Kevin, tell us a bit about yourself. What's your background, and how did you become interested in digital forensics?
I have always been a person with interest in electronics (hardware) taking apart and fixing TVs, CB Radios, VCRs and the like. I went back to school at the age of 41, and received my degree in computer science, technology, networking and securities.I have always had an interest in law enforcement and wanted to be a police officer, following in my father’s footsteps so to speak. My dad was a deputy sheriff for Lincoln County in Montana. Digital forensics is the logical step between these two areas so I took it.
How did you end up working at Paraben?
After graduating with my degree, I saw the posting for the starting position in tech support online. At that time, I was working at a business building and repairing custom and OEM computers. Having worked for corporations like Qwest Communications and Comcast as a technical support associate/team lead/floor manager, gave me that start and experience needed to assist customers and problem solve their issues. Paraben called me and the rest is history. I have worked my way up at the company to be a senior support engineer.
You're Senior Support Engineer at Paraben – tell us about your role. What does a typical day in your life look like?
The best way to answer this is by relaying words that my dad instilled from a very early age.
“A man who thinks he knows everything is the man who never learns in life. A man who learns something new every day is the man who will succeed in life.”
Knowing and learning as much as possible about the job we do here at Paraben means everything to me. It is the true success in what I do!
Customers who use Paraben tools rely on our support/customer service departments, to not only assist them with support in using our tools, but also that we are listening and understanding their struggles. We like to give 150% of our attention to our customer.
Not only do we take the time to address each individual customer’s issue as an individual, but we make sure we are working with you to reproduce, and solve the problem one-on-one.
I spend my time talking with the customers, we have a full team of support members, but I like to be on the phone working through the issues one-on-one. I pride myself in starting the Paraben “relationship” and making sure everyone knows we are there for them. Nothing is worse than to have a problem with your tool and then not have anyone there to help you resolve it. I make sure that never happens.
You've mentioned in the past that E3:DS is your favorite Paraben tool; can you describe its capabilities and why it's such an important addition to the market?
One of the things I started with at Paraben was mobiles which is why E3:DS holds a special place for me. We have really evolved the tool into a full mobile forensics platform.
No two devices are the same, the challenge of understanding how devices communicate is the key (in my opinion) to success in pulling data from mobile devices. E3:DS has an advanced plug-in architecture and has the capability of pulling data from over 30,000+ different devices. Not only do we support a large number of devices, but when we support it, it means we process the data comprehensively, we don’t just get a phone book, we get all the data we can from the device.
Some of my favorite capabilities with E3:DS? I like that we have a full process for dealing with mobile devices. From logical, custom, and physical imaging to a variety of search from Boolean, regular express, and index searching you get everything you need as a foundation and then add onto that with custom options.
The top custom options we have are the ability to load two different cases from the same device on different dates and time using the Case Compare feature, to see what data has changed and where. The Mobile Data Triage gives you quick access to some of the most commonly searched information such as Contact email accounts, and user last location in Google maps. Finally, it is all about reporting. We joke about calling one of our reports “Kick-Ass Report” because it really does. The data is laid out to show an easy to follow reference back to the phone. Besides, reports are really what show all the hard work you put into a case. If you don’t like that report there are nine others so we don’t skimp.
Paraben also supports drone data recovery – what are some of the specific challenges associated with this area, and how do you address them?
There are two ways to get drone data. E3 will gather information through the DJI Go application on the connected device. This information is parsed under the “Application Data” node, and can display location data from the device, for example flight records. Sometimes this data may not be present for recovered artifacts.
The challenge here is educating the end user on what is parsed data, and parsed recovered data. Parsed Recovered Data can have fields in any data type and may contain the N/A value if corresponding data was not parsed. This might happen because deleted data associated with an item in the list was partly overwritten by the device firmware. We like to tell our customers to make sure they not only check it parsed, but also to review the raw database with our SQLite viewer that is built in.
The second way to capture this data is by collecting a memory dump of the device through a chip dump and loading the .bin file. This data is typically not parsed data and requires knowledge of Hex values and data carving as it stands now, but that is changing. Part of what we do is focus on our customers’ needs, and I have been talking with one customer who does a lot of chip-off of drones and he is working with us to help us improve the raw data parsing. It is all part of the Paraben “relationship” to make sure we are building what people need.
In your opinion, what is the 'next big thing' in digital forensics, and how should practitioners and tool developers be preparing?
With the evolution of technology, it is always a guess. I like to fish so I look at technology as constantly throwing out a line in hopes of catching the next big fish. There are a lot of things out there to be caught, from IoT devices, the new push into expanding wearables, and just how people interact with digital devices. There is also the buzz of how AI will change it all.
I think investigators/practitioners need to look at how society interacts with all of these types of data and make sure they know what to do if their tool does come up short. We always double check our results in our lab and investigators need to do the same thing. Double check your results and make sure that you are looking at what is trending, I never like to leave a good catch out there fishing and neither should an investigator when it comes to good evidence data.
What does the future hold for Paraben and your team? What can we expect to see over the next year or so?
I expect to see more and more app data being supported, and we have some new techniques that we have been working on that will change the way we look at acquisitions. I feel Paraben has always been at the forefront of the ever-changing digital world. Our leadership always is looking to what is next and making sure we are right there to support our customers. Each and every new release we see bigger and better changes taking place inside the E3 Platform. I will be right here supporting it with the rest of the team. A lot of our support team will work on pre-releases and with customers and really get a chance to give input to where the tool direction goes.
Finally, when you're not working, what do you enjoy doing in your spare time?
I really enjoy the outdoors. I love to go camping, fly fishing and hunting. This is how I reboot! My dad raised us to be self-reliant. For me there is nothing more exciting than to be in the middle of nowhere with my wife and family, catching/hunting our own food and preparing it over an open flame or in cast-iron. My love of the outdoors and being disconnected gives me balance when I am so very connected with Paraben to the digital side of life.
Paraben provides solutions for mobile devices, smartphones, computers, email, gaming system and cloud forensics. Find out more on their website.