Who's Who Legal
Who's Who Legal
New to Who's Who Legal?
New to Who's Who Legal?
Menu
User Menu
New to Who's Who Legal?
Thought Leaders

Thought Leaders

Robert C DeCicco

Robert C DeCicco

Alvarez & Marsal2029 Century Park EastSuite 2060Los AngelesCaliforniaUSA90067

Thought Leader

WWL Ranking: Global Elite Thought Leader
WWL Ranking: Global Elite Thought Leader
Thought Leaders - Data - Data Experts 2020
WWL Ranking: Thought Leader

WWL says

Robert DeCicco is a "thorough and experienced" expert on the market, excelling in both data acquisition and forensic examinations.

Questions & Answers

Robert DeCicco is a managing director at Alvarez & Marsal and specialises in providing services related to digital forensics and incident response for a variety of high-profile and confidential clients. He has served as an expert in courts nationwide and abroad, and has actively run and performed the collection, analysis and reporting on the behaviour of data via electronic evidence from thousands of computers, cloud-based storage environments, IoT, mobile and emerging data systems from extremely complex, disparate and sensitive technology environments throughout the world.

What first attracted you to working in forensic technology? 

My education and background is primarily in application development and technology, and I always had some degree of exposure to operating systems and networking. I worked in a variety of consulting positions in New York with Wall Street and Silicon Alley clients. Post-9/11, I took the opportunity to work at the US DOD National Security Agency in the information assurance directorate, where I gained in-depth experience with digital forensics, cybersecurity and investigations techniques. I very much enjoyed the nature of the work and had the luxury of working with some of the most sophisticated tools and brightest minds during, basically, the infancy of what turned into a private sector commercial industry. Once there was a shift towards application of the same methods and techniques in the legal industry, in conjunction with the proposed regulatory changes for electronic evidence, I saw an opportunity and re-entered the consulting world. 

What qualities make for an effective forensic expert? 

I would say competence, technical depth and the ability to explain complex technical concepts to a layperson. But thinking further, I would back into that with the fact that I suspect anyone put in the position of serving as an expert has similar training, credentials and experience, which levels the field. So with that said, I think what differentiates and makes for a more effective forensic expert is ultimately their honesty coupled with a degree of humility. The ability to know where the depth or breadth of your expertise ends tends to build more credibility with judges, jurors, attorneys and even opposing experts in my experience and the work you’ve done and opinion you rendered is not diluted. 

How has the field of digital forensics changed since you started practising? 

The needs and skills for digital forensics professionals have consistently moved towards more mobile devices, cloud storage, the IoT and my current favorite topic “ephemeral data”, as far as where electronic evidence resides. History has shown that every time storage devices, means of correspondence and the methods for analysing digital artefacts become routine and expected, a new device or means of storing data becomes acceptable. The ways that people and machines communicate and store data is an ever-evolving paradigm, and it’s our job as practitioners and technologists to stay as far ahead of any shifts as possible. 

What possibilities does AI hold for the future of digital forensics? 

I have found using AI to be tremendously beneficial in conducting investigations beyond the typical keyword searches and email threading. AI has helped accelerate the time it takes to produce a deliverable because you can “teach” a system how to script and extract appropriate artefacts from operating systems. This allows us to identify removable media, cloud activity, mass deletions or file access, but in particular in matters related to theft of trade secrets and intellectual property investigations, my A&M team and I have used AI to automate and perform fuzzy searches of data that don’t have exact one-to-one matches. It can also demonstrate exfiltration of ESI and derivative content, which leads to damages calculations. Using proven AI algorithms and software has become more and more acceptable and ultimately may be more defensible than the manual process. 

In your opinion, how will covid-19 affect the nature of global investigations and digital forensics work? 

Naturally the impact of not being able to have direct physical access to machines and client sites owing to government orders caused an initial reflex of “how will we get the data now?”. However, the fact of the matter is that most of us in the profession have been performing remote collections for some time. The circumstances of quarantining has caused longer timelines for collections and an unfortunate inconvenience, for lack of a better word. Traditionally, long before covid-19 restrictions – whether in the instance of a custodian having a device in a far-off place that could not be reached by a technician, or timing issues and logistics precluding direct access – my practice has always had remote kits with which we could instruct custodians to do plug-and-play collections on their own. It has never been ideal, but has also never been an insurmountable challenge. Additionally, over the past few years the time to do collections “over the wire” has become less and less problematic owing to network speed increases. As a corollary, with the increased movement to the cloud for client data storage, combined with the decreased cost of storage, we’ve had investigations where we have been setting up sequestered and secure analysis environments in a client’s cloud environment. This method serves as a means of keeping all parties at home during the lockdown period and eliminates the risk of data transfers between companies. This may become a go-to commonplace method even after we return to regular travel patterns. Necessity is the mother of invention. 

