Jad Saliba, Founder & CTO, Magnet Forensics

Jad, will you introduce yourself, tell us a little bit about who you are, what you do, and how you got here?

Sure. My name is Jad Saliba, I’m the founder and CTO of Magnet Forensics. Who I am – I’m a former law enforcement officer, started my career actually before that in the IT industry, and did a lot of that. Even as a teenager, I was just kind of curious, and trying to understand how things work and how to break them and what’s going on behind the scenes, but I always also had an interest in law enforcement and wanting to help people and do some exciting work. So I spent a bit of time in the IT industry but then left that to become a police officer, and did the general patrol work, in the car, no computer stuff.I did that for a little while, and in 2007 was diagnosed with Hodgkin’s lymphoma. So that took me off the road for a little while. I was doing the chemo and radiation for about a year, and when I came back they gave me a desk job, kind of helped me ease back into things.

And there happened to be an opening in the tech crimes unit, where all the forensics stuff happened. And at that point, I was further on in my career, in my life, and I was thinking it’d be kind of interesting to combine my policing experience with my IT and software experience. They took me on as a temporary member and ended up keeping me there for a while. I saw a need for tools that help us recover digital evidence that the tools that we had weren’t really addressing – things like Facebook chat, other social media, instant messaging.

So I went home one day and started doing some research, being the curious person I’ve always been, and found out that a lot of this kind of stuff gets left behind, even after you close the browser or whatever it might be. So I put my software development hat back on and started building a tool that would just look for those things and pull them out into a readable format and let you review them, and gave that away for free for a while. Just wanted to help other people that were doing the work that I was doing.

One thing that my eyes really got opened to once I was working in the forensics unit was the types of cases that they were dealing with, especially in the child exploitation world, and just the impact of what was actually going on out there in those areas. A friend of mine that works in human trafficking investigations once said, “It’s easy to get passionate about this stuff.” And that was certainly my feeling and why I wanted to give the software away and just help other people.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

That early software was called the Internet Evidence Finder or IEF. It’s still around today, in a much different format, but still around. And that went really well for a little while, but it got to the point where so many people were using it and asking for different things to be added to the software, and it was just getting to be a lot of work evenings and weekends, to maintain all of that. And I saw that I was reaching my limitations as a developer, and as a business person, and wanted to take things to the next level.

It was a really tough decision, considering leaving law enforcement, but I saw the impact that the software was having and I wanted to see how much more we could do. And I didn’t want to look back in five to ten years and just wonder what could have been.

So I found a business partner who had a sales and marketing background, which I also knew that I didn’t have, and if I was going to do this fulltime, we needed someone that was good at that part of things. And we both left our jobs in 2011 in the fall, went fulltime and started hiring people. And we’ve been able to build a really talented team, people I’m really proud to work with, and that’d be the reason that we are where we are today.

How many people are you up to now?

We’re about 145 people I believe. But growing quickly in the past five years, so it’s been a fun ride, it’s been a really busy ride. We’re really proud of what we do, and the ‘why’ behind what we do is really important to us – supporting law enforcement, helping them, empowering them to make a difference in the world, through all the work that they do.

Can you talk a little bit about some of the challenges that we’re facing in the forensics community?

I think there are a few big challenges. One of them is just volume of data, case backlogs – nothing new, but it’s just getting worse as time goes on. Storage devices are bigger, and more people have more devices, and I think that’s a big challenge. How do you get through this data quickly, but also, how do you make sure you don’t miss anything? I think that’s something that a lot of people are facing.

The other challenge is obviously security on devices is becoming more difficult, so getting data off the devices and figuring out how to extract the data initially is a big challenge. There’s more encryption involved, so even if you can get the data sometimes, it’s not useful, because it’s all encrypted.

I think the third big one that comes to mind is just around other data sources. A lot of data is being stored in the cloud now. But being able to pull it down is difficult. There’s a lot of legal issues around accessing data in the cloud. And then you’ve got things like Internet of Things devices, IoT, other data sources that we don’t typically think of today, but that could hold a lot of really useful evidence on them.

What’s the most interesting device you’ve been called upon to do an investigation on?

That’s a good question – I think some of the devices are more interesting because they store more information, so there’s more there. I think things like the Amazon Echo and the Google Home are really interesting because of how integrative people’s lives are becoming. I believe Apple, Samsung, and Microsoft are also releasing their own versions. So obviously all these big companies are seeing a big market here for these devices that sit in your house and basically respond to commands and do different things for you. But how does that start to change our lives, and what’s getting stored in different places, either with Amazon or on the device or on your phone. And that could be a great thing for investigations, but there’s also – the other side of it is understanding how that changes your life and what personal information could be getting leaked out there or potentially hacked and into the hands of people that want that information.

As a tool developer, how can you possibly hope to keep pace with the number of devices and updates and new challenges and operating systems? Do you feel like part of your job will just be to determine artefacts that tell you that those devices were there, and then give examiners sort of a heads-up that there are other places that they should go look for data?

I think that’s part of it. Always letting investigators know where they need to go next is a big thing. Giving them a starting point, and then maybe not doing everything for them but letting them know “here are some other areas you need to go.” We have a team that’s dedicated just to all the different apps and artefacts that are left behind by these apps and stored on different devices. They’re focused on staying up to date with that when some of these things update, and we need to release a patch that supports the latest version of it. They’re reacting quickly to that.

But the other thing that we’re building that I think is really the future of keeping up with all this stuff, is what we’re calling an artefact exchange where people can build their own support for different apps or different data formats that they find. So if you’re dealing with something in a case that none of the tools support but you’re looking at the data and you can figure out a way to pull out what you need, we now have a way that people can build these things for themselves, kind of self-serve, but then they can also share it out to the community and help other people that might be running into the same device or app, and I think enabling the community to help each other and share with each other – that’s how a lot of things are working today outside of our industry, but also, it’s the way that we can keep up with the speed of things that are moving.

Is there anything else that keeps you up at night or helps you go to sleep?

I think we’re just trying to find ways to help our customers. There’s all sorts of data, and there’s this big data problem in forensics, and how do you leverage all that data to get more intelligence and more actionable insights or intelligence? So we’re constantly thinking, how can we help more? How can we provide more tools or solutions to help our customers to get to the data that they need and make sense of all this data that we’re dealing with?

It’s always a challenge, there’s never a dull moment, but it’s fun, and we’re really proud of what we do and who we do it for. It’s a really interesting time in the industry, and a lot of things going on.

When you’re not working, what do you love to do? Is there anything else you do besides forensics, or is that pretty much it?

[laughs] Now that we have these custom artefacts, the team generally gets nervous when I touch the code of the software, but now I can build these custom artefacts and they can’t really stop me. So I do a bit of that on the side. For fun.

And other than that, a little bit of time with family, and we also do a lot of sports, as company teams, and try to stay active that way. So that’s also fun.

Jad Saliba is Founder & CTO of Magnet Forensics, who provide digital forensics solutions to corporate and law enforcement clients around the world.

Forensic Focus interviewed Jad at the Techno Security & Digital Forensics Conference in Myrtle Beach, SC. For more details and to find out about next year's event, visit the official website.

Leave a Comment

Latest Videos

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles