Q&A: David Beck On Digital Forensic Investigations in the Middle East
David Beck, a Managing Director within FTI Technology in Dubai, has more than 20 years of experience in investigations, computer crime and digital forensics consulting. As organisations around the globe look to prepare for an increase in regulatory enforcement, cross-border litigation and other disputes, David is working to help clients establish internal governance and workflows to ease the burden of investigations In this Q&A, he discusses current trends, best practices and his views of what’s on the horizon.
David, before we get into the specifics of investigations trends and challenges in the Middle East, will you provide an overview of your background?
Throughout my career, I’ve always worked in some form of forensic investigation and analysis. I started in IP investigations and later began working in crime scenes and computer crime. Eventually, that led me to professional services, with a specialisation in digital forensics.
At its core, digital forensics is about the preservation, extraction and investigation of electronic data to a standard that ensures it is submissible in a court of law if needed. I’ve also worked in e-discovery data processing and document review and consulted with clients on how they handle their data in preparation for regulatory review, litigation or investigation.
Day to day, my work involves supporting clients with any challenge they have that requires the identification, extraction and analysis of data. I’ve worked on everything from small internal investigations, data breaches and anti-trust regulatory requests, to some of the largest global regulation and litigation cases. I’ve also worked in support of client challenges around data disposition during mergers and acquisitions, as well as asset recovery in liquidations.
That’s a pretty wide spectrum of experience. Focusing on the digital forensics side, can you speak to some of the current trends you think clients need to be aware of?
Given that technology is always evolving, investigatory approaches and techniques move and advance as well. The data boom over recent years has led to massive development of tools and techniques to support clients in sifting through masses of data and getting to key data more quickly, while reducing the costs and time needed to conduct review. Efficiency must continue to be a central focus in preserving and reviewing information.
Notably, the very nature of the data we face is also changing. Email is still relevant, but mobile apps and other emerging data sources are becoming more prevalent in business communications, and thus a focus in investigations. Companies will need to better control how these technologies are utilised, stored and tracked for business purposes. For example, in the Middle East, there is a great deal of communication on WhatsApp, but many companies don’t issue company owned mobile devices, which can bring issues into ownership of business communications on private devices. This underscores the need to be thoughtful and proactive about how and where data is created, what is considered company data and how it is managed and controlled.
Can you speak to some of the challenges around that?
Yes, the changes in business communications mediums and methods present numerous challenges in terms of managing data and also determining ownership and control of that data. The blurring lines between personal and business data and devices, combined with a changing data privacy landscape across the region, makes for a highly complex environment. Businesses must simultaneously ensure they have control, clear policies and are following the law, especially if they operate multi-nationally, which of course many of our clients do.
Addressing these challenges requires a consolidated and carefully executed plan to understand the relevant data privacy laws applicable to a particular company and how that could impact potential investigation or litigation preservation and analysis. Allied to data privacy and controls are also regulations around data retention. Thus, companies should have a consolidated and defensible plan when it comes to management and control of data archive and backup processes, and the subsequent quantities of data that could be generated as a result.
How is your practice, and FTI Technology more broadly, helping address these challenges?
Technology underlies a great deal of business these days, and it’s impossible to operate without it. Therefore, strong technology proficiency and expertise underpins everything we offer to our clients. With so much growth and development in the Middle East region, naturally disputes, investigations and data will be impacted. Addressing these challenges is at the core of our offerings across digital forensics investigations, e-discovery, managed review, information governance and more. Moreover, the identification, extraction, categorisation and analysis of data isn’t limited to litigation and investigations. To that end, we help our clients proactively manage their data as it grows rather than waiting for it to become too big, unwieldy and fall foul of data privacy laws and other regulations.
Finally, what do you think are the three most essential attributes to be successful in digital forensics?
An analytical mindset that never stops asking questions, attention to detail and an ability to understand, demystify and explain complex technical challenges relating to the issues at hand.
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.