Saturday, June 7, 2014

An Unexpected Journey

So...I'm not Bilbo Baggins...obviously (shut up with the short jokes), but I have recently embarked on a very welcome, albeit unexpected journey.  Let me explain...

Sometimes, leaving is more about moving towards something new rather than moving away from where you currently are.  Such is the case with my departure from SpiderLabs.  I have truly enjoyed the almost six years I spent there as an Investigator and Director, but when this new opportunity found me, like Bilbo and his beloved ring, I could not resist.

In my first conversation with my new boss, Jim Kent, I have to admit, I was not all that excited about going to work at a software company.  Having worked in the field for so many years, like most investigators, I have come to loathe commercial forensic tools. I have seen them as a necessary evil, something we had to have for RFPs or for courtroom testimony, but not something we actually worked cases with.  Along with the likes of Corey Altheide,  Harlan Carvey, Rob Lee, and Hal Pomerantz, I have beat the drum of using Open Source forensics tool, because...and let's all say this together, "This is NO SUCH THING as COURT APPROVED"!  It's all about the way you interpret the 1s and 0s of an investigation and not the tool that you use!  YOU are the investigator, YOU are the one that testifies, not the tool.  Anyways, I was not expecting this conversation to go anywhere, but I listened to what Jim had to say.  It's a good thing too...because what he said make the conversation take a 180, and head off in a totally unexpected direction.

Jim: So, I have been reading up on this Sniper Forensics methodology of yours, and I have to say, it's spot on.

Me: Thank you.  

Jim: What would you say if I told you that our tool, Nuix Investigator is Sniper Forensics come to life?

Me: (stunned) Say that again...

Jim: Our tool suite at Nuix is very much the embodiment of your Sniper Forensics methodology.  We'd love for you to come be a part of our team and help us take our tool to the next level.

From that point in the conversation, my journey began, and as I stated initially, it was less about leaving SpiderLabs, and more so about joining Nuix.  I could not be more excited to be part of this team, and I am blown away by what the Nuix engine can do, that it really, no kidding incorporates Sniper Forensics, and that I get to be a part of making it everything I have always wished a forensic tool would be!  In my opinion, this is the intelligence multiplier we have all been waiting for.  The hunt is about to change.

The next six months are going to be a whirlwind.  I have so many ideas about what to do, and how to do it that my fingers and keyboard are having a hard time keeping up with my brain.  But, I don't want to be so naive as to think that my ideas are the best and or only ones.  So, I want to turn to YOU...the DFIR community for assistance.  In the coming weeks, I am going to be taking in feedback from many of you that will email me at - AND, I am also going to be making trips to see some of you - Chicago, San Francisco, Sarasota, DC, New York (HOPE), and Vegas (Blackhat / DEFCON) - to get YOUR feedback (if you are in or around those areas, drinks are on me)!  Tell me what you have always wanted to see in a commercial forensic tool suite?  What have you wanted it to feel like?  What features and functionality have you always wished for?  And please...DON'T HOLD BACK...the sky is the limit.  You shoot for the job is to figure out how to make it happen.

We are going to turn the DFIR world upside down, and bring to market the most effective, most efficient, fastest, best, Sniper Forensic-y tool on the planet!  I am looking forward to hearing from, or seeing you!

In the immortal words of Ton-Loc..."Let's do it"!

*** In the past I have said, "Happy Hunting", but...since the new gig puts me in a bit of a different position...let's go with this...

"Changing the hunt!" ***


  1. Don't suppose you are going to be in Austin TX for the SANS 2014 DFIR summit this upcoming week? I will take you up on your feedback invite! :)

  2. Congratulations on this new opportunity, Chris!