Confidence is something you have to develop, not just in yourself but also in the tools you use. When electricity was new there was a lack of confidence in it (let alone whether we should use AC or DC!), but decades later we rarely think about it. Similarly, most of us will get on a bus or in a car and do not panic that the vehicle will explode.
So, how and why is confidence important in IT?
Confidence for forensics
Confidence is especially important when it comes to Digital Forensics. As a forensic practitioner, your job is to find the truth and a timeline of events. You may be asked to give evidence to your boss, or even in court, so you need to be confident that what you say is truly accurate.
A common request I have received is for a simple web browsing report – these have been known to end people’s careers so it’s clearly important the information reported is accurate. Before we can report on what has been requested, we need to ensure we understand the logs we are examining. Reports are often technical, so we need to be able to answer questions from non-technical colleagues accurately. Testing is a good way to validate that the log is telling the truth – is our test browsing correctly shown? Is there data included from other users? Once we are happy the log is accurate the process of reporting on someone else’s activity can begin, with confidence.
In more complex scenarios, a forensic practitioner will need to report on the contents of a disk – immediately we need to be careful that we do not inadvertently corrupt the evidence. After taking an image of the media (and a copy of the image) we can set about using tools to examine the data. Again, it is crucial to be accurate so validation of the tool is important. Ideally, we should re-validate our tools after each new version, always testing against a known image.
Failure to be able to demonstrate confidence in both practice and tools could result in an inappropriate jail term for the defendant (or being held in contempt of court yourself).
Confidence for diagnostics
Another time to have confidence is in our diagnostic tools. A recent example from my own work is around Memtest86+, which tests RAM for errors. After testing my third RAM module, in two different computers, came up with errors it was beginning to look likely there was an issue with the tool. Sure enough, switching to an earlier version showed there were no errors. Essentially I had put the tool through re-validation (albeit unintentionally).
At the end of the day, you need to be confident that the work you are presenting is of a high standard, accurate, and shows you in a good light. That’s a challenge, and one I hope you will be pleased to meet!
We would like to thank Jonathan Haddock for this guest post.