Jad Saliba, Founder & CTO, Magnet Forensics

Jad, will you introduce yourself, tell us a little bit about who you are, what you do, and how you got here?

Sure. My name is Jad Saliba, I’m the founder and CTO of Magnet Forensics. Who I am – I’m a former law enforcement officer, started my career actually before that in the IT industry, and did a lot of that. Even as a teenager, I was just kind of curious, and trying to understand how things work and how to break them and what’s going on behind the scenes, but I always also had an interest in law enforcement and wanting to help people and do some exciting work. So I spent a bit of time in the IT industry but then left that to become a police officer, and did the general patrol work, in the car, no computer stuff.I did that for a little while, and in 2007 was diagnosed with Hodgkin’s lymphoma. So that took me off the road for a little while. I was doing the chemo and radiation for about a year, and when I came back they gave me a desk job, kind of helped me ease back into things.

And there happened to be an opening in the tech crimes unit, where all the forensics stuff happened. And at that point, I was further on in my career, in my life, and I was thinking it’d be kind of interesting to combine my policing experience with my IT and software experience. They took me on as a temporary member and ended up keeping me there for a while. I saw a need for tools that help us recover digital evidence that the tools that we had weren’t really addressing – things like Facebook chat, other social media, instant messaging.

So I went home one day and started doing some research, being the curious person I’ve always been, and found out that a lot of this kind of stuff gets left behind, even after you close the browser or whatever it might be. So I put my software development hat back on and started building a tool that would just look for those things and pull them out into a readable format and let you review them, and gave that away for free for a while. Just wanted to help other people that were doing the work that I was doing.

One thing that my eyes really got opened to once I was working in the forensics unit was the types of cases that they were dealing with, especially in the child exploitation world, and just the impact of what was actually going on out there in those areas. A friend of mine that works in human trafficking investigations once said, “It’s easy to get passionate about this stuff.” And that was certainly my feeling and why I wanted to give the software away and just help other people.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

That early software was called the Internet Evidence Finder or IEF. It’s still around today, in a much different format, but still around. And that went really well for a little while, but it got to the point where so many people were using it and asking for different things to be added to the software, and it was just getting to be a lot of work evenings and weekends, to maintain all of that. And I saw that I was reaching my limitations as a developer, and as a business person, and wanted to take things to the next level.

It was a really tough decision, considering leaving law enforcement, but I saw the impact that the software was having and I wanted to see how much more we could do. And I didn’t want to look back in five to ten years and just wonder what could have been.

So I found a business partner who had a sales and marketing background, which I also knew that I didn’t have, and if I was going to do this fulltime, we needed someone that was good at that part of things. And we both left our jobs in 2011 in the fall, went fulltime and started hiring people. And we’ve been able to build a really talented team, people I’m really proud to work with, and that’d be the reason that we are where we are today.

How many people are you up to now?

We’re about 145 people I believe. But growing quickly in the past five years, so it’s been a fun ride, it’s been a really busy ride. We’re really proud of what we do, and the ‘why’ behind what we do is really important to us – supporting law enforcement, helping them, empowering them to make a difference in the world, through all the work that they do.

Can you talk a little bit about some of the challenges that we’re facing in the forensics community?

I think there are a few big challenges. One of them is just volume of data, case backlogs – nothing new, but it’s just getting worse as time goes on. Storage devices are bigger, and more people have more devices, and I think that’s a big challenge. How do you get through this data quickly, but also, how do you make sure you don’t miss anything? I think that’s something that a lot of people are facing.

The other challenge is obviously security on devices is becoming more difficult, so getting data off the devices and figuring out how to extract the data initially is a big challenge. There’s more encryption involved, so even if you can get the data sometimes, it’s not useful, because it’s all encrypted.

I think the third big one that comes to mind is just around other data sources. A lot of data is being stored in the cloud now. But being able to pull it down is difficult. There’s a lot of legal issues around accessing data in the cloud. And then you’ve got things like Internet of Things devices, IoT, other data sources that we don’t typically think of today, but that could hold a lot of really useful evidence on them.

