'Digital forensics is not a job, it is who I am'

Jason Jordaan, principal forensic scientist and MD of DFIRLABS.

---

"Digital forensics is about being passionate about finding answers and solving mysteries. It's about finding the digital trail and evidence and reconstructing the past to establish the facts.

"It is so stimulating. Every case is unique, and I am constantly learning all the time so there is no time for intellectual idleness. I love that."

These are the words of Jason Jordaan, principal forensic scientist and MD of DFIRLABS, who will be chairing panels and running a management track at the ITWeb Security Summit 2017, to be held from 15 to 19 May, at Vodaworld in Midrand.

Jordaan says he got into the IT sector via a very roundabout and hybrid route, but he wouldn't have it any other way because it has made him the professional he is today.

He says becoming involved in digital forensics was a natural extension of his investigations that he conducted as a police detective, and then as a member of the Special Investigating Unit. Coupled with his love for computers and all things IT, getting into IT security wasn't a conscious decision, but rather something that evolved over time.

Being unable to afford university, he enrolled in a technical college studying electronics engineering, but found it was not for him. He opted to do his military service in the police, because he could get a study bursary and could then use that to study computer science at Unisa.

Ironically, when he joined the police they started limiting bursaries to what they did not consider to be core subjects and computer science was not a core subject, so studying through Unisa on a police bursary was not an option. "However, when I was in police college I discovered I had a real knack for criminal investigation and the law, and was recruited into the Commercial Branch, which was a specialised detective unit dealing with commercial crime investigations.

He says he loved conducting commercial crime investigations, but never lost his love for science and computing, and being the only "nerd" at the unit he was stationed at, ended up dealing with any case that involved a computer even on the most tenuous level. "In the early 90s digital forensics was still in its infancy and detectives around the world were developing the discipline, and with my love for IT and investigation, I got in on the ground level so to speak."

In 1998 Jordaan transferred to the Special Investigating Unit, first under Judge Willem Heath, and then under Advocate Willie Hofmeyr, where he got further involved in the digital forensics field and ended up developing and establishing a formal digital forensics laboratory at the unit. "When I left government service in 2014 to set up a private digital forensics practice, I was the National Head of Cyberforensics at the Special Investigating Unit."

He emphasises that this description of his journey into digital forensics does not reflect the amount of hard work that was needed to get there and the obstacles he had to overcome. "While I loved the police, it was a very different place to work in in the early 90s and as an English-speaking South African, and I faced not only prejudices from that, but the fact that I was a 'nerd' in an institution which was all about strength and toughness."

He said this made life difficult. "I was constantly at loggerheads with the old guard who were very reluctant to do things differently. Not being in Pretoria was also a problem, because if you wanted to be noticed, that was where you needed to be. But I was not going to give up on my belief that digital evidence and digital forensics were going to solve crimes and help the cause of justice."

In seeking the truth I am both a scientist and a philosopher; the scientist needs to find out how, and the philosopher wants to know why.

While Jordaan was in the police, he completed his BTech degree in policing, and during his time in the Special Investigating Unit he completed a number of degrees, including a MTech in Forensic Investigation, a BSc in Criminal Justice Computer Science (summa cum laude), a BCom Hons degree in Information Systems, and a MSc degree in Computer Science (cum laude).

He believes himself lucky that the Special Investigating Unit was based in East London, where he lived. "It operated nationally, and when I joined, I was exposed to the national stage, and was able to interact on a bigger stage, and still champion the development of digital forensics and the use of digital evidence in South Africa. I began working with other agencies in the country and up into Africa."

In 2014 Jordaan left government when he realised that if he wanted to continue to help in the development of digital forensics as a discipline, he would need more flexibility and freedom to travel around the globe. He set up his own private digital forensics practice, and has never looked back. "After leaving government service I have become involved in broader cyber security issues beyond digital forensics, which is great, not just in South Africa, but in Europe, the United States, and the Middle East."

He is currently busy completing a PhD degree in Computer Science where he is developing an international professionalisation framework for the practice of digital forensics.

"Over and above the purely intellectual stimulation and drive, the work that I do provides me with a deep sense of meaning and making a difference. It is about seeing innocent people being helped, and seeing justice done. I know that the work that I do is crucial in helping to protect people and organisations, as well as making sure that the bad guys get what they deserve. My work has been responsible for putting many bad guys behind bars, and I am comfortable with the fact that the evidence that I have found and interpreted, has resulted in the right person being held accountable for their actions."

At the same time, he has also helped ensure that people who are innocent have not been wrongfully held accountable. "Many people think that forensics is about proving guilt, and that perception is so incorrect. What I do is forensic science and it is all about the facts, I simply have to find and interpret the fact correctly so that the person making the decision has all the evidence to make the right one. In many respects digital forensics is not a job. It is not something that I do, it is who I am."

On the flip side, he says one of the biggest frustrations he has with the field is digital forensic practitioners who really don't know what they are doing. "This has led to people being arrested and prosecuted, disciplined and fired, because the practitioners do not have the necessary skill and knowledge to actually make the correct interpretations."

He says because the field is not properly regulated, anyone can simply claim to be doing digital forensics. The majority of training available is from vendors of the various digital forensics software tools, and the training covers using these tools, but is hopelessly inadequate as it does not teach the skills that are necessary to be an effective digital forensics practitioner. People simply buy a tool, do a short training course, and start working in a field where their findings can impact on the life of another human being, explains Jordaan.

According to him, when digital forensics started out, it was simply a bunch of investigators that loved computers trying to find out how to get evidence from them to catch bad guys. "However, over the years it has developed into a formalised forensic science, with standards and minimum requirements (unfortunately most people that make use of our services are not aware of these yet). This has even led to the developed of ISO standards for digital forensics which is a significant event in this discipline."

The changing face of technology has also impacted on digital forensics in many ways, and there are developments that are going to have a significant impact on the field of digital forensics, adds Jordaan. "These include Internet of things-type technologies, drones and other automation, and autonomous motor vehicles. All of these digital systems are going to become valuable sources of digital evidence in all sorts of human acts, as technology become more and more integrated with human systems. This will be a challenge for us in learning how these work and what evidence we can rely on."