The Need for Forensics - Interview with Keith Barger of KPMG
With the heightened focus on cybersecurity - and increased incidents of insider crimes - the digital forensics practice has also gained a higher profile in both the private and public sectors.Keith Barger, a forensics veteran, currently serves as a director in KPMG's forensics practice in Houston, TX. In an exclusive interview, Barger discusses:
Barger joined KPMG in 2006 after six years as a Special Agent and Digital Forensics and e-Discovery Western Regional Coordinator and Project Manager with the Department of Justice, Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF). Keith has extensive experience with e-Discovery, the Amended Federal Rules of Civil Procedure, digital forensic investigations, forensic methodologies, computer evidence recovery, and data analysis. Barger specializes in electronic data discovery, data analytics and investigative services in support of civil litigation and provides advisory services regarding technology related matters. He also provides expert witness testimony when appropriate in connection with these services.
TOM FIELD: Hi, this is Tom Field, Editorial Director with Information Security Media Group. We are talking today about forensics and we are talking with Keith Barger, Director in KPMG's forensic practice in Houston. Keith thanks so much for joining me.
KEITH BARGER: Absolutely.
FIELD: Why don't you start out by telling us a little bit about yourself, your role with KPMG and how you got into forensics.
BARGER: Sure Tom. I spent 18 years with the federal government, a good majority of that as a Special Agent at the Department of Justice. Part of my ancillary roles there were I headed a team nationally of digital forensics and data analysis experts on behalf of Justice, worked ancillarily with the CIA and other government agencies in the area of forensic analysis and data mining and digital forensics before coming to KPMG about three and half years ago.
FIELD: Now Keith we hear an awful lot about forensics these days particularly with the discussion about cyber security. If you can, can you maybe dispel some of the myths and give us some of the realities of digital forensics?
BARGER: Sure. I think one of the common myths are that there are a set of commercially available tools or practices in the area of digital forensics that allow individuals to conduct digital forensics and receive an answer almost immediately or within the hour and that is certainly propagated by much of what we see on television. The reality is that it is a very complex set of methodologies and rules and no one tool will solve everyone's purpose and requires a really diverse set of individuals with very diverse skill sets that allow particular organizations to achieve their investigative goals through the use of digital forensics.
FIELD: Now you have been into this for a while, how are some of the ways that businesses and government agencies are employing forensics today? What are they using forensics for?
BARGER: I believe that based on my experience this is much broader in scope than what anybody ever anticipated the use of forensics and digital forensics would be. The history of digital forensics started predominantly with government agencies and many of the programs still remain controlled and are used by law enforcement personnel only, but as we have seen a phenomenal growth in the commercial sector what we see the government and commercial sectors doing is really working together in the areas of anti-money laundering, healthcare and regulatory compliance, the government is certainly using forensic data analysis and forensic tools to focus on its regulatory and compliance programs when it hold people accountable.
We are doing a huge area of digital and data forensics in the area of federal government grant programs, government stimulus packages that we are currently seeing in the market, digital forensics is being used on Wall Street to identify trades and economic trends and climates and fraudulent trades in that industry, the Foreign Corrupt Practices Act, globally within organizations for organizations who have global offices worldwide are using digital forensics to identify fraud and bribes in their foreign offices. We see it in mergers and acquisitions due diligence, internal fraud, and HR investigations, particularly in this climate when there are so many layoffs, intellectual property, and espionage and intellectual property theft. So it really covers a broad and diverse area of topics and areas in which there is a huge ability to apply forensic digital investigations and forensic data analysis.
FIELD: That's great. Now Keith maybe you can give us some examples from your own career and give us a sense of what are the things you go looking for in a forensics investigation.
BARGER: Sure, absolutely. Like I said I spent several years with the government, a great deal of my digital forensics and data mining early career was in the area of criminal violations, network intrusions, both foreign and abroad.
I spent a year and half in the state of Louisiana after Hurricanes Rita and Katrina doing forensic data analysis and digital investigations related to that $9 billion dollar government grant program to identify areas of fraud on behalf of the state and applicants who were receiving federal grant money. So that involved a very diverse 30 or plus data systems and applicant interviews, correlating state residency, fraudulent Social Security numbers, FEMA data, state data related to applicants as far as employment, insurance companies.