How do discussions around cybersecurity and data privacy affect your practice and the advice you give to clients? 

Cybersecurity and data privacy are always a topic of discussion in any and all cases we are involved in. In particular in my home state of California, the California Consumer Privacy Act now requires consideration. We make it a point to keep up to speed on the rules and requirements surrounding data privacy so that our clients can focus on what they do. On investigations where we span multiple international jurisdictions, the data privacy laws come into play as a rule. Fortunately, I have colleagues worldwide with deep knowledge of the data privacy laws and nuances in and around their respective regions, and the compliance challenges we may face in order to collect or host data. Alvarez & Marsal has made significant investments in personnel, legal and data centres in specific cities and countries in order to be able to serve every client’s possible need for electronic data. In regards to cybersecurity, it is a topic we take very seriously at A&M. Both internally and externally, we strive to maintain the utmost level of protection for our clients’ sensitive data. Just as we’ve made significant investment in our geographic footprint, we’ve also made investments in our cybersecurity practices, with periodic upgrades and tight protocols being maintained. While it may sound like a cliché, the advice I end up giving to clients around these topics is: “Trust us.”

What are some of the main challenges currently facing forensic experts when handling large investigations? 

Data privacy for jurisdictions with restrictions related to custodian data; and unique, exotic data-storage environments, systems, applications and communication platforms. New and more complex levels of encryption, which lead to longer collection timelines and analysis roadblocks – and, as mentioned earlier, for possibly the foreseeable future, access to client sites and custodian devices in the wake of covid-19. Lastly, the growth of disparate systems in large enterprises poses challenges to having a consistent approach to analysis so we have to remain flexible while keeping an eye on defensibility. 

What advice would you give to younger experts hoping to one day be in your position? 

Get as much exposure to as many types of cases, technology environments, clients and geographies as possible. The more experience you have, the sooner you’ll be able to identify your strengths and where your depth and specific expertise will be. Say yes to every opportunity, and try to figure out what you can do related to analysis and not what can’t be done, and more opportunities to grow will open up.

Global Leader

WWL Ranking: Global Elite Thought Leader
WWL Ranking: Recommended

WWL says

Global Elite Thought Leader Robert DeCicco performs outstandingly in this year’s research and is renowned for his expert handling of issues surrounding data collection.  

Biography

 

Robert DeCicco is a managing director with Alvarez & Marsal disputes and investigations practice. He specialises in providing services related to digital forensics incident response, forensic examinations, cyber security and electronic discovery for a variety of high-profile and confidential clients. He is a court accepted expert for a host of technology related disciplines in district, state and federal jurisdictions both nationwide and abroad.

With more than 20 years of technology experience, Mr DeCicco has performed hands-on examinations and analysis of computer data and the day to day management of staff along with authoring and ensuring compliance of policies and operating procedures. He has actively managed, participated in and defended opinions on the full life cycle of electronic evidence in electronic discovery including the collection and analysis of electronic evidence and it’s behavior from thousands of computers, cloud-based storage environments, databases, IoT devices, mobile devices and emerging data systems from extremely complex, disparate and sensitive technology environments throughout the world.

Mr DeCicco is a former civilian employee of the National Security Agency (NSA) and regularly works in conjunction with regulatory and law enforcement agencies to provide acceptable practises and defensible sound data collection, processing and  analysis protocols. He  also maintains active involvement in the standard operating procedures group related to acceptable methodologies related to ESI collection and analysis in the field and in the lab and often lectures to the technology and legal communities.

Prior to joining A&M, Mr DeCicco served as a managing director and co-leader of the technology segment of the global investigations and strategic intelligence practice at a global consulting firm, as a managing director and global practice leader of digital forensics incident response at navigant consulting and as a managing director, in the technology practice as the central division leader and global risk and investigations practice liaison at FTI Consulting.

Mr DeCicco earned a bachelor’s degree in management / management information systems from Pennsylvania State University. He also studied incident response forensic analysis and discovery at guidance software professional training center and cyber security incident response malware detection and removal, memory forensics and remediation at Mandiant Security Consultancy. Mr DeCicco is an Encase Certified Examiner (EnCE), a licensed private investigator in the State of Texas and a member of the Sedona Conference Working Group 6, Association of Certified Fraud Examiners (ACFE) and American Bar Association (ABA).

WWL Ranking: Recommended

WWL says

Robert DeCicco is a leader in digital forensics, esteemed for his efficient incident response service and truly exceptional data analyses. 

Biography

Robert DeCicco is a managing director with Alvarez & Marsal disputes and investigations practice. He specialises in providing services related to digital forensics incident response, forensic examinations, cyber security and electronic discovery for a variety of high-profile and confidential clients. He is a court accepted expert for a host of technology related disciplines in district, state and federal jurisdictions both nationwide and abroad.

With more than 20 years of technology experience, Mr DeCicco has performed hands-on examinations and analysis of computer data and the day to day management of staff along with authoring and ensuring compliance of policies and operating procedures. He has actively managed, participated in and defended opinions on the full life cycle of electronic evidence in electronic discovery including the collection and analysis of electronic evidence and it’s behavior from thousands of computers, cloud-based storage environments, databases, IoT devices, mobile devices and emerging data systems from extremely complex, disparate and sensitive technology environments throughout the world.

Mr DeCicco is a former civilian employee of the National Security Agency (NSA) and regularly works in conjunction with regulatory and law enforcement agencies to provide acceptable practises and defensible sound data collection, processing and  analysis protocols. He  also maintains active involvement in the standard operating procedures group related to acceptable methodologies related to ESI collection and analysis in the field and in the lab and often lectures to the technology and legal communities.

Prior to joining A&M, Mr DeCicco served as a managing director and co-leader of the technology segment of the global investigations and strategic intelligence practice at a global consulting firm, as a managing director and global practice leader of digital forensics incident response at navigant consulting and as a managing director, in the technology practice as the central division leader and global risk and investigations practice liaison at FTI Consulting.

Mr DeCicco earned a bachelor’s degree in management / management information systems from Pennsylvania State University. He also studied incident response forensic analysis and discovery at guidance software professional training center and cyber security incident response malware detection and removal, memory forensics and remediation at Mandiant Security Consultancy. Mr DeCicco is an Encase Certified Examiner (EnCE), a licensed private investigator in the State of Texas and a member of the Sedona Conference Working Group 6, Association of Certified Fraud Examiners (ACFE) and American Bar Association (ABA).

WWL Ranking: Recommended

WWL says

Robert DeCicco is a "thorough and experienced" expert on the market, excelling in both data acquisition and forensic examinations.

Biography

Robert DeCicco is a managing director with Alvarez & Marsal disputes and investigations based in California. He specialises in providing services related to data acquisition and forensic examinations for a variety of high-profile and confidential clients. His primary areas of concentration are digital forensics and incident response.

With more than 20 years of forensic technology experience, Mr DeCicco has performed hands-on examinations and analysis of computer data to day to day management of staff and the enforcement of policies and procedures. He has actively managed, participated in and defended the collection, analysis and reporting on the behaviour of data from electronic evidence from thousands of computers, cloud-based storage environments, IoT, mobile and emerging data systems from extremely complex, disparate and sensitive technology environments throughout the world.  

Mr DeCicco is a former civilian employee of the National Security Agency (NSA) and regularly works in conjunction with regulatory and law enforcement agencies to provide acceptable practises and forensically sound data and analysis protocols. He also maintains active involvement in the standard operating procedures group related to acceptable methodologies related to ESI collection and analysis in the field and in the lab.

Prior to joining A&M, Mr DeCicco served as a managing director and co-leader of the technology segment of global investigations at a global consulting firm, as a managing director and global practice leader of digital forensics incident response at Navigant Consulting and as a managing director, and technology central division leader and global risk and investigations practice liaison at FTI Consulting.

Mr DeCicco earned a bachelor’s degree in management / management information systems from Pennsylvania State University. He also studied incident response forensic analysis and discovery at the Guidance Software Professional Training Center and cyber security incident response malware detection and removal, memory forensics and remediation at Mandiant Security Consultancy. Mr DeCicco is an Encase certified computer examiner (EnCE), a licensed private investigator in the State of Texas and a member of the Sedona Conference Working Group 6, Association of Certified Fraud Examiners (ACFE) and American Bar Association.

Law Business Research
Law Business Research Ltd
Meridian House, 34-35 Farringdon Street
London EC4A 4HL, UK
© Law Business Research Ltd 1998-2020. All rights reserved.
Company No.: 03281866