±Forensic Focus Partners
New Today: 1
New Yesterday: 13
±Forensic Focus Partner Ads
· Forensics and Bitcoin
· Investigation and Intelligence Framework (IIF) – an evidence extraction model for investigation
· Extracting data from dump of mobile devices running Android operating system
· Development of Digital Forensic Tools on Mobile Device, a Potential Area to Consider?
· Can You Get That License Plate?
· How To Decrypt WeChat EnMicroMsg.db Database?
· A guide to RegRipper and the art of timeline building
· Recovering Evidence from SSD Drives in 2014: Understanding TRIM, Garbage Collection and Exclusions
· FT Cyber Security Summit 2014 – Recap
InterviewsBack to top Back to main Skip to menu
Feike Willem Dillema, Co-Founder, TraceMiners
TraceMiners is a Dutch company that creates efficient forensic software that streamlines the discovery, extraction and sharing of digital evidence. We sell TraceMagnet; a web-based forensic analysis platform that is quick to deploy, easy to learn and powerful. We also build custom solutions for customers that want to optimize their forensic processes. I am actively involved in the forensic software design and development and the consultancy work.
Your paper ‘Engineering an Online Computer Forensic Service’ provides an overview of XIRAF, a forensic analysis system developed at the Netherlands Forensic Institute. Could you tell us a bit about your research and the XIRAF service?
This research project started around 2005 when most forensic analysis was still performed with memory-based desktop tools. We built a system that automatically extracted features from forensic images and stored those features in a database system. We separated feature extraction (emails, documents, browser history, chats etc) and analysis. Digital forensic experts could then query all the evidence in a uniform way, independent of its origin and format. Adding a basic web-based user interface allowed police detectives and digital experts to collaborate efficiently on very large and high-profile cases. Now everybody was looking at the same evidence, no matter where or who they were. It was really great to see a research project have such an impact on investigative work.
You worked as a researcher and lecturer before co-founding TraceMiners. What prompted the move away from academia?
With some experienced colleagues, I started TraceMiners because we believe we can make a real difference in the forensic market with tools that are designed from the start to let investigators share and collaborate effectively. With our fairly rare combination of expertise in digital forensics and (large) systems design and engineering, we are particularly suited to building such advanced forensic tools.
Tell us more about the software TraceMiners creates. What specific challenge faced by digital forensic examiners are you trying to address?
In many organizations digital experts are a scarce and overloaded resource. To increase overall investigative productivity our software automates standard and recurring tasks.
We also design our software to be an active helpful assistant; one that helps you keep track of your findings and points you to material that is similar, related or connected somehow. A bit like how Amazon tells you "if you like this than maybe you are also interested in that".
Finally, our software allows digital experts to share access with other investigators and let them search and read email, chats, documents and such themselves.
All this off-loads digital experts and gives them more time for the work that really requires their expert skills.
What are the biggest challenges you face as a developer of forensic software? What do you enjoy most about the role?
Performance and scalability is a major issue that we address by building a storage system especially designed for forensic data and workloads. This avoids many of the problems you inevitably run into when relying exclusively on standard database systems.
Another real challenge is to design a user interface that is both powerful and easy to use. A great user interface never looks like it was a great challenge to design, but it always is (ask Apple!). It is meeting all these challenges together that makes it so rewarding and great fun.
What does the future hold for TraceMiners? What can we expect to see in the next year or so?
TraceMagnet is highly efficient and it runs well on almost any computer (laptop, PC or server). It is also designed to scale well and we expect to add support for the management of many collaborating worker machines later this year.
We are also working on ‘opening up’ TraceMagnet. Effective sharing of evidence also means the ability to easily share with the other tools you or your colleagues use.
Finally, we’re making several other forensic tools based on the software components that we have developed. One of those we plan to make freely available soon.
What do you do to relax when you’re not working?
I tend to work a lot, so when I don’t, I go completely offline, away from displays, and preferably spend time outdoors with my family, downtown historic Delft or at the beach (in almost all weather conditions).