Law enforcement and government agencies always have snapped up graduates from university computer forensics programs, but “demand is booming now that private companies have begun recruiting cyberinvestigators” (Eckle, 2006, p. 54). Marcus K. Rogers, an associate professor in charge of the computer forensics program at Purdue University's College of Technology reports that “demand has gotten so great that graduates in the field are some of the most sought after in the country this year” (Eckle, 2006, p. 54).

In the 1940s and early 1950s human relations practices “typically postulated that the feelings of people were more important than the logics of organizational charts, rules, and directives” (Wren, 2005, p. 367). Today’s managers in the computer forensics industry must keep that in mind when they balance the business needs against the shortage of people.

A reduction in an already scarce population of qualified workers adds additional personnel management and retention challenges. History teaches us that “labor turnover carried a high cost, both for the employee and the employer, and scientific management sought to reduce that waste of resources” (Wren, 2005, p. 241). Industry managers who learn from history and apply the appropriate scientific management techniques to their situation have a higher probability of remaining in business that those who ignore the I-did-it-the-hard-way lessons of management history.

Another challenge faced by the computer forensics industry is educating the public who do not understand the industry and well-meaning professionals who occasionally destroy crime scene evidence unintentionally. Even if they do not destroy the evidence, they may not use the proper methods for obtaining data and make their retrievals inadmissible in court, or worse, do something that could be considered a criminal act (Potaczala, 2001, p. 31).

Some lawyers do not know how to evaluate the testimony of an expert witness. During an interview about computer forensics, Potaczala (2001) asked Sgt. Kevin Stenger, a computer forensics expert from the Orange County Sheriffs Office, “When testifying in court or during a deposition for a computer investigation, what common ways have lawyers used to discredit your investigation” (p. 39)? Sgt. Stenger’s response was revealing: “Computer Forensics is still new to the legal community. On my first and to date only deposition I was excused by the attorney who stated that he did not know what questions to ask me” (Potaczala, 2001, p. 39).

Managers face a challenge to educate their employees about the public nature of private e-mail messages. It is important for employees to “understand they have no reasonable expectation of privacy” (Sutton, 2003, p. 9). Even after e-mail messages have been deleted from a sender’s computer, they may still reside on the receiver’s computer. For a time, they also will reside on the e-mail server and any server between the sender and receiver. This is a security area managers in the past did not have to manage. In the past, it was relatively easy to control the number of copies created and the location of all copies of a sensitive document. Today, however, an e-mail message containing sensitive information could end up almost anywhere.

Carr and Williams (1994) exhort the business community to be aware that “senior management must accept that computer crime poses a real threat and impost cost effective measures for its prevention” (p. 147). The computer forensics industry must educate the general business community of the dangers of computer crime and offer them a solution to this problem. Computer forensics can disclose the source of many computer crimes and reveal evidence the perpetrators of crimes thought they had destroyed.

Each challenge faced by the industry has the potential for a great opportunity. Successful managers recognize how to turn each challenge into a specific opportunity. Monson (2002) observed that the Carnegie Mellon Software Engineering Institute recorded only six computer/network security incidents in 1988, while posting 52,658 in 2001 (¶ 9). That amount more than doubled over the next two years, jumping to 137,529 in 2003 (CERT, 2006, ¶ 8). The trend is persistent today as incident reporting continues to escalate.

As security incidents and the use of computers for criminal cases increases, so does the business opportunity. Computer forensics managers must be poised to take advantage of this growing demand for their services. “Technological change disrupts the social system, a factor that should be considered in any initiation of change by management” (Wren, 2005, 338). As changing technology increases business opportunities it also increases the challenge to find qualified workers and manage the change faced by current workers.

As the demand for trained staff continues to increase, so do the opportunities for companies to provide training. Major universities now offer courses related to computer forensics at both undergraduate and graduate level. Computer forensics firms are expanding their services by not only conducting investigations, but also teaching others to do the same. The managers of companies developing training programs are adding both new business opportunities and qualified investigators to the industry.

An example of a training organization that exists because of this emerging industry is the National Center for Forensic Science (NCSF). It was founded in 2005 by the National Institute of Justice and hosted by the University of Central Florida. NCFS “provides research, education, training, tools and technology to meet the current and future needs of the forensic science, investigative and criminal justice communities” (NCSF, 2006, ¶ 8). NCFS offers a Graduate Certificate in Computer Forensics.

