Do computer forensic examiners have to be licensed as private investigators? Well, that varies by state. Benjamin Wright has discussed the PI requirement here and Texas PI legislation here. Scott Moulton provided some insight to Michigan and the CISSP requirement here. I do not plan to regurgitate their research or viewpoints, but rather continue the discussion and provide some additional information in regards to another state and the PI licensing requirement. I want to thank Larry Daniel of Guardian Digital Forensics for providing his North Carolina legislation model, which I used as a framework for my position paper that I completed and sent to the Indiana Private Investigator Licensing & Security Guard Board earlier this year.
According to Indiana law, IC 25-30-1-2
(1) "Person" means an individual, a firm, a company, an association, an organization, a partnership, or a corporation.
(2) "Licensee" means a person licensed under this chapter.
(3) "Private investigator firm" means the business of:
(A) making, for hire or reward, investigation or investigations for the purpose of obtaining information with reference to:
(i) a crime against the state or wrongs done or threatened;
(ii) the habits, conduct, movements, whereabouts, association, transactions, reputation, or character of a person;
(iii) credibility of witnesses or other persons;
(iv) the location or recovery of lost, abandoned, unclaimed, or stolen property;
(v) the causes, origin, or responsibility for fires or accidents or injuries to real or personal property; or
(vi) the truth or falsity of a statement or representation;
(B) securing, for hire or reward, evidence to be used for authorized investigation committees or boards of award or arbitration or in the trial of civil or criminal cases; or
(C) providing, for hire or reward, undercover investigators to detect and prevent fraud and theft in the workplace or elsewhere.
(4) "Board" refers to the private investigator and security guard licensing board established under section 5.2 of this chapter.
(5) "Licensing agency" refers to the Indiana professional licensing agency established under IC 25-1-5-3.
(6) "Business entity" means a firm, a company, an association, an organization, a partnership, or a corporation.
In my position paper, I clearly outlined the distinct differences between roles of a private investigator and a computer forensic examiner. While there are some roles that both professionals share such as gathering evidence and preparing reports anticipating courtroom presentation, a computer forensic examiner applies a technical expertise using scientific methodology. Therefore, if Indiana were to get involved in regulating computer forensic examiners, a separate governing board handling licensing and requirements should be created instead of classifying computer forensic examiners as private investigators.
Those in law enforcement that practice computer forensics, from small to medium-size jurisdictions wear multiple hats, juggling the duties of both the investigator and forensic examiner. Having the ability to separate the duties of the investigator and the forensic examiner aid in maintaining a neutral viewpoint when it comes to examining digital evidence. A colleague and I while recently discussing a case shared our views in regards to neutrality when it comes to a computer forensic examination. It doesn't matter if we are in the business of bad guy suppression (thank you Rob), defending the bad guy, e-discovery, or incident response it is important to remember that we are examiners/analysts/fact finders. At this point in time, Indiana has decided NOT to get involved in regulating computer forensic examiners practicing computer forensics.
The Private Investigator Licensing & Security Guard Board concluded that as long as the computer forensic work being completed does not qualify as Private Investigator or Security Guard work then no PI license would be required. The board also stated, "Neither the Board nor the Indiana Professional Licensing Agency (for a variety of reasons) has an interest in establishing license requirements for Computer Forensic Examiners, or pioneering a new professional board for Computer Forensic Examiners. I appreciate the research you've done for the presentation provided to this board. We will continue with the present requirements for firms to obtain a private investigation license whose principal qualifier must meet certain experience requirements which may include, but not limited to specific computer forensics." So let's tie it all together. Do computer forensic examiners have to be licensed to practice PI & SG work in Indiana? Yes! Do computer forensic examiners have to be licensed to practice "computer forensics" in Indiana? No! As always consult with an attorney for legal advice and guidance. I commend Indiana's Professional Licensing Agency and the Indiana Private Investigator Licensing & Security Guard Board for deciding not to regulate computer forensic examiners at this point, but feel this is still vague in several facets and will only need to be revisited in the future. I believe it is imperative for computer forensic examiners/practitioners to know the law in their state(s) of operation and get involved. Contact your legislature or your state's licensing board (if applicable). I chose to get involved because of the influx and demand for our expertise and the increasing number of times I'm contacted outside the law enforcement community for private sector engagements.
**Disclaimer: This information is being provided "AS-IS" on an informative basis and SHOULD NOT be considered legal advice. Always consult with an attorney for legal advice.**
Mr. Brad Garnett, CCE, GCFA is a law enforcement officer specializing in computer forensics. You can follow Brad on Twitter @bgarnett17