±Forensic Focus Partners
New Today: 0
New Yesterday: 4
±Forensic Focus Partner Ads
· Forensics and Bitcoin
· Investigation and Intelligence Framework (IIF) – an evidence extraction model for investigation
· Extracting data from dump of mobile devices running Android operating system
· Development of Digital Forensic Tools on Mobile Device, a Potential Area to Consider?
· Can You Get That License Plate?
· How To Decrypt WeChat EnMicroMsg.db Database?
· A guide to RegRipper and the art of timeline building
· Recovering Evidence from SSD Drives in 2014: Understanding TRIM, Garbage Collection and Exclusions
· FT Cyber Security Summit 2014 – Recap
InterviewsBack to top Back to main Skip to menu
Adam Belsher, CEO, Magnet Forensics
Our mission is to help forensic investigators and security analysts “bring the truth to light” by uncovering and making sense of the digital trail left behind on computers, smartphones and tablets. Our flagship product, Internet Evidence Finder (IEF), can search an image, file, folder or memory dump from a PC or mobile device and recover hundreds of artifacts related to social media, webmail, browser history, P2P, cloud, chat, web activity, pictures and videos. Where we really set ourselves apart is our expertise in recovering deleted data from these artifacts which is often a goldmine of evidence.
What do you think are the main challenges faced by digital forensics examiners today, and how is Magnet Forensics addressing them?
1. One of the biggest challenges faced by forensic examiners is quickly finding the key evidence within massive amounts of data spread across multiple devices and applications. We live in a connected world that is increasingly getting more connected which has created a data tsunami that has changed the face of digital investigations. Our digital universe will double every two years from now until 2020 according to IDC. At Magnet, we believe that a forensic examiner’s time is very valuable and is best served in analyzing the data and not doing the work a computer can do. Of course, it’s always good practice to validate your key findings either manually or with another tool. IEF plays a critical role in dealing with the mountains of data as it’s an automated search that can recover over 430 types of artifacts from mobile devices and computers and only takes a couple of minutes to set up. Our customers tell us that IEF saves them precious time and allows them to find evidence quickly and shine the light on areas they want to investigate further.
2. Another area that forensic examiners are challenged with is the increased complexity of their cases, making it impossible for any examiner to stay on top of all the applications and devices on the market. There are thousands of computer and mobile applications with more emerging every day. To add further complexity there is a whole host of digital media types including computers, smartphones, tablets, GPS devices, cameras and gaming consoles that could potentially hold key evidence. At Magnet, we have teams that stay on top of both existing and new apps as they are constantly changing, so as an investigator you can focus on the analysis and spend less time figuring out how to reverse engineer an artifact.
3. The last big challenge that we see is the steady increase in cybercrimes. Cybercrimes include things like fraud, child exploitation, IP theft, phishing, malware, and cyber warfare. Many of the same apps that we use as consumers are often the ones that criminals use to commit their crimes. Unfortunately, the fact that we are all connected makes it easy for criminals to commit a crime from another country and use various technologies to cover their tracks. Magnet can recover hundreds of these Internet related artifacts, and especially deleted data, helping investigators get to the facts.
Tell us more about IEF – what does it do, and what sets it apart from similar forensic tools?
There are three primary areas where IEF really shines. We break them down in terms of the investigator’s workflow so please bear with me.
The FIND stage: IEF has an automated search that takes minutes to set up (yes, really) and allows an examiner to focus on other parts of the case while IEF searches through the data. As one customer put it to us with IEF, “you just set it and forget it and come back to a nice report of the findings”. IEF identifies and recovers 430+ artifact types from social media, chat, webmail, P2P etc. from computers and mobile device images. We have the broadest and deepest artifact support in the industry and are continuing to build on that strength. We have dedicated teams that stay on top of these artifacts as many are changing frequently and new ones are emerging every day. Keeping current with all these artifacts while maintaining quality is something we pride ourselves on.
The ANALYZE stage: IEF identifies and organizes the recovered artifacts by type to make it easier for an examiner to review, taking unstructured data and putting it in a structured format. In addition, we have built-in tools to further refine the data such as filtering, searching and categorization. We also have added the ability to visualize the data in different ways. We have the IEF Timeline feature which allows an investigator to view the data on a timeline and zero in on specific time periods or artifact types that are of interest. Other visualization capabilities include our ability to rebuild webpages in the state that they were originally viewed by the suspect. This is especially important in court when a picture says a thousand words. Recently we added the ability to view chat artifacts in a threaded view and geo mapping of data from mobile applications like Facebook.
The PRESENT stage: This is an area that we feel is often overlooked in many forensic tools. IEF provides easy-to-use reporting and flexible export options to formats such as html, excel, pdf and csv. We also enable a forensic examiner to share the results with other investigators or a prosecutor in the form of our “portable case” option. Our goal is to transform the data into insights to help an investigator present their findings in court.
What does the future hold for Magnet Forensics? What can we expect to see in the next year or so?
We are very focused on our customers and supporting them in their missions whether it’s fighting crime, protecting company assets, or guarding national security. We see a world that is becoming increasingly connected with more apps and devices than ever. The amount of data being generated will continue to grow which will put more pressure on forensic examiners and it is our goal to get to the relevant data quickly and help the examiner make sense of it.
Adam Belsher is the CEO of Magnet Forensics. In addition to Internet Evidence Finder (IEF), the company also offers a range of free tools for digital forensic examiners.