Information Security D-List Interview: Lee Whitfield

leewhitfieldToday’s D-List interview is with Forensic 4Cast host and Ricky Gervais stunt-double Lee Whitfield. I first met Lee at the SANS 2010 Forensic and Incident Response Summit and immediately knew that I wanted to be his friend for life – well, maybe we’ll start as Twitter and Facebook friends and see where it goes from there. On with the interview…

Q: Tell us a little about yourself.

I’ve worked as a digital forensic investigator for 5 years. By day I’m responsible for all computer investigations at Disklabs, but by night I produce and host a little-known podcast by the name of Forensic 4cast. I have a tremendous passion for forensics and consume copious amounts or data on the subject – much to the despair of my ever-patient wife. I have 3 children and each of them has me wrapped around their little fingers in their own way.

Q: How did you get interested in information security?

I’ve always been fascinated by computers. I’ve tinkered with computers since getting a 286 when I was in school. I’d always end up breaking something which would drive my dad crazy. He’d then make me sit there for hours and fix the problem. Through this I got to know quite a bit about computers.

Skipping forward a few years (and many fixed disasters) later I met a man named Larry Sewell. He told me about the wonderful world of computer forensics. I was caught up in the romantic notion of pulling out data in impossible situations and started studying the subject at university. At that point I was bitten by the bug and there was no going back.

Q: What is your educational background (e.g. formal schooling, certifications, self-learning, etc.) and did it add value to your information security career?

I graduated from the University of Central Lancashire in 2006 with a BSc in Computing (Forensics). This gave me a good grounding but I felt like I learned more in my first two months in the field than I did in my time at school.

I’ve also done the rounds with Guidance training, getting my EnCE in the process. I’m also a CCE and GCFA. I am tempted to go for more but I’m worried that people might think I’m trying to overcompensate for something.

Q: What did you want to be when you grew up? Would you rather be doing that?

I wanted to be a professional footballer (soccer player). At 33 years old I’m too old to follow that particular dream anymore but I’m quite satisfied with what I’ve accomplished in forensics thus far and I’m looking forward to achieving a lot more in the future. The only thing that would pull me away from forensics would be if Hugh Hefner offered me a position as photographer.

Seriously though, I love working in this field. No, it is not as romantic or cool as I thought it would be but I learn so much on a daily basis. I get to test and experiment with new software and hardware regularly which is awesome as I’m a total geek.

Q: What projects (if any) are you working on right now?

Many things. First of all I did some research on Volume Shadow Copies with my good friend, Mark McKinnon. He and I are beta testing some software called “Shadow Analyzer” which will make investigating the content of these files significantly simpler than they are currently.

I’m also kept busy with Forensic 4cast. We have the third annual Forensic 4cast Awards coming up wherein people can vote for their favourite forensic person, company, tool, etc. The winners are presented with a cool looking award at our annual awards show.

Disklabs not only do forensics but also data recovery. I’ve been looking at the relation between the two and looking at how the knowledge of both can further the field. I’m hoping to share some of the results of that soon.

Q: What can you tell us about the Forensic 4Cast? What was your inspiration and ultimate goal for the podcast?

In 2007 I was working for CY4OR (pronounced “sigh-fore”) in Manchester. The business development team asked for any suggestions for getting CY4OR a more recognised brand. The idea popped into my head for a podcast. I suggested it but no-one seemed to be very interested so I thought I’d do it myself but didn’t want to do one of those podcasts where one person just talks all the time. It wasn’t until I moved to Zentek a year later that Forensic 4cast was born. My brother, Simon, was already working there and was keen to jump in so we recorded our first episode and that was it!
My long-term goal with Forensic 4cast is to get lots of money and eventually take over the world. Actually it has already served its purpose for me. It has helped to get my name out there. It has also served that purpose for others too.

I’d like it to become a more community-driven thing. As much as I’d like to dedicate time to recording and updating the site every day I just don’t have the time with a small family. If anyone wants to record or write something to publish on there please do. I’d love nothing more.

Q: What is your favorite security conference (and why)?

I’ve only been to 3 confererences – F3, SANS Forensic Summit, and the SANS EU Forensic Summit. I have to say that the SANS events are, by far, much more interesting that the F3 event. I also thought that the atmosphere at SANS was different. F3 seems so formal and typically British but the SANS events are more open. People seem much more approachable.

Sadly there’s not a lot happening in the UK in this regard. F3 only happens once a year and, aside from SANS, hardly anyone else puts anything on. There’s a BSides in London in April but I can’t get to that. Maybe I’ll try to host a BSides closer to home in the future.

I dream of the day that I can attend Blackhat and Defcon.

Thankfully I’ll be returning to the SANS Forensic Summit in Austin in June. If you’re there please come say hello.

Q: What do you like to do when you’re not “doing security”?

Its a running joke among my peers that I spend my idle time reading teen vampire novels and watching shows that paint me in a “less-than-masculine” light. Let me just say yes, I’ve read the Twilight books and I like Glee, and yes I cry when watching Extreme Makeover Home Edition, get over it. 😉

I’m also a massive football (soccer) fanatic. I spend a disgusting amount of time watching sports on TV. I also spend a lot of time with my family. Even though I have a passion for forensics I believe my kids are, and always will be, my greatest achievement. No matter where I go, or what I do in my work life nothing will ever compare to being a dad.

I’m also a committed church-goer. I spend several nights a month out trying to better myself and help others.

However, my favourite past-time is self-deprecation.

Q: What area of information security would you say is your strongest?

Definitely dead forensics. This is my comfort zone without question. My current job involves going on-site more than I ever have in the past and I find it quite exciting at times.

I have dabbled a little in other areas of computer security but nothing too seriously. I’m hoping to change this in the future and gain some much needed experience in incident response and even penetration testing. The problem is that there is so much to learn it is difficult to keep up with forensics and still find the time to expand my knowledge in other areas.

Q: What about your weakest?

Everything else. Like I’ve already said I want to increase my knowledge in other areas and some people in the field have been very helpful giving me pointers and suggestions as how to do this. I’ve been crowbarred into programming stuff and that has been a challenge as it has been a few years since I did anything like that, but I’m progressing, albeit slowly.

Q: What advice can you give to people who want to get into the information security field?

There’s so much. First up, start early. If you’re at school now get involved with something. Go to a conference, pay for training yourself, do anything you can to get a leg-up in the field. Start a blog, do some research, go and volunteer to work for free at a relevant company, just do anything. Even if this all seems futile in the short term you’ll end up with a CV that looks awesome. Also how cool would it be to walk in to an interview and for the person to say “I read your research on… and I was very impressed”?

Another thing that’ll help you is if people already know your name. Be active on LinkedIn, Twitter, and use all of these things to your advantage. Do some research, start a blog, just do something to get your name out there. Imagine how much easier your job hunt will be if someone already recognises your name and your work.

Q: What about for someone who wanted to get into forensics specifically?

Don’t be casual about it. Dive in and be prepared to learn something new every day. Start early. If you’re at college or university don’t wait for your education to finish before looking for work. Call people in the field and see if you can get either part-time work or an unpaid internship. Just get some experience somewhere, it’ll be invaluable once you start looking for full-time employment.

Q: How can people get a hold of you (e.g. blog, twitter, etc.)

I’m on most of the major social networking sites:

On Twitter I’m @lee_whitfield

On Facebook I’m at

I’m on LinkedIn

My podcast and blog is found at

I’m not hard to find.

Scroll to top