Ezra, you're CEO at MediaClone. Tell us a bit about your role – what does a typical day look like for you?
MediaClone is a small company where every employee wears many “hats,” works extremely efficiently, and performs different functions, in order for the company to provide the best products and services. I’m the chief operating officer, responsible for bringing all our ideas to life, by implementing methodologies and executing all tasks necessary for a 100% completion rate. I deal with every aspect of the business, from new product development, creation and execution of our business plans, business administration, development of alliances with our business partners, and expansion of business operations. On a daily basis, my first priority is to ensure that all our customers are satisfied with the solutions we provide – and I’m very proud to say that all of our customers, to date, have expressed complete satisfaction with our products and services.In addition, I spend a lot of time coordinating between our different departments to ensure that every aspect of our operation, whether big or small, is running smoothly, and able to resolve any issues that may arise, in a timely and efficient manner. I also spend a large amount of time dealing with the many challenges that occur on a daily, almost hourly, basis, whether it’s addressing technical issues raised by a client, interacting with suppliers to make sure they meet our high quality standards, and address manufacturing challenges or any other un-foreseen events.
One of my main focuses is soliciting feedback from our customers, and ideas from the field, so that we can constantly develop products that our clients need. I convey this critical information to our engineering team, so they can create easy and useful solutions and develop new products that can better serve the industry.
As for my work habits; when I’m not on the road or attending industry conferences, my day starts very early in the morning, and I generally work 12 hours a day, 7 days a week, continuing my work in the evenings as needed, to support our oversees clients. Essentially, I am always on call for our clients, and constantly thinking of ways we can help them meet their forensic and investigative demands.
What was it that first made you interested in digital forensics?
I have been in this market since its early days, and I have seen how the industry has evolved, changed and developed over the last 20 years. I helped in developing the first Write Blockers and Forensic Imagers, and have contributed to creating many well known tools.
My background and my passion is pure science, and Digital Forensic falls into this category. I’m also very interested in the forensic hardware solutions. The Digital Forensic industry is a fascinating area; both instep one – of capturing data from so many sources and devices (with different interfaces and protocols), and step two – of data mining and analysis, to translate the captured data to evidence and finding. It is also a very challenging field!
The techniques and knowledge that have been gained in this field are extremely important, and are considered cutting-edge technologies, which have influenced the large related field of Cyber Security
What products and solutions does MediaClone offer?
MediaClone specializes in designing Computer Forensic hardware solutions of data collection tools, which have been used as a first step of any Forensic investigation. Our Forensic line of products, such as the SuperImager Plus, are forensic-imaging units, running Linux OS, which allow Forensic investigators to capture data from many sources, many interfaces, in parallel operation, in an extremely fast way.
We have different units for different type of operation; such as the SuperImager Plus 8” SAS, used for data collection and cellphone extraction, the SuperImager Plus 12” Rugged for Complete field investigations platforms, both designed for field operation. We also have the SuperImager Desktop model which is a “heavy-duty” imager, designed for lab operation.
In your opinion, what are some of the biggest challenges facing digital forensic investigators today, and how does MediaClone work to address these?
I can talk about the problems and challenges that related to the line of products that we are offering. Otherwise the list can be too long…
Large Data: Big portions of the digital data stored today are still residing in PC and Servers. The size of the “Suspect” media becomes so large, that it’s very hard to just capture the entire “Suspect” drive in a timely manner, especially in a field operation. Some of the captured data is just empty space, and searching for the most important evidence clues and data is a challenge by itself.
So, there are 2 different of solutions: One is increasing the data capture speed and the numbers of capturing parallel engines with the use of multiple ports. The second solution is to design a better algorithm of performing targeted capture (Triage), while performing entire drive capture
Accessibility of the Media: Remote Capture becomes an important tool, where the media is not directly accessible (A non-removable storage in laptops and tablets), or the “Suspect” systems need to be revived (password, encryption)
Decryption of the data is one of the biggest challenges; where capturing the data does not always result in getting the evidence…
Today SuperImager Plus units are already running parallel imaging with multi session operation, at extremely fast speed, with the use of many ports. The application is very efficient (Linux) and extremely fast. We are going to keep pushing the speed with better and better hardware, and refine the parallel capture methodology and algorithms to include – in parallel – the Triage operation.
In capturing data remotely, which is very important – improve the remote capture tools to support data capture from many different CPU and OS
How does MediaClone compare with other popular solutions? What sets you apart?
We do believe that our SuperImager Plus line of products is one of the fastest, when it comes to preforming parallel imaging, including encryption, compression and multiple hashing.
Also, what we provide for Forensic Field operation is a complete Forensic Investigation Platform, where investigator can carry one hardware tool and perform a variety of tasks on the same unit, such as extreme fast and multiple drive imaging, remote capture imaging, cellphone data extraction and triage, and then run a full forensic analysis on the same unit. The units are running dual boot (Linux/Windows7 – are open source) and the user can load and run many Linux or Windows tools, and customize the units to their own specific needs.
What does the future hold for MediaClone – what can we expect to see over the next year or so?
We are expecting some new models in 2017:
– New models running Skylake CPU, HDMI, and PCEx4 Expansion
– New models using thunderbolt-3 technology for increased speed and easier support for NVMe
– Improved applications
Finally, when you're not working, what do you like to do in your spare time?
Don’t have much of spare time, but I use any spare minute I have to glance at science and technology magazines, to keep myself up-to-date with the latest developments (I subscribe to 5 science magazines).
Ezra Kohavi holds an Msc. in Theoretical Particle Physic from Tel-Aviv University. From 2013 – present he has been CEO at MediaClone; before that, we was President and COO of Computer Forensic Company, and Packard Bell’s Director of Remanufacturing
You can find out about MediaClone’s SuperImager Plus 12” Rugged – A complete Field Forensic Investigation unit – here.