Posts by John Reeman
Mobile Forensics for Litigation: What’s Actually Recoverable From a Smartphone
Mobile phones are often the most valuable source of evidence in modern litigation. They contain communications, location data, financial records, and user activity that no other source captures.
But mobile evidence is also fragile, time-sensitive, and technically complex to extract properly.
The firms that get mobile forensics right start early, engage specialists, and treat mobile devices with the same evidentiary seriousness as documents and emails.
READ MORE >>Why Every Law Firm Needs a Tabletop Exercise
It’s 9:47am on a Tuesday. Your practice manager calls—staff can’t access the document management system. Then the ransom note appears.
Who makes the call on whether to pay? Who tells clients their matters may be compromised? Who’s calling the insurer, the OAIC, the police?
If your firm hasn’t answered these questions before the pressure hits, you’ll be making critical decisions on the fly. That’s where tabletop exercises come in.
READ MORE >>Digital Forensics for Law Firms: What It Actually Involves (And Why It Matters)
“We need to know what they took.”
Seven words that change everything in a data breach investigation.
When a law firm discovers unauthorised access, the first question is rarely “how did they get in?” It’s “what did they see?”
That question has regulatory implications. Client implications. Insurance implications.
Digital forensics answers it.
READ MORE >>What Can Be Recovered From an iPhone in a Forensic Investigation
When an iPhone becomes central to a legal matter—employment dispute, family law, commercial litigation—clients often ask the same question: what can actually be recovered?
The answer depends on the device, how it’s been used since the relevant events, and the extraction method available. But in many cases, significantly more can be recovered than people expect.
READ MORE >>The First 72 Hours: What Really Happens When a Law Firm Gets Breached
It’s 11:47pm on a Friday. A managing partner’s name lights up your phone.
“Something’s wrong. The system’s locked us out. There’s a message on the screen demanding Bitcoin.”
In that moment, everything changes.
I’ve taken that call more times than I’d like to count. And in almost every case, the difference between a manageable incident and a catastrophic one comes down to what happens in the next 72 hours.
Not the next week. Not when the insurance company finally assigns a response team.
READ MORE >>Welcome to the “Cybersecurity Loop” Edition #17
🎄 Ho Ho Ho! 🎄 Welcome to the festive edition of the cybersecurity loop! Quick heads up — I’m building something new for 2026. It’s called “The Reluctant CISO”: a private community for legal sector leaders who’ve inherited cybersecurity responsibility without the title, training, or team. If that sounds familiar, keep an eye out.…
READ MORE >>118 Australian Businesses Hit by Ransomware in 2025 | What Leaders Must Know
According to data tracked by ransomware.live, 118 Australian organisations have already been publicly impacted by ransomware this year. The victims span almost every sector of the economy — airlines, telecommunications providers, medical practices, retailers, manufacturers, professional services, and law firms. The diversity of targets reinforces an uncomfortable truth: no organisation is too small, too regulated,…
READ MORE >>Australian Clinical Labs Case: Lessons in Cyber Response & Communication
The ACL judgment is a valuable reminder that cyber-risk is not just about firewalls, malware signatures or patches. It’s also about how we interpret, act on and communicate the results of our investigations, particularly when external advisors are involved.
READ MORE >>Beyond the Gateway: Why Traditional Email Security Can’t Stop BEC Attacks Targeting M&A Deals and Trust Accounts
Welcome to the world of modern Business Email Compromise (BEC), where the attack vector isn’t a malicious payload, but elaborately constructed deception that exploits the very trust relationships that make business possible.
READ MORE >>The Hidden Battlefield: Why Traditional EDR Leaves Your Identity Layer Exposed
Modern cybersecurity has a blind spot problem. Organisations invest heavily in Endpoint Detection and Response (EDR) solutions, believing they’ve fortified their defences. Yet attackers continue to move laterally through networks, escalating privileges and exfiltrating data often without triggering a single alert. The reason? EDR tools excel at monitoring endpoints, but they fundamentally cannot see what…
READ MORE >>