Getting the right question

Posted on April 22, 2015. Filed under: business, forensic | Tags: , , , |

One of the biggest challenges for anyone who offers a consulting service is getting the client to ask the right question. All too often, the client already has an idea of what they think the answer is and produces a question around that answer.

An example:

On a forum that I frequent, one of the members asked about where to get a PDF editing program. Lots of people threw suggestions at him, some free, some very expensive, some somewhere in the middle and all were dismissed as too complicated for what the asker needed. So I asked a simple question – “What are you actually trying to achieve ?”.

It turned out that his company had a temporary problem – the document feeder on their scanner wasn’t working properly and they were getting blank pages in between the scanned pages¬†because they had to feed them in manually. He didn’t really need a PDF editor, all he needed was a way to get rid of the blank pages. I suggested that what he should do was load up the files produced by the scanner and then re-print them to PDF, setting the output options to skip every second page. Job done. Free, easy and using a system he already understood and had readily available.

The same thing happens in forensic science, especially in the digital forensic world. People make assumptions about the evidence they need or think they can get, instead of describing the problem they are trying to solve – defining the investigative requirement. The crucial skill for the forensic scientist is not in the realm of technical solutions, but in old-fashioned requirements elicitation.

That’s why I have a rule that I won’t start work until I’ve had a proper discussion with the client and got the answers to¬†“What are you trying to achieve?” or “What problem are you really trying to solve?”.

Read Full Post | Make a Comment ( None so far )


Posted on March 10, 2011. Filed under: forensic, life | Tags: , , , , , , , , , , , |

Just recently I’ve been having discussions about possibly becoming a contractor for a little while and it’s thrown up a question that’s haunted me ever since I started examining other people’s computers.

I’m a fan of open-source software and I really do believe that one of the benefits I offer as a consultant is the fact that I don’t use the same examination kit as everyone else. It means that when I check their results or they check mine we are using significantly different tools, and mine are open for anyone to scrutinise at the source-code level. So, if we find a discrepancy we can dig deep into at least one the tools, if necessary, to find the reason why. It’s proper dual-tooling, or as close as we can get for now.

Now, in the past I’ve had to explain this (because there are two or three tools that everyone expects to see and eyebrows are raised when I don’t mention them ) but it has never stopped me getting an expert witness job. The critical word there is “expert” – in that role I am supposed to exercise my judgment to select the best tools and methods for the job.

However, a contractor is different creature – if I do get offered this job, I have to fit into someone else’s working environment and do things their way with their tools. I can do it. In my academic life I had to learn new skills, tools etc. very quickly and be able to teach them to other people. It’s a knack that a good lecturer picks up soon, or they don’t survive in labs. for long. The question is, will the client believe I can do it or will they wait until they find someone with the right piece of paper instead ?

My argument, for what it’s worth, is that I can learn the tool quickly and, because I have a background in computer science and am used to creating little ad-hoc tools whenever I need them, I can check the tool’s results in a way that someone who just know the program might not be able to.

We shall see.

Meanwhile, in the world of standards and regulation things have gone quiet in the Regulator’s office. His contract has been extended for another 3 years, but I rather think he’s suffering from budget cuts elsewhere. No matter, plans are well underway for the next ISO meeting in Singapore where we will be trying to get some new work approved to go beyond the current ISO/IEC 27037 and ensure we have guidance for a complete process from planning through acquisition to analysis, with proper validation all the way through.

Read Full Post | Make a Comment ( 4 so far )


    This is the weblog of Angus M. Marshall, forensic scientist, author of Digital Forensics : digital evidence in criminal investigations and MD at n-gate ltd.


    Subscribe Via RSS

    • Subscribe with Bloglines
    • Add your feed to Newsburst from CNET
    • Subscribe in Google Reader
    • Add to My Yahoo!
    • Subscribe in NewsGator Online
    • The latest comments to all posts in RSS


Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: