Check why the interview with Yuri Gubanov, CEO of Belkasoft, is special and also find a secret deal inside Yuri's talk!
Yuri, you told me that this interview is a bit unusual, what did you mean?
To be honest, I answered the questions for this Forensic Focus interview twice. During my first attempt, I took it a bit too seriously, so when I read the result I found the answers to be extremely dry and dull. I am regularly reading interviews here, and I also used to do that at my (now closed) project f-interviews.com for several years, and they are all the same. We are all customer-oriented, we all have great products, we are all full of plans and optimism. Always very little on a person themselves. So I decided to give it another go, but be less serious with my replies, and also add some personal things. And some videos!
Hopefully, now it is much more amusing to read!
Yuri Gubanov, Belkasoft (on the right): Sometimes it can be useful to turn your point of view upside down!
Yuri, it's been about a year since we last spoke to you – what new developments have there been at Belkasoft since then?
I think even two years! Since then, so many things have changed in Belkasoft that you can consider it a new company. We expanded twofold; with the bigger team we were able to significantly improve our product and raise it to a new level. We opened an office in the US and started offering forensic services (and already solved a few cases!). We’ve got many new great customers, and we feel that our Evidence Center product has been gaining attention and recognition, which it really deserves.
So what happened to Yuri last years? Well, among other things, his beard grew smaller while his company grew larger
Belkasoft Evidence Center 2017 was recently released – could you give us an overview of its main features. And what sets it apart from the previous versions?
Apart from expansion of number of data types supported (which is more or less a routine for us), there are many new exciting things. First of all, the product now supports the acquisition phase. It can acquire not only hard drives, RAM and smartphones, but also a few types of clouds such as Google Cloud and iCloud. With more and more security over smartphone locking and encryption, it becomes increasingly important to be able to acquire cloud data, and BEC is being developed in this direction too.
Another interesting new feature is Social Connection Graph with its ability to detect communities. While social connection graph might look similar to “link analysis” many competitors offer, our community detection feature is unique in its method. Using our own scientifically-based approach, we can robustly detect tightly connected groups of people in a multi-device case. The method was developed by us in-house, since no existing science for that was of satisfactory quality. We have even published an article covering this topic!
This is the product we started with several years ago…
…And this is Belkasoft Evidence Center we have now. Feel the difference!
Of course, we supported iOS 10, and of course we supported popular apps like Pokemon Go, Uber, Tinder, WeChat, WhatsApp, but it is a bit hard, if not pointless, to list them all here, since we already have 700 or 800 types of different apps analyzed out of the box.
All in all, the product has been improving with gigantic steps over the last two years. We particularly care about user convenience and analysis speed (correctness of results is even needless to mention in our market), so be sure that with each release the work with BEC will be even faster and even more pleasant.
In the video below Yuri demonstrates the evolution of Belkasoft Evidence Center: while first versions could be a bit tough to use, now it is as easy as to get things (and bodies) rolling in zero gravity!
As CEO of Belkasoft, what does your role include? How involved are you with the development of software?
I am a software engineer by profession, and besides, I am the original author of BEC, so of course I physically and emotionally am involved in the process, but luckily for me, not as a developer anymore. I do participate in weekly status meetings, set team goals, and test the software, but mostly I just oversee the process. With a lot of conferences to attend and visits from and to customers, I rely more on my CTO, while my focus now is on marketing for the most part. I am the guy who you will most likely meet at almost each conference Belkasoft participates in.
Also, as a CEO of Belkasoft, I am the main guy in the company for forensically sound roller skating (and I am really bad at it):
Which specific challenges faced by digital forensic investigators are you aiming to address with Evidence Center 2017?
There are many challenges today (we have an article on this subject), but one of the worst is a huge backlog. It is common to have one year lag and in some countries it can be up to three years! We are trying to help to cease this issue by making our tool available for a wide range of investigators. The software is so easy to use that one does not have to be trained for a week to be able to use it, one can use it out of the box. The more people are able to efficiently use the product, the less are backlogs.
One of analysis type we offer is so called “low hanging fruits analysis” when more than 700 types of artifacts are detected and recovered automatically. The only thing which investigator has to do is to go through or search inside extracted artifacts and create a report with interesting artifacts included. That’s it. You do not have not search, download and run scripts, you do not have to know where this or that app stores its data, you do not have to know formats used and whether there was a password or not. Everything is found automatically, including deleted data, data in special areas such as slack space, unallocated space, SQLite freelists, Volume Shadow Copy, page file and hibernation file, resident files or memory dumps. Easy!
