Christopher tells us about his company, his role at the local HTCIA chapter and the motivation to write a book.
Christopher L. T. Brown, CISSP, DFCP is the Founder and CTO of Technology Pathways. Mr. Brown is the chief architect of the Technology Pathways ProDiscover family of security products. Prior to his position with Technology Pathways Mr. Brown has served in key technology positions at several companies and focused on information warfare and network operations for the U.S. Navy. Mr. Brown’s most recent book “Computer Evidence: Collection and Preservation 2nd Edition is published by Charles River Media. He has over 25 years experience in hardware, software, and network engineering. Mr. Brown has taught computer security and network engineering for UCSD as well as private organizations such as Addison Wesley and CSI.
Yuri: Christopher, please briefly describe your current occupation.
Christopher: I am the founder and Chief Technology Officer of Technology Pathways, LLC the makers of the ProDiscover family of digital investigation tools. As CTO, I am focused on every facet of our tools development from architecture to customer deployment, training and support.
By early 2001 it became clear that digital forensics tools had not yet progressed…
Yuri: How did you become involved in computer forensic field?
Christopher: In the early 1990′s after publishing one of the first technical Internet Web Server books, Web Site Construction Kit for Windows NT, I became focused on consulting to companies who wanted to safely leverage the Internet. As a natural progression my consulting became more investigative and security focused. By early 2001 it became clear that digital forensics tools had not yet progressed as far as I felt they should which drove me to founding Technology Pathways. In the early days Technology Pathways provided Digital Forensics Services as well as product development for the ProDiscover family of computer forensics software tools. Today we focus entirely on Digital Forensics tool development.
Yuri: Do you have any related education? What field do you have a degree in?
Christopher: My educational background is from the U.S. Navy and University of California in San Diego. My studies focused on Hardware, Software, and Network Engineering.
The idea of a standard work day disappeared many years ago
Yuri: Please describe your working day. When you get to, what do you do first? What do you do most of the time? Are there days when you work 14 hours or longer? If so, why?
Christopher: The idea of a standard work day disappeared many years ago. Being a customer driven company, my workday is also customer driven and at times encompasses many time zones. While some days I do work long days, it’s never been my goal to simply work long hours. The only standard thing in my schedule is that I do tend to get up early. Usually at 5:30 AM. I’ll have some coffee, check email, and read the news. After that I try to take some time to walk, run, ride my bike, or some type of personal time. After that, it’s time to take on bigger projects of the day. Being the founder of a relatively small business my day can included work in sales, marketing, admin as well as all aspects of product engineering.
Yuri: What do you like about your job most?
Christopher: Building tools to solve problems. Essentially I love everything about the creative process.
Yuri: In your past you completed several large-scale project, influencing tens of thousands of user (I mean your US Navy project). What did this gave you in terms of further computer forensics job?
Christopher: A good understanding of large scale information systems is essential in todays connected world. Even in the smallest case involving a single computer the investigator must understand how that computer interacted with the digital world around it. It was my early work with large scale IP based networks (prior to the public Internet), that allowed me to understand data flow and translate that to Locards’ principle of data exchange in traditional forensics.
Yuri: Some time ago you’ve completely changed your occupation from general computer specialist to forensic instructor. How come? What motivated you?
Christopher: My transition has been driven by demand and complexity. As systems become more complex the natural order is to become more specialized in ones focus. For me that transition started off with interest in large scale information systems infrastructure, to general security of those information systems, to incident response, and finally to a more specific digital forensics. The thing about technology in general is that there is always something new to learn, some new technology to understand. Nowhere is this more pronounced than in digital forensics.
I love everything about the creative process
Yuri: How did you become HTCIA chapter president, what were your duties? Why did you quit?
Christopher: All HTCIA chapter presidents are elected by their chapter’s membership. The way the HTCIA bylaws are written, the person elected to 1st Vice President will automatically become the President the following year so anyone elected to 1st VP automatically has a 2 year commitment. In my case after the year I served as President, I served as the chairperson of the HTCIA International training conference held in San Diego effectively giving me three years of service. I’ve always enjoyed the educational and networking aspects of professional organizations and found the HTCIA to have a great quality membership. After three years of service to the organization, I felt that it was best to take a little time and allow members with new perspectives to take over for a while. I’ll likely take an active role again in the future.
My book “Computer Evidence: Collection and Preservation” is in its second edition and is very well received
Yuri: You have written a few books. Which one was the best accepted? What is it about? What is your motivation for writing books? Are you working on any book now?
Christopher: I’ve never considered myself as an author per se, but I do enjoy teaching and sharing knowledge. This is what has led me to writing books. The sense of accomplishment provided by writing a book is also very rewarding. I’ll never forget seeing the first book I wrote on the shelves at a local bookstore. I’m not sure authors will have that experience for much longer. My current book “Computer Evidence: Collection and Preservation” is in its second edition and seems to be very well received. I’m not currently working on a book project, but you never know when an interesting topic will reveal itself.
I was looking for a new challenge
Yuri: How did you found Technology Pathways? What was your motivation?
Christopher: I was looking for a new challenge and wanted to build a product. I had focused so much on data security over the past decade and computer forensics seemed to still be in need of tools.
Yuri: Who was your first client there?
Christopher: I prefer to respect the confidentially of our customers.
Yuri: What tools and services does your company offer? What is special about your company/solutions?