What’s the most interesting device you’ve been called upon to do an investigation on?

That’s a good question – I think some of the devices are more interesting because they store more information, so there’s more there. I think things like the Amazon Echo and the Google Home are really interesting because of how integrative people’s lives are becoming. I believe Apple, Samsung, and Microsoft are also releasing their own versions. So obviously all these big companies are seeing a big market here for these devices that sit in your house and basically respond to commands and do different things for you. But how does that start to change our lives, and what’s getting stored in different places, either with Amazon or on the device or on your phone. And that could be a great thing for investigations, but there’s also – the other side of it is understanding how that changes your life and what personal information could be getting leaked out there or potentially hacked and into the hands of people that want that information.

As a tool developer, how can you possibly hope to keep pace with the number of devices and updates and new challenges and operating systems? Do you feel like part of your job will just be to determine artefacts that tell you that those devices were there, and then give examiners sort of a heads-up that there are other places that they should go look for data?

I think that’s part of it. Always letting investigators know where they need to go next is a big thing. Giving them a starting point, and then maybe not doing everything for them but letting them know “here are some other areas you need to go.” We have a team that’s dedicated just to all the different apps and artefacts that are left behind by these apps and stored on different devices. They’re focused on staying up to date with that when some of these things update, and we need to release a patch that supports the latest version of it. They’re reacting quickly to that.

But the other thing that we’re building that I think is really the future of keeping up with all this stuff, is what we’re calling an artefact exchange where people can build their own support for different apps or different data formats that they find. So if you’re dealing with something in a case that none of the tools support but you’re looking at the data and you can figure out a way to pull out what you need, we now have a way that people can build these things for themselves, kind of self-serve, but then they can also share it out to the community and help other people that might be running into the same device or app, and I think enabling the community to help each other and share with each other – that’s how a lot of things are working today outside of our industry, but also, it’s the way that we can keep up with the speed of things that are moving.

Is there anything else that keeps you up at night or helps you go to sleep?

I think we’re just trying to find ways to help our customers. There’s all sorts of data, and there’s this big data problem in forensics, and how do you leverage all that data to get more intelligence and more actionable insights or intelligence? So we’re constantly thinking, how can we help more? How can we provide more tools or solutions to help our customers to get to the data that they need and make sense of all this data that we’re dealing with?

It’s always a challenge, there’s never a dull moment, but it’s fun, and we’re really proud of what we do and who we do it for. It’s a really interesting time in the industry, and a lot of things going on.

When you’re not working, what do you love to do? Is there anything else you do besides forensics, or is that pretty much it?

[laughs] Now that we have these custom artefacts, the team generally gets nervous when I touch the code of the software, but now I can build these custom artefacts and they can’t really stop me. So I do a bit of that on the side. For fun.

And other than that, a little bit of time with family, and we also do a lot of sports, as company teams, and try to stay active that way. So that’s also fun.

Jad Saliba is Founder & CTO of Magnet Forensics, who provide digital forensics solutions to corporate and law enforcement clients around the world.

Forensic Focus interviewed Jad at the Techno Security & Digital Forensics Conference in Myrtle Beach, SC. For more details and to find out about next year's event, visit the official website.

Leave a Comment

Latest Videos

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 11:00 am

In this episode of the Forensic Focus podcast, Si and Desi explore the cutting-edge technology of deepfake videos and image manipulation. In addition to discussing the latest technological developments and efforts being made to detect manipulated media, they also examine the associated legal and ethical implications.

