eDiscovery Forensics Spotlight: Joe Pochron, Ernst & Young
Getting started in the world of eDiscovery forensics is not always a clear path. From his early days in law enforcement to now leading the Insider Threat team for Forensic and Integrity Services at Ernst & Young (EY), Joe Pochron draws on his wealth of experience to share insights into the biggest challenges facing eDiscovery forensics today and what he sees for the future of the field.
Joseph Pochron
Digital Forensics & Insider Threat Lead, Forensic & Integrity Services Ernst & Young LLP
How did you start your career in eDiscovery Forensics?
Like many of my colleagues who started in computer forensics in the early 2000s, my first foray in forensics was in law enforcement. I spent 13 years in law enforcement with the majority of those as a police detective. I was introduced to forensics in parallel because of the spike in both financial and child exploitation crimes and how technology was enhancing the ability to engage in those crimes. My career evolved to the point where I was eventually managing a digital forensics laboratory and cybercrime task force from the county prosecutor’s office.
When I left law enforcement in 2014, I went to work for a large international eDiscovery vendor. Prior to that job, I hadn’t even heard the term “eDiscovery.” I quickly figured out a few things: cases could be very complex and span various geographic locations, and the usage of digital forensic tools like those of Cellebrite were used to primarily support the defensible data collection in these matters. Additionally, although we were using the same tools that I used in law enforcement, the workflows were quite different. For example, I would often produce a large report of ALL data recovered from a mobile device for a prosecutor, the goal in eDiscovery was to transfer that data into a legal review platform so a host of attorneys could review, tag for responsiveness, and ultimately produce that data according to a set of guidelines or parameters. Ultimately, I rose within that company to manage their global digital forensic team, supporting 14 forensic labs on 3 continents.
I joined EY in 2019 and for the last 3 years I’ve been primarily focused on digital forensics, eDiscovery, and both cyber and insider threat investigations.
What is the biggest challenge facing eDiscovery Forensics today?
Challenges in this space evolve fairly rapidly – I would not be surprised if by the time this is published we have had new ones crop up. One that seemingly comes up almost every day is the intersection of data privacy, information governance, Bring your own device (BYOD) policies, and ephemeral mobile messaging applications. This area is such a minefield: on the one hand we have BYOD policies with employees that use non-sanctioned applications for business communication, while also balancing privacy concerns of non-relevant data on a device. On the other hand, especially in highly regulated verticals like the financial sector, companies have an obligation to retain business communication that may be sitting in a mobile communication application like WhatsApp or WeChat. And then we have the pure ephemerality of that data in general, along with robust support needs from forensic tools like Cellebrite. If anything, these applications have become more normalized for use in a business setting, which is why we’re seeing a tremendous uptick in the need for review and production of mobile data in eDiscovery matters.
What are you looking forward to in the near future for eDiscovery Forensics?
I am really looking forward to seeing the continued advancement and innovation of digital forensic tools to support eDiscovery needs. Traditionally, forensic tools were created to support law enforcement needs, which is understandable since the field started in that space. What we’ve only seen in the last few years is tool providers enhancing or evolving their products to support the massive industry of eDiscovery. A great example of this is Cellebrite’s addition of Relativity’s Short Message Format (RSMF) as a reporting output in Physical Analyzer. This has normalized mobile data for legal review and was something that wasn’t possible a few years back. The ability to isolate and target data and limit overcollection is more of a concept in discovery than in criminal matters. As data privacy continues to intersect with data collection workflows, having dynamic tools that allow for various collection options will be key.
What is your superpower?
I think I possess chameleon superpowers. I mean that in a positive way – I think I do well in adapting to my surroundings which have changed quite a bit over the course of my career. I’ve worked as a cop, a college professor, and as a technology consultant. I routinely consult on digital forensics, eDiscovery, information governance, cyber incident response, and insider risk, amongst other topics. Most days are spent on various calls on all these topics. You need to be able to adapt to your surroundings because the audience changes and the needs of either the case, or the client, are different.