Christopher: We make the ProDiscover family to digital forensics tools. There are currently three versions of ProDiscover; Basic Edition (freeware), Forensics Edition, and IR Edition (network enabled enterprise forensics). Our company is a customer driven business that focuses on creating a product that is standards based, easy to use, and cost effective. Being a smaller company we pride our self on being able to act quickly to innovate. We always provide something that the other products in our market do not. Our first release was the first tier-one forensics tool to offer the ability to image the HPA (Host Protected Area) of hard drives. Today we offer the most comprehensive tools for Microsoft Volume Shadow Copy analysis. We also offer training and certification for ProDiscover.
…your company is helping to protect children…
Yuri: What is the most rewarding thing a customer has ever said about your solution?
Christopher: I recently received this comment from a ProDiscover user in law enforcement “I hope you guys do get some personal satisfaction out of knowing that your company is helping to protect children. My latest bad guy was in possession of approximately 7000 images and videos of child sexual abuse. He opted to admit his guilt and take a sentence of 60 years, 15 of which he will do in prison. How many children do you think your company helped to save by providing the software that helped to take him off of the streets? One can only guess.”
Yuri: What is about your company or tool which you are proud of?
Christopher: We like being an innovative, customer driven company. It’s this concept that has allowed us to stay in business for over 10 years. All of our customer’s cases are important. Finding the data better needed to investigate a case is paramount to the investigators whether they are a small law enforcement agency or a large corporation.
We are very proud to receive 5 star rating for the last 5 years running
Yuri: What is “5 star review from SC Magazine”? Why they award your company with it?
Christopher: SC Magazine has a computer forensics focused issue every year with published product reviews, lab tests and other articles focused on Incident Response and Computer Forensics. They beat us up the first year we were reviewed (over 10 years ago) and we are very proud that we have been able to receive an overall 5 star rating (their highest), for the last five years running.
Yuri: What are your immediate plans with regards to your company? Your solutions?
Christopher: We just finished adding Apple Mac OS support and will be adding tablet OS and Windows 8 support this year. We continue to be open to customer feedback and any innovations will be based on customer needs.
Yuri: What is the most interesting or unusual investigation you or your company has ever been involved in?
Christopher: One in which employees were sabotaging product launches from inside the company. This was originally thought to be a leak of information and turned out to be a coordinated attack from inside for personal reasons.
We are 100% focused on innovation and product performance
Yuri: What do you think every investigator should know about your solutions?
Christopher: That we are 100% focused on innovation and product performance.
The basic principles of digital investigation still apply to the cloud computing
Yuri: Cloud computing is becoming very popular now. Do you feel that forensic market for vendors, like you, is decreasing due to that?
Christopher: Cloud computing is nothing new, just more pervasive and understood today. 15 Years ago the first wave of Internet data storage companies and application service providers were launching. Before that there was FTP, Gopher, etc. File server based storage existed even before that. Essentially the data is always somewhere, rarely a single location and there will always be the need for new ways in identifying where data is stored and how it is used. While devices may change, and information may spread out, the basic principles of digital investigation still apply.
Yuri: The same question about social networks, which displace usual evidence such as mailboxes, chats, etc.: does this decrease your niche and make investigations more difficult?
Christopher: There is no doubt that as information spreads out that cases will become more complex. While this effect does drive tool features, it’s more of an issue of case management and training for the investigator, which is why we offer training on ProDiscover and will continue to expand curriculum.
Yuri: What do you like most about computer forensics? Less?
Christopher: That it’s always changing and that it’s always changing.
Yuri: What forensic resources do you regularly read? What would you recommend to others?
Christopher: I like DFI News and my old friend Google.
Yuri: Can you tell any funny story related to computer forensics?
Christopher: As much “head scratching” as it was funny. While interviewing a data recovery service provider technician about an imaging job they had performed for the opposing counsel of a case I was working on, the technician read me word for word from the logs in their system how they were asked to “image everything on the disk with the exception of specific incriminating information”.
I would like to see more progress in the packet level network forensics
Yuri: Please give some predictions of what may happen in the nearest 5 years with computer forensics.
Christopher: Most people have been focused on Mobile Forensics and have a tendency to think about this as the cell phone forensics as it exists today. I think it’s more important to focus on how devices will morph. I prefer to think of mobile computing platforms and how they will change and interact with the digital world around them. From a digital forensics stance, you not only need to be able to look at the device, but what it’s connected too. Along those lines there was a movement for IPDR (Internet Protocol Detail Record), much like CDR (Call Detail Record) in phone systems of old. The movement was billing focused, but as with CDR this could have great investigative potential. I would like to see more progress in the packet level network forensics as well as standards that would better enable legitimate device level investigations. Of course there are social and privacy relates issues to consider here as well.
Yuri: How old are you?
Yuri: How many kids do you have?
Christopher: My Wife and I have two French Bulldogs.
Yuri: How do you spend your free time?
Christopher: I like Triathlon, Surfing, and Photography.
Yuri: How many hours of sleep do you usually have?
Christopher: Usually 6 to 7 hours.
I’ve been all over the world
Yuri: What is your favorite vacation spot? What is the most unusual place you have ever been to?
Christopher: Anywhere with a beach or water nearby. It’s hard to say where the most unusual place was. I’ve been all over the world. Maybe a train ride I took into Malaysia from Singapore.
Yuri: Do you do any sports? Which one? What is your preference in watching professional sports?
Christopher: I do Triathlon, Surfing and Kayaking. I watch the Tour de France every year.
Yuri: When did you have your last vacation? A real vacation, without any Internet and calls from your colleagues or customers?
Christopher: I’m not sure. I usually try to simply add a day here or there to business trips. I took a couple of extra days in January after the DoD Cybercrime conference in Atlanta to see some old friends. That was fun.
…enjoying every day as it comes
Yuri: Do you have a dream?
Christopher: To try and be in the moment enjoying every day as it comes. This is much harder than it seems, but a daily goal of mine.