David Smalley is the Director of Digital Forensics at Grayshift, the leader in mobile device forensics, specializing in access and extraction. Before joining Grayshift, Smalley held a leadership position for a leading worldwide electronic discovery organization with over 90 offices throughout the United States, Europe, Asia, and the Middle East. Smalley is instrumental in the implementation of digital forensics laboratory policies and procedures for various US law enforcement agencies. He dedicated over a decade to criminal investigations associated with local, state, federal, and military forces. Smalley is a leading contributor and court qualified expert in computer forensics, mobile forensics, call detail record analysis, and open-source intelligence.
Smalley’s interview is the last in this “From the Lab” series, and in true leader’s fashion he uses his interview to sing his team’s praises and provide thoughtful, practical advice for people at all stages in their digital forensics career.
It’s obvious you’re a #nerdcop. What’s your favorite type of technology you love to use every day?
It should be no surprise that smartphones have collectively become our primary technology of choice. From an operational standpoint, I gravitate towards my mobile phone because of its ease of use, and it solves most of my problems more quickly than other types of technology. Mobile devices are equipped with everything I need to be an effective leader at Grayshift and solve most of my challenges.
When you were a digital forensic investigator, what types of cases did you typically encounter?
- This is an interesting question. Towards the end of my career at the police department, it seemed every case involved an aspect of digital forensics. Whether it be a smartphone, computer, video surveillance system, or other storage devices, I was always brought into an investigation in one way, shape, or form. Leaders within these agencies must understand the importance of digital forensic evidence and the impact that technology has made on investigations. I’ve said this before during my Grayshift podcast, episode 8, if you’re interested, that being included in virtually every case makes a more well-rounded examiner, someone who can think on their feet and adapt to any situation involving technology.
- To answer your question more specifically, I was involved in all criminal offense types, divided into two major groups: Part I offenses and Part II offenses. From sex and drug offenses to arson, burglary, and murder.
Is there an example of a case you investigated with GrayKey? Can you tell us how GrayKey could have helped?
I would have loved to have GrayKey while employed by my local law enforcement agency. The stars needed to align for me as I was working for a private-sector electronic discovery company at the time of its release, and they didn’t. Fast forward to the current day, and it’s incredible to see our products’ impact on criminal investigations. My team and I have the pleasure of assisting our customers with a global footprint, so we are often asked to assist with virtually every crime type imaginable, experiencing the positive impact of GrayKey across the world.
What is one thing you wish people understood about the job?
The human element. Most people associate law enforcement with uniformed patrol officers, those on the front lines with a public presence. Some need to see the members behind the scenes working tirelessly within their agency walls. Staff trying to make sense of crimes that have already been committed using technology and other groundbreaking investigative methods. These men and women are highly invested in identifying bad actors and solving crimes for their neighbors and those that live alongside them.
What was the most challenging crime you solved with GrayKey?
Although I did not have direct access to GrayKey while in Law Enforcement, I have the pleasure of hearing from our customers daily. It’s truly a rewarding experience knowing that our products are used to aid the police in their fight against crime.
What challenges did you regularly face as a mobile forensics’ examiner?
Device support was most significant challenge I had to overcome as a digital forensic examiner. You arrive on-scene to find what I describe as three categories of device support:
- Old or outdated with a very low success rate
- Common with a guarantee of success, and
- Newest technology just released to the public
I would always seize the devices regardless of their forensic support because forensics companies such as Grayshift are constantly evolving to meet the needs of law enforcement. The better safe than sorry approach to digital forensics and device collection and preservation has never failed me. It has saved me from responding to a scene to collect additional evidence that I initially thought was uninvolved.
What advice would you give new digital forensic specialists to help them overcome similar challenges?
There are a few things that I would suggest for anyone starting in the field of digital forensics, including:
- Ask questions. I have over a decade of first-hand experience in the field and still ask questions. You aren’t expected to know everything about everything, and it’s impossible with the ever-changing landscape. So, talk to your colleagues and other investigators about your experiences and treat every day as an opportunity to learn something new.
- Follow your passion. Find out early on what fascinates you about digital forensics. With so many different types of technology, stick to the kind you’re most passionate about, like mobile phone forensics as opposed to vehicle forensics, or vice versa.
- Surround yourself with support. Work somewhere that has your best interests at heart and supports your needs. You’ll be at work more than home and need a solid support system to succeed.
It’s not all about the technology or devices that you’ll encounter. As specified above, you’ll need to rely heavily on a solid support system starting and throughout your entire career as a digital forensic specialist.
What do you know now that you wish you knew when first starting out?
This is such a great question. Be a sponge, sometimes defined in the business community as someone who is tirelessly driven to seek and absorb new information. You will learn much more from your colleagues and experienced examiners than from any textbook on digital forensics. Please get to know industry leaders, attend their workshops and webinars, browse their websites for articles and blog posts, and lean on some of the more common online forums and organizations.
What’s a secret about one of your teammates that most people don’t know but should?
It wouldn’t be a secret if I told you all. If I had to say, Stevie Coates, Digital Forensic Specialist in UKI, is great at keeping secrets.
What superpower do you bring to Grayshift?
The superpower I bring to Grayshift is the ability to multitask, and I brought this superpower over to Grayshift from my work in law enforcement. As a digital forensic examiner, every day is entirely different, and it’s not uncommon to have plenty of work to do in a short time.
David Smalley leads by example and knows what he’s talking about when discussing digital forensics. Lucky for you (and us), he’s constantly sharing helpful information for anyone interested in learning more about digital forensics and what it’s like to be a digital forensics expert.
More content from Smalley (and other DFS team members) you may be interested in:
- How To Evaluate Your Mobile Device Forensics Lab
- Overcoming Imposter Syndrome
- Logical Extraction vs File System Extraction (with Jay Varda)
- Time to First Fact (ArtifactIQ by Grayshift Cloud Analysis)
- Understanding GrayKey For Command Staff
© 2023. Grayshift, LLC. All rights reserved. Proprietary and confidential.