Sunday, February 17, 2008


I guess I've been blogging now for an entire year. I certainly have had some periods of absence but that's to be expected when you get busy or have an infant I suppose. If you read this with any frequency I hope the past year has inspired you to think a little more about the field and what you do as a practitioner, or maybe it's inspired you to block the blog so my ramblings don't hurt your eyes. Either way this has been an interesting experiment for me. I've been exposed to some interesting members of the field and had some really good conversations and debates - all things I would have missed out on had I not decided to give this a try. I originally started doing this as my way to contribute to the community of forensics and incident response, but during this time I've asked myself more than once "why do I bother?" and then I visit a forum or read a recent question on a mailing list and I have my answer. We are a young and growing field. Every day there are more people with more questions and each day some of those people are too nervous or cautious (for various reasons) to ask their question or present their ideas. In this dysfunctional field I honestly can't blame them either. New challenges arise every day and every day there is a new trick to learn, a new wrinkle to be gained. I bother to contribute in my own way because there are many who don't bother for whatever reason they may claim. If we wish to be considered a science then we must ask the questions that no one else will or those that we feel uncomfortable asking. This is how growth occurs, not in numbers of investigators and certified individuals but in challenging what we think we know and what others think as well. So, ask your questions and contribute in your own way, or ask me your questions and I'll ask them for you. I've also asked myself why am I still blogging? I have yet to discover why people read blogs, this one in particular. Is it for entertainment? Ideas, information, or keeping current? I have found that since I started the clustrmaps visitor tracking map(thanks Mark!) there are people that read this blog, some people even subscribe to it(Thanks!) yet I have received few comments. I sometimes get the sensation that the field is a one way street where few contribute and lots of people sit on the sidelines.

I found it to be incredibly interesting this past year when I was approached by a gentlemen who asked if the University he represented could syndicate some of my posts. Wow I thought, now that's cool. This honestly got me back in to deeper study of criminal justice and criminalistics. I managed to get my hands on some great books through my local libraries. I said at one point in the past year that I will forever be a student and that still holds true.

By far the best book I read all year was Hans Gross' Criminal Psychology. It was a tough read but his book was probably the "smartest" book I've read in a long time because it made me think and made me question a lot of things. If you are in the field, READ THIS BOOK. It's available as an E-book but you can buy it for about $25 or so.

There is one other book I hold high above the rest. It's relatively new but wow it's got so much in it. In a training I held recently I was asked which books I would recommend and I said "That's easy. Windows Forensic Analysis, in fact it's right here in my bag if you want to look at it." I held up the book and said "this is the best book on the market on the subject right now". I listed a few other books as well but they live on my bookshelf either at home or at work and I occasionally bring them back and forth. In my review of WFA I said it was going to sit on my quick grab shelf. That just hasn't been the case. It goes where I go.

Some principles from this past year:

What works today may not work tomorrow.

After an email discussion on incident preparation and defense in depth, I ran in to the person with whom I had been emailing and he said this: "As a Buddhist monk once told me..By the time you have to take a shit, it's too late to begin digging a hole".

A science can be better understood by studying other fields.

Cooperation is counter-operational.

I'm not sure what the future holds for me or this blog, all I know is there's a lot to be done and a lot that needs to be talked about.


Mark McKinnon said...

Amen Brother Hogfly.