New Today: 1
New Yesterday: 12
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Windows 8: Important Considerations for Computer Forensics and Electronic Discovery
InterviewsBack to top Back to main Skip to menu
Yuri Gubanov, Founder, Belkasoft
Yuri, can you tell us something about your background and who you are?
I have a degree in mathematics and software engineering. I graduated with honors from St-Petersburg State University, Mathematical and Mechanical faculty. This is one of the oldest and best universities in the second largest city in Russia, famous for its white nights in June when you can even read at night being outside.
Before starting my own company, I changed many hats being a junior and senior software developer, project and product manager, and then becoming a top manager in a software company.
You founded a software company, Belkasoft, in 2002. Tell us more about the motivation behind that decision.
Frankly, I have never thought I would end up in the forensic business. In 2002 I didn’t even know that word, "forensics"! But you know, you never know! As a software developer, I visited many places I never thought I would when studying computer science. Just an example; at the time we were working on software and hardware for analyzing grain, I visited many tiny towns in Australia like Wagin and Katanning, meeting with our potential customers – farmers.
Being an employee never completely satisfied me, and I started exploring options to be in a business of my own. It took a few years of trials and failures until one of my small utilities became successful on the forensic market. The tool's only job was extracting data from ICQ databases, but my tool worked much better than the official ICQ convertor, which made it popular among home users and forensic customers.
At that time I was still working as an employee for an outsourcing company, being a ‘programmer for hire’ and doing random pieces in various software products. It took me a few more years before I finally decided to quit. It was a tough decision as I had no business background of my own. Fortunately, I learn quickly. I am much more confident in what I am doing today than I was back then. At that time my company already had a name in the forensic market, and offered tools that were way more sophisticated than the initial ICQ analyzer. Though I haven't had forensic background at that time, I managed to develop myself in this direction. Today, they label me as a "forensic expert" when quoting my words.
Briefly, tell us more about the software Belkasoft creates. What specific challenges faced by digital forensic examiners are you trying to address?
Forensic examiners are enormously overloaded with work. On the one hand, they have piles of hard drives and disk images to investigate. On the other hand, each and every one of those drives contains hordes of various software pieces and bits of essential information to take into account. Now, adding time pressure into account, investigators only have so long to find evidence before another crime happens or the suspect flees abroad. It is close to impossible to do the job in time without a great deal of automation.
Our software aims to ease the process of forensic investigation as much as possible. We are keen to back our slogan, "forensics made easier". The ultimate goal is to have a product that’s as easy as possible to operate, while supporting all common software pieces out of the box. We understand the nature of forensic investigations. We met with people who’re doing this job. We took notes, implementing what they wanted in our product the way they wanted it to be. Today, we’re proud to discover hundreds of artifacts without placing high demands on our customers. Our users don’t need to be computer science experts. In particular, they don’t have to know about all those database, log-file and history formats, registry places, encryption algorithms, file paths in the many different operating systems, etc.
We are best known for our instant messenger support, the area in which our product can be called best in its class. We support more than 70 various instant messengers, chat rooms and social network apps for Microsoft Windows and Mac OS.
What does your own role involve? What sorts of things are you involved with on a day to day basis?
Belkasoft is not a big company, so I am doing various things except for one: software development. Well, that’s not entirely true; I do software development when I’m fed up with my other work. In general, my daily schedule is filled with two things: leading our product development and selling our products. The latter allows me to travel extensively for conferences and meetings with our customers. I love traveling, so I’m pretty happy with that part of my job.
What are the biggest challenges you face as a developer of forensic software? What do you most enjoy about the role?
The biggest challenge is to decide what to do next. Our customers are brilliant at suggesting new features. Some of the features we invent ourselves. It’s impossible to implement all the features and do all the suggestions at once, if at all, so we struggle to keep the number of new features reasonable. Maintaining a world-class product means we must constantly test it every time a new version of supported software is released, which becomes harder and harder the more artifacts we support.
The thing I enjoy most is meeting a happy customer. At one of the first conferences I visited, most of the booth visitors I was talking to were saying: we know about your company, your software is great! It was a pleasing but surprising experience, as I didn't do any ads at that time.
Another great thing (but a little bit more psychologically complicated) is turning an angry customer into a happy customer. Sometimes it takes a lot of effort if a customer faces a problem and already feels bad about our product, to make him say "wow, your support was brilliant in solving my problems!" But it's definitely worth the effort.
In addition to your work with Belkasoft you recently also started a new website at f-interviews.com - tell us more about that project.
Speaking with people during the conferences, I learned that many of them are extremely interesting. They can tell a lot of stories, serious and funny, predict the future and give you good advice. All you need to do is listen. In that project, "f-interviews.com", I’m trying to ask questions to key persons in our area. For example, one of the recent questions was how cloud technologies and social networks can affect the forensic market.
I have great hopes that maybe in a year or two I manage to speak with every well-known person in the area of digital forensics. This is the goal.
Looking to the future, how do you think the world of digital forensics will change over the next few years?
A lot of interesting predictions were made by the people I interviewed for the f-interviews portal. That included trends on giving up full drive imaging, changes caused by cloud software, and so on. So let me try giving predictions of my own, and not just repeating what my interviewees said.
1. I think in 5 years all forensic tools we are using now will be something completely different. We will rarely use then what we are extensively using now. The brands could be the same (e.g. Encase may be still named Encase), but they’ll do completely different things.
2. Desktop computers will leave most people's homes. Average folks will have appliances such as media centers to keep images, video, music and documents. They’ll operate with a TV. Most folks will do their internet activities using their smartphones and tablets such as the iPad. Laptops will significantly decrease in number, remaining mostly in hands of business people.
3. It will be much harder to extract information from hardware devices. Locally stored data will be strongly encrypted by default, connection protocols will remain secure, and remote data will be securely stored in encrypted clouds. Most important data will be split in parts, with every part independently stored in different clouds (different computers, different countries) so you won’t be able to decrypt them even if you get full access to a particular cloud storage. This will be transparent to a user and won't require any skills rather than to use a special application on your tablet.
4. More and more evidence against unskilled criminals will be pulled out of social networks. Police or third-party companies will have crawlers similar to Google crawler to index all open social network pages daily (if they don’t have that already). So, deleting unwanted information will not help. Of course, this will require powerful (and expensive) data centers to store tons of information, so most probably this will be commercial companies, not police (and police will pay them for every investigation)
5. Hmmm… I need to say something positive at last. Well, let me suppose that soon people realize the danger of having too much personal information publically available. They will publish it less often; social networks will help (or be forced to help) by implementing proactive mechanisms to prevent publishing potentially dangerous posts. Our children will be specially taught and trained in schools on how to be secure in social networks, so, after a bump, there will be much less crime based on disclosed personal information.
Finally, what do you do to relax when you're not working?
Various sports. Depending on time of the year it may be roller skating (one of my slalom clips got 70K+ views on youtube!) or snowboarding, football or even salsa (but not to the extent of David Lewis from Fulcrum, who even went to Cuba to master his salsa skills, heh).
I also love traveling. Though my tight schedule doesn't allow me to travel much for leisure, I can spend a few days after a conference exploring the city. A few weeks ago I returned from my first vacation in 3.5 years, a vacation I spent on an Antarctica cruise. Three weeks with no Internet, no mobile phone and without the smallest chance to work! You can imagine what an excellent relaxation that was. And penguins, penguins, hordes of them!
Yuri can be contacted through the Belkasoft website.