Sergey, you're Mobile Team Programming Lead at Paraben. Tell us about your role; what does a typical day in your life look like?
My main role is to organize the development process to make sure we are innovating with each release. We strive to work with a balance between research of brand-new features (zero-day exploits, new rooting technics) and bugfix of the current features. It’s always difficult to control this balance because we like to do it all.My typical day is living between code and reading about forensics. For our development teams I am the main bridge in the space that allows them to really understand the need behind a feature. This is a few hours and then the rest is on doing specific projects in the code and emails. We always try to answer all of our team’s questions within one day so no one is left hanging waiting for an answer.
What first sparked your interest in digital forensics, and how did you get into the field?
It was a long time ago as I have been with the company a while. I have always loved to find the loopholes in the mobiles and that is why becoming part of the Paraben team was perfect for my interests.
In the beginning I researched just because I wanted to protect myself on my own device, the exposure to the forensic side of a device fascinated me as it opened my eyes beyond personal concerns to a way to help people fight crimes.
Tell us about the products the mobile team work on at Paraben.
We work on all the plugins for the mobile devices, so we work with logical imaging, physical imaging and app analysis, and my team is also primary with our cloud engines. For the last year we have also taken on the research for IoT engines. It has always been great to be able to come into work and know that you are always looking at what is new in technology. Our team is always excited and interested to see what we can do that is a different approach to the problem.
What are some of the most challenging aspects of mobile forensic investigation today, and how are Paraben working to address these?
We are always fighting with Apple. Each release (sometimes often) they change something in their protocols. It is something that is always in the front of our mind.
Mobiles in general are in such a constant state of change that we are watching closely to see if the change will weigh in our favor or against the field of digital forensics. Either way we know we have a fight ahead to make sure we are always getting the most data possible.
Is there a typical end user of your tools?
We really serve a large range of customers. From law enforcement to consultants, we get a good variety of people using our tools. Some of our consultants provide our development team with valuable feedback and perspective on the use of the tools.
We have our tools priced at a point that is reasonable for any sized group to be able to purchase the tool and then maintain it. We always have at least four releases a year, and to get all of that for only $599.00 is a great bargain for our customers.
What do you think is the "next big thing" in mobile forensics?
I think it’s collaboration. Nowadays there is a LOT of data produced every single minute. We need to think how investigators can handle this big data to find that needle in the haystack.
Recovery and processing are just one part, we want to make sure the analysis side is not only well-rounded but designed in a way that allows different levels of investigators, attorneys, etc. to participate in the review process. We look at this as a good opportunity to integrate AI into the process as well.
Are there any resources you'd recommend for people who'd like to get into mobile forensics?
• iOS Forensics Investigative Methods by Jonathan Zdziarski
• Zdziarski's blog
• XDA Developers' Forum
• Android Vulnerabilities
• BlackHat
• Forensic Impact
Any presentations given by our CEO, as her depth of knowledge in both mobile and computer forensics is invaluable as she also remains a practitioner to make sure the company understands the obstacles investigators face.
What are your plans for the future? What can we expect to see from Paraben over the next few years?
We have a lot of good things planned for our 2.0 release that is happening this fall at our annual PFIC event Sept 5-6. This is where we will be showcasing the new Python engine for the E3 Platform that will allow users to do some custom scripts to get into the data.
Like I mentioned before, more and more data is being generated and we felt this was a good option for some collaboration of users into the Platform. In addition, we have some great new analysis functions with date and time filters, and some add-on options for illicit image detection. We are very happy to bring the E3 Platform to the 2.0 release; it is our Bronze release and we have a cool steampunk theme planned. We always like to keep our Paraben personality in our releases, it is part of what makes being on the team so much fun.
Finally, when you're not working, what do you enjoy doing in your spare time?
I love kitesurfing! I have travelled all over the world to do this and there is no better feeling than feeling like I can fly.
Sergey Thomas is Mobile Team Programming Lead at Paraben, who provide solutions for mobile devices, smartphones, computers, email, gaming system and cloud forensics. You can find out more on their website.