Show notes:

Boris Johnson image - https://www.theguardian.com/politics/2023/jan/10/spot-the-difference-boris-johnson-appears-scrubbed-from-photo-posted-by-grant-shapps

Deep Fake Neighbour Wars - https://m.imdb.com/title/tt21371376/

Stalin image - https://www.history.com/news/josef-stalin-great-purge-photo-retouching

Nvidia eye contact AI - https://www.polygon.com/23571376/nvidia-broadcast-eye-contact-ai and https://www.youtube.com/watch?v=xl87WTDrReo

Birthday problem - https://en.wikipedia.org/wiki/Birthday_problem

Same frightening woman in AI images - https://petapixel.com/2022/09/09/the-same-frightening-woman-keeps-appearing-in-ai-generated-images/

Inherent mysogeny of AI portraits - https://www.theguardian.com/us-news/2022/dec/09/lensa-ai-portraits-misogyny

Midjourney - https://www.midjourney.org/

Deepfake porn legality - https://www.theverge.com/2022/11/25/23477548/uk-deepfake-porn-illegal-offence-online-safety-bill-proposal and https://www.technologyreview.com/2021/02/12/1018222/deepfake-revenge-porn-coming-ban/

AIATSIS - https://aiatsis.gov.au/cultural-sensitivity

Fake tiger porn story - https://www.dailydot.com/unclick/tiger-porn-britain-law/

Group photo with no blinking - https://www.countrylife.co.uk/comment-opinion/curious-questions-group-photo-179102

Emma Watson deefake audio - https://www.thetimes.co.uk/article/ai-4chan-emma-watson-mein-kampf-elevenlabs-9wghsmt9c

Domestika - https://www.domestika.org/en/courses/981-introduction-to-interviewing-the-art-of-conversation

Investigative Interviewing - https://www.amazon.co.uk/dp/0199681899?ref=ppx_pop_mob_ap_share

Forensic Focus events calendar - https://www.forensicfocus.com/events/

Si Twitter - https://twitter.com/si_biles

In this episode of the Forensic Focus podcast, Si and Desi explore the cutting-edge technology of deepfake videos and image manipulation. In addition to discussing the latest technological developments and efforts being made to detect manipulated media, they also examine the associated legal and ethical implications.

Show notes:

Boris Johnson image - https://www.theguardian.com/politics/2023/jan/10/spot-the-difference-boris-johnson-appears-scrubbed-from-photo-posted-by-grant-shapps

Deep Fake Neighbour Wars - https://m.imdb.com/title/tt21371376/

Stalin image - https://www.history.com/news/josef-stalin-great-purge-photo-retouching

Nvidia eye contact AI - https://www.polygon.com/23571376/nvidia-broadcast-eye-contact-ai and https://www.youtube.com/watch?v=xl87WTDrReo

Birthday problem - https://en.wikipedia.org/wiki/Birthday_problem

Same frightening woman in AI images - https://petapixel.com/2022/09/09/the-same-frightening-woman-keeps-appearing-in-ai-generated-images/

Inherent mysogeny of AI portraits - https://www.theguardian.com/us-news/2022/dec/09/lensa-ai-portraits-misogyny

Midjourney - https://www.midjourney.org/

Deepfake porn legality - https://www.theverge.com/2022/11/25/23477548/uk-deepfake-porn-illegal-offence-online-safety-bill-proposal and https://www.technologyreview.com/2021/02/12/1018222/deepfake-revenge-porn-coming-ban/

AIATSIS - https://aiatsis.gov.au/cultural-sensitivity

Fake tiger porn story - https://www.dailydot.com/unclick/tiger-porn-britain-law/

Group photo with no blinking - https://www.countrylife.co.uk/comment-opinion/curious-questions-group-photo-179102

Emma Watson deefake audio - https://www.thetimes.co.uk/article/ai-4chan-emma-watson-mein-kampf-elevenlabs-9wghsmt9c

Domestika - https://www.domestika.org/en/courses/981-introduction-to-interviewing-the-art-of-conversation

Investigative Interviewing - https://www.amazon.co.uk/dp/0199681899?ref=ppx_pop_mob_ap_share

Forensic Focus events calendar - https://www.forensicfocus.com/events/

Si Twitter - https://twitter.com/si_biles

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i41eg24YGZg

Deepfake Videos And Altered Images - A Challenge For Digital Forensics?

Forensic Focus 13th February 2023 10:30 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...