Belkasoft Evidence Center supports probably more chat applications than any other software of a kind. Yes, even old school ICQ 98, Skype version 2 or Google Hello, which your grandma was using!
One more important thing to mention is that Belkasoft Evidence Center is one of the few tools in the world that supports both computer and mobile forensics at the price lower than many other tools supporting only one of these.
How does Belkasoft Evidence Center compare with other popular forensic software packages? What are its main advantages?
I would say it is easier to use and much more affordable in price even though we have not less (and possibly even more) functions. Our SQLite analysis, RAM analysis, out of the box support for 700+ apps, support for both computers and mobiles, cloud downloader, community detection are some of the functions to mention as Belkasoft main advantages.
Please read our article “10 Reasons to Use Belkasoft Evidence Center” here on Forensic Focus, where we elaborate more on BEC benefits: http://forensicfocus.com/News/article/sid=2776/
If you don’t want to read dull articles, you do not have to. Just relax and watch my video below. It is almost as pleasant as using Belkasoft products:
What are the main challenges you face when developing forensic software?
It is a rapidly changing market; you have to learn every day. We have to react very quickly to our customer requests, we have to release updates frequently. I was a project manager of a big software project before I started Belkasoft, so I know how many things I could do with a team 3 times bigger than mine, and I can easily load a team 5 times bigger than my current one, but our market does not allow for huge teams. So we have to prioritize.
Imagine you have carefully worked with customer requirements and put them to a nice list of features for the next version, allotted time for that and… some other customers approach you in the middle of release and they have really important feedback which should be taken into consideration ASAP. Or some company named, say it, Apple, changes one of their formats, and because of that our analysis stops working. So now you have more feature requests than you can develop, and you need to couple this with reality somehow. It is not unusual that I work 14 hours a day and ignore weekends for a few months in row.
But is that indeed interesting for the readers? Ask what my personal challenge is!
Right, Yuri, what is your biggest personal challenge for 2017?
Well… Those of you, who met me at forensic conferences, know Yuri as a guy in dark-blue Belkasoft polo. Not anymore! I decided to wear my suit for all upcoming conferences till Oct 2017! What a challenge! Ha-ha.
The challenge begins in Oct, 2016!
By the way, we will need one more person in a suit next year. We are now hiring a salesman to our newly opened US office, so if anyone from readers is interested, please contact me at yug at belkasoft.com.
Speaking of the market challenges…
Speaking of the market, one of the difficulties we have is that everyone is doing more or less the same things and it is hard to come up with some creative advertisement. We have always tried to make something that separates us from others, for example, created this nice and funny cartoon:
Or, once I was struck by the idea of making a banner with allusion to the famous painting “The Persistence of Memory”. My idea was to, vice versa, show ephemerality of memory, meaning ephemeral nature of artifacts in Live RAM. We hired a professional artist to create this beautiful piece of art:
The banner really looks like a painting, though printed. By the way, here is a quiz for you: send me an email with the name of the capital city of the country, which (i.e. the country) shares the same name with the original painting’s author. If you guess correctly, I will give you 50% off our license – but hurry up: this offer is valid just for 2 days after the interview is published and only to the first 20 people!
Yuri, why do you have that squirrel in the cartoon and as your logo?
“Belka” means “Squirrel” in Russian, so basically we are “Squirrelsoft”. Now you know one more Russian word besides “vodka”.
Four cute animals
Yuri, what is your new BelkaImager product?
BelkaImager is a short name of our new free product Belkasoft Acquisition Tool. This product is possibly the only free forensic product to acquire all of the following types of evidence: hard and removable drives, smartphones, RAM memory and cloud data. You can download it from https://belkasoft.com/bat
BelkaImager is also a pretty easy-to-use tool with touch-screen interface
Yuri, to conclude: Where can people go to find out more about Evidence Center 2017?
The best way to learn about BEC is to try it. The trial is free and fully functional, please see https://belkasoft.com/trial. More info could be found at https://belkasoft.com/ec.
We also encourage you to look at our articles at https://belkasoft.com/articles. We have a number of well accepted articles, covering hot topics in digital forensics: SSD forensics, SQLite forensics, Future of mobile forensics and so on.
Finally, to learn more on our recently released v.8.2 of BEC 2017, please sign up to the next webinar at https://belkasoft.com/webinar.
Were you stressed or furious with my interview? Let me do my best to calm you down in non-forensically, but sound way: