Digital Forensics: Great Need, New Careers - Rob Lee, SANS Institute

Credit EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

Information security requirements and challenges change on a daily basis - and with them come growing opportunities for individuals with skills in digital forensics.

Rob Lee, a director with Mandiant and curriculum lead for digital forensic training at SANS Institute, discusses:

Lee has more than 13 years experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on Information Operations. Later, he was a member of the Air Force Office of Special Investigations where he conducted computer crime investigations, incident response, and computer forensics. Prior to joining MANDIANT, he directly worked with a variety of government agencies in the law enforcement, Dept. of Defense, and intelligence communities where he was the technical lead for a vulnerability discovery and exploit development team, lead for a cyber forensics branch, and led a computer forensic and security software development team. Rob also coauthored the bestselling book, Know Your Enemy, 2nd Edition. Rob earned his MBA from Georgetown University. Finally, Rob was awarded the "Digital Forensic Examiner of the Year" from the Forensic 4Cast 2009 Awards.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Healthcare Enews General Healthcare Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

TOM FIELD: Hi, this is Tom Field, Editorial Director with Information Security Media Group. We are talking today about digital forensics and we are talking with Rob Lee, who works both with MANDIANT and with SANS Institute.

Rob, thanks so much for joining me.

ROB LEE: Thank you for having me.

FIELD: Hey Rob, start out: I know you are wearing a number of hats; maybe you could tell us a little bit about yourself please, the work that you do and then your experience in digital forensics.

LEE: Certainly. I am former Air Force. I have worked both in information security, and I also work in investigations for the Air Force Office of Special Investigations for the early part of my career, and then like a lot of individuals who are faced with kind of a career challenge in terms of there is really no career path for someone with my background, I ended up becoming a government contractor for the better part of six years, working for the intelligence community as well as law enforcement community at the same time. During that time I also started working on the sides for the SANS Institute, providing digital forensics and instruction, which initially began with a single course. But I just recently graduated from Georgetown University, getting my MBA, and now I am working full time for MANDIANT, which we do data breach intrusion investigations in addition to a wide scope of digital forensics investigation offerings.

FIELD: Rob, what do you find to be the biggest digital forensics issues that organizations are challenged by today?

LEE: Well, one of the things I definitely found is that there are three fields within the digital forensics arena that have an interest or a direct buy-in to performing digital forensics, so it depends on what your priority is.

For example, you have the law enforcement intelligence communities. Their goal in doing digital forensics is to suppress the bad guys, or suppress evil. Then in the information security communities, the reason that we do digital forensics is usually to find out how did someone break in, how did an internal employee do something that they should not have been able to do, and how do we prevent it from happening again? And there could be some civil or criminal litigation ties, so it could flip over the wall back into the law enforcement community if someone ends up being prosecuted.

But then the third area that we find is that we also have a strong litigation support. We have a lot of cases that are currently going through the court system that are digital forensics-related, and you also have the term ediscovery, in which they are doing forensics to be able to recover documents and emails, but you also have a lot of individuals filing civil cases or criminal cases, depending upon who is doing the case, that involves media that has to digital artifacts on it that need to be displayed and be able to be presented in the courtroom.