Geoff Black's Forensic Gremlins

The Association of Certified E-Discovery Specialists (ACEDS) is a groundbreaking organization that is seeking to build the eDiscovery community through training and certification. ACEDS offers education in the form of live training seminars, access to recorded training online, and an annual conference. ACEDS is concerned about making sure certified individuals are proficient in not only one area of the EDRM, but in all. The certification covers a wide range of topics which are all important in the eDiscovery process – legal hold, collection, processing, project management and review planning, and everything surrounding them. ACEDS has partnered with organizations such as ARMA, ALSP, and ILTA. These organizations see the value in a vendor neutral certification for eDiscovery, and so do I. A lot has been written in every industry about pros and cons for certification, and eDiscovery is no exception.

Most technical and semi-technical fields have two basic types of certifications: vendor application specific and vendor neutral. I’ve seen several vendor exams for eDiscovery certifications. While those can be important for users of a specific application, they’re not always portable between organizations as there are so many different products prevalent in the market. Many of them are very specific to the functionality of the tools, and less focused on overall eDiscovery knowledge. Passing means you know how to run the application, but not that you necessarily understand the reasoning behind the actions you perform. I currently hold a vendor certification for forensics which attempts to remain balanced between general industry knowledge and tool-specific information, but the focus is definitely on the tool.

Vendor neutral certifications for eDiscovery, such as CEDS from ACEDS, don’t worry about how any specific tool tries to tackle eDiscovery. They aim to verify knowledge across multiple areas in a given discipline, without relying on how one tool functions. If you’re interested in learning more about the certification, check out the ACEDS website: What The Exam Is About. For other sources: Gabe Acevedo with Above The Law has a great analysis written just after last year’s ACEDS Conference. Dennis Kiker with LeClairRyan also wrote a well-reasoned article describing eDiscovery certification as the logical next step, and rebutting some recent criticism.

I can say from my own experience hiring forensic and eDiscovery professionals that certification is not a panacea or guarantee when choosing a candidate. What it does demonstrate, though, is that someone is interested in investing time in themselves and their chosen career field. In the case of CEDS, it shows that they care about advancing in the field of eDiscovery.

ACEDS is prepping for their annual conference at the beautiful Westin Diplomat in Hollywood, FL, April 2 – 4. The line-up is absolutely stellar. Topics include: addressing catastrophic eDiscovery events; timely items such as social media; often overlooked project management; eDiscovery malpractice risks; and of course, exam prep courses.

If you’re planning on attending the conference, enter discount code “BLACK” when you register to receive $150 off the already very reasonable conference fee. Don’t wait too long, though – the discount code expires soon!

Full disclosure: I serve on the ACEDS Advisory Board, lending my perspective on technology in eDiscovery and the intersection of eDiscovery and Forensics.

I’ll be at the DOD CyberCrime Conference in Atlanta this week presenting with Jon Stewart on large scale forensics with open source software. Check out the blog post over at Lightbox. If you can’t make it, we’ll be posting a follow up with the presentation and more information. If you want to meet up while we’re there please email us. See you there!

Just a quick note to say that the NYC4SEC group is holding a Meetup on Wednesday November 16, 2011 with Eric Huber of A Fistful of Dongles fame. Eric will be discussing Advanced Persistent Threat as it relates to digital forensics and incident response professionals. I’m looking forward to seeing old friends and meeting new people in the field. I can’t say enough times how much NYC4SEC has given to the New York DFIR community. Great thanks to Doug Brush and Jamie Levy for helping organize our group month after month. Please RSVP – we hope to see you there!

Corey Harrell has just proved the old adage that sometimes simple solutions are the best (and I mean that in a very good way). On his blog, Journey into IR, you’ll find a link to a custom Google Search for the Digital Forensics Search. Google’s Custom Search functionality allows you to create a link to a Google page that only searches specific sites, much like using the “site:” keyword in a search, except specifying numerous sites, generally on a similar topic. What a fantastic idea! This should be a great place to find valuable information that is specific to digital forensics as opposed to weeding through the sometimes useless hits on a broader Google search. I have also posted a Google widget on my sidebar that goes directly to the search page as a constant reminder (I tend to forget things like this after about five minutes). Thanks Corey!

A few weeks ago I had a unique opportunity to attend the Corporate E-Discovery Forum’s (CEDF) New York Forum. The CEDF is a non-profit organization that hosts and guides gatherings for its members, consisting of over 200 corporations and 400 individual participants, to encourage collaboration on E-Discovery issues. The forums give members the opportunity to discuss document retention policies and enterprise content management practices, litigation holds, preservation, collection, processing of electronically-stored information, cost and risk management, best practices to avoid spoliation and sanctions, and understanding plaintiffs’ strategies. Although vendors participate in the forums, they contribute equally with other members based on their experience (no sales pitches allowed).

Although there was a large turnout, I was pleasantly surprised at the level of interaction achieved in the sessions. Board members Nicholas Bunin, Jeri Head, and Patrick Gibson did a great job introducing sessions and spurring conversation. The board places great emphasis on active communication as opposed to having a single presenter talking at the crowd.

This recent forum was all about social media – Facebook, LinkedIn, Twitter – in corporate environments. Social media has obviously been around for quite some time, but in the corporate environment, policy makers are just getting comfortable with its use for business purposes. As a user, my first instinct is to question why this causes a problem; as a corporate investigator, I can tell you that social media can cause significant problems in the workplace and creates a whole new medium in which violations can occur. There are myriad new legal guidelines emerging around how corporations should regulate these tools in light of the current legal landscape. Regulatory agencies have also recently had their say on the diligent monitoring that must occur in the financial industry in relation to social media.

The forum had four main sessions during the day: Social Media and Reducing Risk, Practical Guide for Corporations to the Identification, Collection and Production of Social Media, Social Media Policy, and Social Media Dialog with Judges. While the guidelines of the organization prohibit sharing of content outside of the forum, I’ll just say that the day was well spent and I learned quite a bit. The next forum theme will be Cloud Technology, and will take place at the San Francisco Forum in June. The Corporate E-Discovery Forum would love to have new members participate and contribute to the discussions, and welcomes technical practitioners as well. If you’re a member of a corporate E-Discovery team, whether legal or tech, I’d highly encourage you join and participate!