We also worked in the area of healthcare and regulatory compliance identifying fraudulent claims in Medicaid and Medicare, the Foreign Corrupt Practices Act I have been to China, most of the European Union implementing digital forensics programs and conducting digital forensics and forensic data analytics investigations worldwide, intellectual property theft on behalf of our clients. We have done a significant amount of work in energy and trading and how that impacts the economy. There is an entire area of digital forensics and data analysis related to fraudulent trades.
So it has been pretty broad in scope and has been pretty rewarding for the last few years.
FIELD: It sounds like that you have taught an awful lot of people that there really is no such thing as delete.
BARGER: That's true. I would venture to say there is probably as many anti-forensics programs out there as there are forensics programs, but the reality is there is always some trace of information left behind no matter how small it is that really allows you to take an investigative background or methodology and come to some sort of conclusion at the end of the day.
FIELD: Now you talked about a couple of things that I think are pretty key in today's environment. One is the insider threat and the other is what might happen in an organization that is ripe with layoffs. Those seem to be some of the bigger risks that we have. What are some of the security risks that you see in business and government that really underscore the need for a good forensics program?
BARGER: There are actually several risks, depending on the industry and the company and how they apply their business practices and you know we certainly touched on the HR particular investigations in issues with layoffs and disgruntled employees and the surreptitious removal of intellectual property that could be advantageous to a competitor in the markets, network intrusions and breaches.
We are referred to sometimes in the banking industry as check kiting and using digital forensics to follow the trail of money and how that is making it through specific financial institutions. In the trading industry you know we see things like fraudulent trades and payments to vendors that can have a significant impact on the economy and the markets.
And then certainly with all the government stimulus package money that is going out the potential for fraud is significant.
FIELD: Now Keith I have spoken to a number of banking executives that developed forensics programs internally because they needed it with all of their risk management. Where does one o today to acquire forensic skills that you can develop a program in house?
BARGER: I think we have seen a dramatic shift in the last five or six years. I have set on several university boards to help them develop curriculums in the area of digital forensics; my Master's is in Forensics. To really go and start internally a forensics program I think you know, one the skill sets are out there and it is identifying the appropriate people with those skill sets; one at a high level who understands the methodologies, have an investigative background.
A number of universities now have Bachelor's, Master's and Doctoral degrees in the area of digital forensics. There are certainly a number of independent accreditations now that are funded by universities. There are a great number of people who are leaving or retiring from the federal government whose skill sets and expertise where they received training when they were with the government that simply isn't available to the commercial market and can apply those methodologies and trainings now in the commercial market.
I work closely with CCE who is an independent accreditor funded by a university. The skill sets are out there and I think it is important to note that if you are leveraging your IT Department to do digital forensics, you are making a mistake. Those people are dedicated for a specific purpose and their skill sets typically aren't as broad as what you find in the digital forensics area, but there are so many accreditations and certifications out there that are independent of what I would call vendors that provide training specific to their commercially available tools that if you don't have people who understand the underlying methodology can adapt quickly to the ever-changing world of technology, you are going to find yourself in a shortfall, in a shortcoming with the inability to align your digital forensics across your business, your IT and your legal functions.
FIELD: Well given that Keith, let me give you one last question, which is for an organization that is just now sort of considering forensics and what they should do, and I hear a lot of that given the economic climate, where should they begin?
BARGER: I really think the beginning is targeting the right individual with the right skill set and experience to help you build out your forensics program internally in an organization. Someone who not only understands the technology side of the house, but understands evidence procedures, methodologies, training, that can really assist you in implementing a program that is defensible and repeatable in court, understands what it means to document these types of investigations, has an understanding of judicial rules and how they are applied in the court systems in the area of digital forensics, and then allowing that individual to work with you from a business perspective and a legal perspective to identify the appropriate skill sets of individuals who are particular to your industry and market and who can bring the most benefit and value to you internally based on what your business is.
FIELD: Keith that is great insight. I appreciate your taking the time to share with us today.
BARGER: Absolutely. Thank you for inviting me.
FIELD: We have been talking with Keith Barger with KPMG. For Information Security media Group, I'm Tom Field. Thank you very much.