent this?


From the attorney’s perspective, it’s difficult because:


1) Many attorneys are not tech-savvy

2) Many attorneys are very busy and don’t have time to vet multiple candidates and

3) Court-imposed or other deadlines can be a factor


Proper vetting of qualifications is key.  If you don’t know what a particular qualification, certification or class listed on a CV means, ask the prospective expert to explain or detail it.  All too often, attorneys rely on word-of-mouth recommendations and prior approval from colleagues and Courts, when in fact, if the charlatan-expert has been successful, the snowball of would-be qualifications just barrels onward unchecked.  Do you have to call every client and verify every credential?  No.  But spot-checking is certainly appropriate, particularly in the early going. And that’s not to say that you should only spot-check new experts.  The qualifications listed for experienced experts that may have been working for a long time should also be vetted.  Also scrutinize things like wording in online profiles and CV’s.  I could say “I worked with the FBI as a member of the Internet Crimes Against Children Task Force.”  Is that statement materially false?  No.  But it can definitely be misleading.  I was never an FBI agent, never an FBI Task Force Officer, nor did I carry any FBI credentials, but I did work with various FBI Agents on multiple cases.  


See, there’s a big difference.  One is designed for the receiver to believe a particular fact, but the truth is martially factual.


For the Expert, it’s vital to your credibility to be as accurate as possible and not be misleading about qualifications or expertise.  As one who conducts a lot of cellular location records analysis, it’s easy to get into the trap of testifying or stating opinions that are not supported by data in the records.  This is a type of liberty taken with evidence that should be avoided in all cases, but is also violated many times over.  If you don’t know or the evidence doesn’t support a particular conclusion, state that.  Having professional boundaries about what you can and cannot attest to is what lends credibility to your overall expertise.  Expertise doesn’t come from knowing everything.  It often comes from knowing and stating what you DON’T know.  


Reputation & Reliability


Reputation is one of those intangible assets that can’t be fudged very easily at first, but another one that can snowball into a mountain of referrals because everyone believes the charlatan expert is a knowledgeable, articulate resource.  Reputation is trick because it feeds on itself.  Once an expert is deemed reputable, that’s half the battle to getting more case work.  Factor it along with reliability, then heck, qualifications may not even matter!  


But all this boils down to customer service.  Everyone has a customer, whether in private practice, corporate practice or law enforcement.  Proving repeatedly that you are reliable and reputable tells your customer that you are professional.  


Reputation is relatively hard to build, but easy to destroy.  Just ask anyone wrongly accused of a heinous crime.  Potential clients also don’t care to talk to you if your reputation has been damaged or destroyed.  It’s potentially the single biggest asset an expert can have – a positive professional reputation.  So how do attorney-clients deem someone reliable?  This again requires close inspection of qualifications and history.  The worst place to be is on the stand when someone attempts to smear a reputation.  This can be avoided on the attorney’s side by asking questions, developing a good relationship with the Expert and ensuring that full disclosure is the best policy.  


Keeping a reputation solid also generally leads to reliability, but reliability has an even more customer-service side to it in that it requires you to be present, available and accessible.  It is not uncommon for attorneys to jump to another expert in the same discipline because the initial expert was hard or impossible to reach.  Being available often equates to being reliable.  Knowing what is needed in the case, knowing what you need to do in order to help accomplish those goals and being responsive also equate to being reliable.




Alignment & Communication Fit


I find it interesting that GrokAI used the term “alignment”.  To me, alignment means, how well do your skills meet with the needs of the case?  This piece is quite simple to vet in the due diligence phase because all it requires is an initial meeting or call to discuss what you have and what you need and how the Expert can help meet those needs.  It’s realistic to expect that in roughly 50% of matters, there may be limited or no alignment to the case needs.  If you are speaking to an Expert who says they meet the clients needs at or near 100% of the time, run far and run fast.  No expert meets every client’s needs 100% of the time.  This again is where honesty on the part of the expert and open communication about the case is started.  


From there, the communication fit is how well you and the expert communicate about the case as it evolves.  I recently had a case where the communication fell apart, largely because of a demanding and difficult client, but also because the circumstances kept changing.  They went to another expert.  It happens and if they are better served with the other expert, so be it.  In the vast majority of cases, we attempt to communicate clearly and effectively with clients to ensure there are no misunderstandings about what we can do, what they need and our place in the case.


Yes, this part of your due diligence requires a conversation.  It’s hard to get the full picture of how the Expert can check these proverbial boxes through email unless you’ve worked with them on several prior occasions.  Everyone is busy, including the experts.  Take 15-20 minutes to have a conversation and get a feel for how their training, education and experience fits with your case need, and don’t get frustrated if you need to call more than one expert.



The Dangers of Lacking Due Diligence


So what if you choose to ignore these factors and the suggested means to verify an expert’s ability to assist in your case.  The first potential consequence is, your client may not be well-served.  The second is you could potentially lose the case with a bad expert (or no expert).  The third is either a claim of malpractice (civil) or ineffective assistance of counsel (criminal).  The worst-case scenario is you get subpoenaed to testify about why you used a particular expert who may have been unqualified during an FBI inquiry.  