As the computer forensics industry grows, it provides the opportunity to create new businesses and expand opportunities for existing companies. Two examples of new industry players are ADR Data Recovery (existing business) and Technology Pathways (new business).

ADR Data Recovery (formerly American Data Recovery, Inc.) started in 1995 (ADR, 2006, ¶ 2). They began business recovering lost data from computers and seamlessly evolved to include computer forensics services. From their headquarters in Folsom, CA, they manage “more than 12 Regional Labs and 19 Service Centers” (ADR, 2006, ¶ 5).

Technology Pathways (2006) opened its doors for business in September 2001 to offer a software product that aided computer forensic investigators (¶ 1). “Over the past three years, it has emerged as one of the leaders in this rapidly growing market” (Technology Pathways, 2006, ¶ 1). Shortly after the company started, the management team recognized and exploited a new business opportunity in “remote forensics, which would revolutionize the way that forensics is utilized and open up new and broader applications” (Technology Pathways, 2006, ¶ 4). Steve Richardson, the company’s President and CEO has used his Harvard Business School MBA training and more than 25 years of practical experience to steer the company in the right direction (Technology Pathways, 2006, ¶ 8).

Information management practitioners also have a new business opportunity since the emergence of computer forensics. In the past, information managers were concerned mostly with paper products, file folders, filing cabinets, and so forth. Today, they also are concerned with electronic storage media, since “computer documents can be spread over numerous physical locations, not to mention numerous magnetic storage devices within any one location” (Caloyannides, 2004, p. 315). Keeping track of this data and teaching others how to manage their vast resources of electronic records is a new service offering for information management firms.

Other examples of specific business opportunities available for computer forensic examiners are: security auditing, drive sterilization, Internet history analysis, and e-mail and chat recovery. (See Figure 2)

Figure 2. Business opportunities for forensic examiners.
(Starken, 2005)

Sterneckert (2004) documented several best practice policies and procedures for critical incident management. He suggests that “organizations today must have policies regarding when computer forensics examiners should be called in” (p. 81). Indirectly, the emergence of the computer forensics industry has created new business opportunities for policy writers and management consultants. As managers learn about and appreciate the importance of computer forensics, they can turn to policy writers to assist them in developing company policies and procedures to include computer forensics.

A unique opportunity not shared by many other industries is that, generally, quality of service is more important than the cost of the service. Thomas Moore, Director of Computer Forensics for TKM Technologies Ltd. in the United Kingdom, offers his professional opinion that reflects his belief that quality of service is more important than price:

I believe that computer forensics remains a largely incident-response orientated service. The issues at stake are often very significant - in both criminal and commercial forensics. As such, many clients are less sensitive to price and are often more concerned with response times, quality of results and discretion. (Moore, 2006, ¶ 1)

Court records and new laws in the United States highlight “that the failure of an organization to retain electronic documents and to be able to locate the information when needed can cost the organization millions of dollars as well as its reputation” (Luoma, 2006, p. 91). When faced with a life-threatening condition to the business, today’s managers are more concerned with the ability to recover certain information than they are in the cost of recovery. The cost for irretrievably lost data frequently is much more expensive that the cost to hire a successful forensic examiner. Companies able to recover and preserve obscure digital information that meets evidence requirements of our legal system will continue to thrive.

A specific area where management has the opportunity to make improvements is in the way the industry processes data. Walton (2005) believes that “in the current state of practice, security properties of software systems are assessed through error-prone, labor-intensive human evaluation” (¶ 1). The first computer forensics company that develops the ability to reduce errors and the time involved in recovering data will take a big leap forward in the industry.

