In preparation for their upcoming roadshow collaboration, Magnet Forensics talk to Bob Elder about how he came to be a digital forensic investigator, and some of the main challenges in the field today.
Magnet Forensics: Tell us a bit about yourself and Teel Technologies
Bob Elder: Ever since I could remember, I have had a strong interest in computers and technology. At a young age I was the go to guy to fix friends’ and family’s computers and eventually had my own company selling and repairing computers. Once I entered the policing environment, I was always doing side projects like designing department websites; fixing computers internally; showing fellow members how to work the tech stuff; and even teaching a little on the subject matter. In 2007, I transferred into the Victoria Police’s Computer and Mobile Forensics section where I found a new passion in the forensics environment.In 2010 I came on board with Teel Technologies as a trainer for their Advanced Flasher Box course and eventually taking on the task of course development that lead to classes like the Advanced JTAG and Chipoff classes we present now. After some convincing from Bill Teel in 2013, I retired from Law Enforcement to take on a dual role with Teel Technologies; one as the Director of Training with Julia Formichella (Bill’s wife); and CEO-Partner of Teel Technologies Canada.
Teel Technologies Inc. first came to existence in the United States back in 2006 when Bill Teel began reselling products to assist law enforcement, military and private sector organizations with their mobile forensics needs. This company has grown to now provide not only products but also consulting, equipment, training and forensic services in the mobile / computer forensics field to all these entities. Teel Technologies is considered the leading expert worldwide in the JTAG; ISP eMMC; Chipoff; and Flasherbox / Bootloader processes as they relate to mobile forensics.
Magnet Forensics: Extraction and recovery are the foundation of digital forensics, how did you get interested in that area?
Bob Elder: Once I entered into the computer forensics field, I was captured by the challenges of mobile phone forensics and finding ways to get the data by thinking outside the box. Being presented with a cell phone that was totally destroyed by the suspect; getting locked devices back in the flip phone days; the introduction of locked Android devices; damaged or non-functioning phones; phones from arson cases; and much more. Back then, the forensics tools were having a hard time to keep up with these challenges and it forced me to research and find new ways to get into these devices, thus the implementation of advanced hardware based techniques like JTAG; Chipoff; Flasher Boxes and now ISP and custom Bootloaders.
Magnet Forensics: You are a great partner in the forensics community – why is that so important?
Bob Elder: Working with partners in this community is very important to everyone. No one entity can resolve all the problems we are going to face in recovering digital evidence from devices in the future. Working together we can achieve a lot more success in a faster time line. We all bring something different to the table and by working together, we provide better products and services to the community that needs it most, the Law Enforcement members who work so hard to put bad guys in jail.
Magnet Forensics: How did you first hear about Magnet Forensics?
Bob Elder: Sitting in a bar… just kidding, back when I was a Police Officer at VICPD, I heard about Jad’s (Saliba, Magnet Forensics’ Founder and CTO) original creation called JADSoftware. I have been a fan and friend ever since!
Magnet Forensics: What do you like about how our tools work together?
Bob Elder: As you know, our specialized techniques deal mostly with physical acquisitions, some techniques do allow for file system or logical dumps but for the most part, we deal mainly at the physical level. Having the ability to bring in a BIN file to the AXIOM or IEF interface, which in turn allows for the rebuilding of the file system to gain access to the database files that contain the evidence we are seeking, is invaluable. Working with Magnet Forensics allows us to concentrate on the advanced methods of obtaining the data and leave the decoding and carving to the experts in the field.
Magnet Forensics: What is the feedback you have heard from customers using our tools together?
Bob Elder: As the moderator of the PRMFG Google Group, I read posts from over 1300 members around the world, and I have seen nothing but positive feedback from users of this group, and other groups I participate in. Everything from the capabilities and support that the product and company provides have been positive. Of note are comments relating to the inputting of RAW BIN files into AXIOM or IEF and the great results people are getting from the decoding and reporting process.
Magnet Forensics: We’ve heard from customers that Magnet Forensics tools are ideal for using on Teel Technologies images for the best data recovery – have you seen this?
Bob Elder: In this community, one cannot depend on one tool to maximize the results for evidence discovery and collection, one should examine devices with multiple tools. No one tool can do it all, and by using multiple tools, you expand your ability to get more evidence. One tool may support recovering data from Application “A to H”; the next tool you use may support Application data from “F to R”; and another support Applications “P to Z”; the more tools you use, the more evidence you will recover. Based on my experience, AXIOM and IEF cover off and support recovering evidence from a magnitude of applications we see in our examinations, in fact we have been told that using these tools with our technology has produced really incredible and deep results. I know from a personal front, I have been very impressed with the results I get for my case files.
Magnet Forensics: How would you like to see the relationship grow in the future?
Bob Elder: The challenges we are facing these days require a bit of teamwork to conquer. Things are not getting easier, in terms of recovering data from encrypted devices; and things are not getting easier at the application / Operating System level, security wise as well. No one organization will be able to overcome these barriers and by working together and pooling our resources, we have a much better chance of helping and empowering our customers. I see working with partners like Magnet Forensics as a win-win for both sides, and in the end our goal is to be able to get the evidence that the law enforcement community needs to do their job.
Magnet Forensics: What’s next for Teel Technologies and TeelTechServices?
Bob Elder: In the future I see continued research and development; collaborations with other experts in the field and within the Teel Tech team; experimentation with existing processes to expand their functionality in digital forensics; introducing these advanced techniques to new markets that currently do have this technology; and a few other things that I will have to keep in house. The goal for the future is to try and overcome the challenges we are already seeing with encryption on mobile devices.
Teel Tech USA/Canada Services came about from the needs of smaller departments that could not afford the training and equipment to recover valuable evidence from embedded digital devices; it came from demand of existing forensics labs that did not have the proper training and equipment for one or more of these techniques; and there was also demand for our services from the private sector as well in civil litigation and corporate internal functions. While working on these projects, we are seeing demand for services related to computer forensics and cyber crime/security concerns and we are now expanding into these areas as well.
Magnet Forensics: When you think about the current state of digital forensics, what keeps you up at night?
Bob Elder: The challenges of encryption and how fast it is expanding into the mobile phone environment. Who would have thought an OS entity would dictate how phone manufacturers store data on their Flash Memory?
Magnet Forensics: How important will advances in JTAG and Chipoff be in light of increased focus on encryption?
Bob Elder: I still see a need for the newer processes like Chipoff and ISP as it relates to the encryption challenges, I would not count them out yet. There are excellent results with encrypted devices using Custom Bootloaders right now. Our R&D is focused on these and other processes in tackling the encryption road blocks. JTAG is more a process for the older phones; throw away drug dealer phones; the Wally Mart/7-11 specials; and other embedded devices like the I.O.T. ; Drone; ESU; Infotainment systems; home automations systems; and other objects that utilize a PCB circuitry format to function.
The Magnet Forensics team has partnered with the Teel Technologies US team on a roadshow, where they will demonstrate the latest approaches to forensic acquisition, processing, and examination. Events will be held throughout October in Florida, Washington, and North Carolina.
Register here to attend an event.