Unfortunately this is a general problem worldwide, many law enforcement organizations don't got the needed budget for this kind of tasks (
Unfortunately this is a general problem worldwide, many law enforcement organizations don't got the needed budget for this kind of tasks (
Well, one could argue that the issue could be easily solved in two ways, both equally effective wink
1) better funding the LEO's
2) lowering the amount of money asked by the "pro" people doing this kind of tasks
jaclaz
It wouldn't be professional telling any sums or other contracts related informations, but I can tell that our offer is considered way low for this kind of task.
Interesting non-LEOs speaking for LEOs…
Quality has its price! And passcodeunlock is absolut a top professional - tell me any better?
It wouldn't be professional telling any sums or other contracts related informations, but I can tell that our offer is considered way low for this kind of task.
Well, one thing is giving *whatever* price you see fit or however believe appropriate to your work, another thing is saying that having public prices is not professional.
I see nothing in having a list price being connected to being professional or not professional.
As a matter of fact I personally find very professional to have public prices (or rates) and - to be fair and as a side-side note - I always found scarcely professional to have different prices for the same *whatever* for LEO's (or for academics, or for students, etc.), it represents (in my perverted mind) a senseless form of "private" subsidizing, and I personally deprecate any form of subsidizing, including "public" ones (that however may have some "logical" reasons and may even be "socially justified").
jaclaz
@jaclaz we (you and me) aren't native English speakers. You interpret wrong the meanings of my previous phrase, I mark with bold what the accent is on
It wouldn't be professional telling any sums or other contracts related informations,…
Anyway, for this kind of tasks it is almost impossible having a general price list (public or not), since each task is unique.
Anyway, for this kind of tasks it is almost impossible having a general price list (public or not), since each task is unique.
I know, usually this kind of work is proposed (and carried on) on a fiduciary basis (like most if not all consulting work), but anyway with a preliminary estimation.
Example
The rate for Software Recovery Technician, including the use of hardware ad software needed is US$ 150.00 per hour of fraction, with fractions rounded to the next quarter of hour.
The rate for Hardware Laboratory Techinician, including the use of laboratory equipment is US$ 200.00 per hour or fraction, with fractions rounded to the next quarter of hour.
We expect, to carry the recovery on a xxxxxxyyyyyyy device to need
Software Recovery Technician 12 hours
Hardware Laboratory Technician 4 hoursFor a typical zzzzzzwwwww device we expect
Software Recovery Technician 81 hours
Hardware Laboratory Technician 28 hoursFor a wwwwwxxxxxxx device we expect instead
Software Recovery Technician 11 hours
Hardware Laboratory Technician 24 hoursThe above is only indicative and may vary up to +/- 50%.
Shipping and handling from our Laboratory of the device, via primary courier, US$ 100.00 within EU and US$ 200.00 rest of the world.
Reimburse of the cost of physical media used to store the recovered data, that we estimate as
US$ 5 per GB of data up to 50 GB
US$ 2 per GB of data up to 500 GB
US$ 0.50 per GB of data over 500 GBTo the above costs you will need to add
Costs for shipping the device to our laboratory address, which remains your sole responsibility.
VAT, local sales taxes, duty and whatever other tax or tariff applicable.
This way a customer (or prospective customer) can easily understand if it is worth it (or if he/she/they can afford it) and take a decision, before calling (and making you - and the caller BTW - lose time).
I may find "acceptable" the example costs for a device xxxxxxyyyyyyy that, set apart shipping, taxes and storage would presumably cost me between 2,600 and 3,900 US$ and find unaffordable costs for a device wwwwwxxxxxxx which recovery at list price would go between 17,750 and 26,625 US$ (again besides shipping, taxes, etc.).
jaclaz
Reference of pasted content missing!
@jaclaz please find me a similar price list like you mentioned for exploiting the TrustedZone for extracting the encryption keys, then use the keys to decrypt aes-xts.essivsha256 encrypted data from an offline dump, without having the device… I'm really anxious to read your answer regarding these prices )
Your previous sample is non-sense at this level. Even if you would be a Zerodium trader, Asimuth developer, crypto-reversing guru or a long-time known or unknown blackhat or whitehat knowing everything, etc. - you still couldn't estimate what could be the costs for the next task you would get…
Reference of pasted content missing!
I just made it up, what reference are you asking for? ?
@jaclaz please find me a similar price list like you mentioned for exploiting the TrustedZone for extracting the encryption keys, then use the keys to decrypt aes-xts.essivsha256 encrypted data from an offline dump, without having the device… I'm really anxious to read your answer regarding these prices )
Your previous sample is non-sense at this level. Even if you would be a Zerodium trader, Asimuth developer, crypto-reversing guru or a long-time known or unknown blackhat or whitehat knowing everything, etc. - you still couldn't estimate what could be the costs for the next task you would get…
It seems to me like you are missing the point I was trying to make.
Loosely speaking the idea is that someone is willing to sell a service (i.e. their knowledge, experience and time, besides specialized equipment and tools) and (hopefully) someone else is going to spend money in order to acquire that service.
The idea is that the one selling the service is
a) an expert in the matter at hand
b) thus (by comparison with N previous similar cases) has - even loosely - an idea of how much of his/her time will be needed to provide the service
c) knows how much money (per unit time of work) that particular work might be either valued on the market or alternatively how much money he/she wants to make (irrelevant from the market price)
The only thing the prospective buyer/customer is qualified for is normally
1) how much money he/she has
2) how much of this money he/she can afford for the specific service
Set aside whether list prices exist and are published, a (private) preventive estimation would be IMNSHO needed.
It is only logical that a correspondence *like*
QHi, I am interested in your service, how much will it cost to frumble a squirghoyle?
A No idea, although we already frumbled hundreds of squirghoyles, besides gryntrembling tens of vestriggers, we cannot provide an estimation.
Customers usually send us besides the device, an unlimited credit card number (or irrevocable authorization to draw funds from their multi-billion US$ bank account) then we charge on it as much as we see fit along the progress of the operation, until we hopefully succeed.
No two cases are the same.
Is *very unlikely* to end in an actual transaction.
Anyway my original note was only about having public list prices and contract agreements being "not professional" (which is what you stated), whilst I find having them public an added sign of professionalism and a way to save time to BOTH the seller and the prospective buyer.
jaclaz