What other big leaps can be expected from the computer forensics industry? Thomas Longstaff, Deputy Director of Technology, CERT Program shares his glimpse of the future for computer security: Beyond today's world, we visualize software in new generations of ubiquitous computing and communication products, many of which we will not immediately recognize as networked computers. Cell phones provide a glimpse into this developing world by placing in our hands a combined audio-visual communications devise, network browser, secure purchasing agent, geographic locator, gaming and entertainment system, and trusted wallet. We will see similar capabilities in cars, homes, offices, and more systems unimaginable today. All will be enabled by software and, in our vision, all will be subject to a full understanding of their behavior as a basis for engineering security into their operational features. (Longstaff, 2005, p. 1)

History reveals the successes of companies that took advantage of changing technologies and markets by designing the appropriate business structures to exploit those emerging markets (Wren, 2005, p. 454). Future history will unveil as of yet unknown companies that were able to adapt successfully to the detailed understanding and effective application of Longstaff’s “more systems unimaginable today.”

The problem of crime definition will continue in the future. Will it be a crime to have the wrong things stored on your electronic shopping list automatically created by your refrigerator? In the not-so-distant future, stores will be able to access information stored in your refrigerator and supply you with just-in-time products. “It sounds like science fiction, but new technology being introduced at NPE [National Packaging Expo] 2006 by HEKUMA GmbH of Eching, Germany, paves the way for just such a development” (Lyons Media, 2006, ¶ 1). What would happen if a criminal hacked into your refrigerator shopping list and posted information about drug dealer contacts in your neighborhood? How would you answer embarrassing questions from a police detective about why you have that information in your possession?

An aspect of successful business management is risk management. Vacca (2005) teaches that “the best approach for organizations wanting to counter cyber crime is to apply risk-management techniques” (p. 156). In the future, successful companies will include computer forensics capabilities in their risk management planning. Vacca (2005) proposes that the “management of cyberterrorism risk must be considered an important issue for all aspects of society, not only for private companies” (p. 503). In the future, successful managers will make computer forensics part of their risk management portfolio.

Today’s business enterprises are less formal than they were during the Industrial Revolution. A significant cause for this informality is the use of e-mail. Early firms insulated upper management from individual workers with several layers of mid-level managers. Today, “e-mail has effectively allowed anyone to bypass the hierarchy and protocol and contact anybody else directly” (Caloyannides, 2004, p. xvi). This trend will continue into the future. Perhaps in the future, each employee will have a video conference system in their cubical and we will leave video mail instead of e-mail. Forensic examiners will need to deal with an increasing amount of digital data labeled as official business documentation.

The future computer forensics industry may see the extinction of sole practitioners. As the industry becomes more complicated and demands for computer forensic services increase, the sole practitioner may not be able to compete with larger firms. To succeed in the future, sole practitioners must become narrow specialists and be recognized as the best at what they do. There will be plenty of niche market opportunities for the one-man show if the practitioner does not try to expand too far and explode like a balloon filled beyond its capacity.

Except for integrating computer forensics techniques into normal management practices, there will not be any significant unique management characteristics emerging in the computer forensics industry. Individual companies which offer computer forensics services will succeed if they follow best practice management techniques for a company of their size and location. However, methods of managing information in the future will exceed the imagination of most current observers and can be the subject of another article.

Final questions to ponder: What if someone invents an operating system or software application that uses artificial intelligence methods to automatically archive and organize everything entered into the computer system? Will there be a need for computer forensics if nothing could be hidden or deleted? If so, will that give birth to a new industry that is able to destroy the once digitally indestructible?

The good news is that the 21st century has nurtured the emergence of a new industry: computer forensics. The bad news is the reason why the computer forensics industry is flourishing: computer crimes. As computer crimes continue to grow, so must the responses from business managers. The computer forensics industry is poised to assist business managers and the court system control and contain the computer crime threat.

Challenges facing the computer forensics industry have created new opportunities for existing businesses and spawned new organizations. Sole practitioners, specialized companies, and related firms are taking advantage of those new opportunities to offer computer forensic services. Training, expanding business, and customer service are three opportunities ripe for picking in the computer forensics industry. Managers who identify and exploit those opportunities will see their firms flourish.

What does the future hold for the industry? Thomas Longstaff, Deputy Director of Technology, CERT Program (2005), gives us a glimpse of the future with its prediction that “more systems unimaginable today” (p. 1) will be waiting for us there. Evolution of computer forensics industry management practices will parallel main-stream business enterprises to meet future challenges. Additionally, as Wren (2005) proposed, the industry must “develop dynamic capabilities that will enable it to transform itself as competitive conditions change” (p. 422).