There’s an adage I’ve repeated a lot over the years:  If you think hiring an expert is expensive, try hiring an amateur!  No more does this ring true than in the need for due diligence on the part of any attorney looking to hire an expert.  So here are some red-flags to look out for, based upon 25+ years of experience dealing with many different purported experts:


  • Claims to have all of the answers.  If you are dealing with someone who claims to have all of the answers – despite commonly accepted practices to the contrary – you should think again about using this expert.  No one has all of the answers, and you can go to multiple resources to get varying answers to your questions.  There is no magic digital forensic wizard who is the gate-keeper to all of the knowledge.
  • Relies heavily on marketing:  Do you see the expert who is always at all of the expensive lawyer’s trade shows and takes you out to dinners in fancy steak restaurants?  That guy is probably full of not only malarky, but himself.  I’d also add that if they use the dinner to tell you about all of the answers they have and you need from them (see first point), that’s icing on the red-flag cake.
  • Mixed intelligence about testimony.  Has your expert qualified as an expert 40 times or 400 times?  And if it’s the latter, over what period of time and is that even possible?  AI is good for trying to find out various things about a potential expert. Use it, it’s generally free.
  • Over-inflates credentials.  This should be a no-brainer, but I often see attorney-clients fall into this trap.  How can someone who has never performed job “X” tell you all about how job “X” is performed?  This is a basic qualification that is easy to identify.
  • Phishes you vs. you calling them.  A good, capable, accomplished, reliable and reputable expert doesn’t need to surf legal databases for lawsuits and reach out to you.  If they are doing that, they probably have 1) way too much free time and they have that free time because 2) they have no real clients.  Either that and/or they have an agenda.
  • Uses non-specific citations and/or jargon to “wow” you into believing they are an expert.  This is the modern-day snake oil or used car salesman.  Sounding fancy doesn’t make you smart.  It’s a psychological crutch supporting a façade rooted in insecurity.


Just in case you’re wondering from where this list was developed, it was through years of experience with other reported “Experts”.


Wrapping It Up


Due diligence is everyone’s responsibility.  This article focuses mainly on the responsibility of the attorney to vet and confirm the overall qualifications of the expert they’d like to use, but there’s a fair amount of responsibility on the expert to report the information contained in their background accurately and without embellishment, and certainly without lying.  Everything we do is based on professional integrity.  An expert’s reputation is built on it and it can be built on sand or built on stone.  It's up to the due diligence of those looking to hire an expert to do their best to figure out which is the case when dealing with a specific prospect.


About the Author:

Patrick Siewert served 15 years in full-time law enforcement and investigated hundreds of high-tech crimes to precedent-setting results, Patrick is a graduate of SCERS & BCERT and is a court-certified expert witness in digital forensics, mobile forensics and historical cell site location analysis. He has published dozens of articles and is cited in numerous academic papers. He was the Founder & Principal Consultant of Pro Digital Forensic Consulting, based in Richmond, Virginia (USA) and currently serves as Director of Digital Forensics and E-Discovery for a Nationwide (US) provider of DF/IR and e-disco litigation support services, while keeping in touch with the public safety community as a Law Enforcement Instructor in multiple disciplines.

Email:  Patrick@ProDigital4n6.com

Patrick Siewert on LinkedIn:  https://www.linkedin.com/in/patrick-siewert-92513445/  

Patrick Siewert on X/Twitter : @RVA4n6

Patrick Siewert on Substack :  rva4n6.substack.com 

Pro Digital (old) blog site :  https://prodigital4n6.blogspot.com/ 

Labels

Labels:
Location: Virginia, USA

Popular posts from this blog

  January 1, 2025 What Is “The Philosophy of DF/IR” ? “If it is not right, do not do it, if it is not true, do not say it.” -Marcus Aurelius Welcome to the newest Digital Forensics/Incident Response blog (for now)!   I created this space for several reasons.   First, I have a passion for writing about our industry and the nuances that reside within it and come about because of our practice of forensic data analysis.   The intersection of data, evidence and the law is a fascinating thread on which to pull and the more we pull on it, the more we unravel the tapestry of our practice and work to hone and refine how we conduct our work.   Second, I have been inspired lately by the likes of Brett Shavers (DFIR Training) and others to continue writing.   For those of you who are not already familiar, I wrote a DF blog for my company, Pro Digital Forensic Consulting, before the company and I were acquired by a Nationwide Digital Forensic services provider.   ...
Read more

Effective Advanced Communication in DF/IR

  January 12, 2025 Effective Advanced Communication in DF/IR “Nothing important comes into being overnight; even grapes or figs need time to ripen.” -Epictetus As my bio and LinkedIn page relay, I teach a lot.   One of those teaching roles is as an Adjunct Professor in the Department of Forensic Science teaching an Intro to Digital Forensics course at Virginia Commonwealth University , which also happens to be my Alma Mater.   I teach one semester per year, which, when combined with a list of other responsibilities, is quite enough. For those of you who teach, you know that most semesters start off with excitement and energy and by the time the 15 or 16-week course starts to wind down, it can be a bit of a grind.   Even teaching once a week for 3 hours is grueling at times, especially with regard to assignments, grading, testing, etc… Oh, and FT work too!   Teaching at VCU is also one of the most rewarding roles I fill.   Not only does it help keep me up-to...
Read more