Vladimir, please tell us about your role as CEO of ElcomSoft. What does your day-to-day work entail?
To be honest, “CEO” does not actually reflect what I am doing. I’m taking care of quite a lot of things: strategic development, product roadmap, testing & QA, marketing, sales, even technical support, and much more. I should confess that I am involved in all processes in our company, from development and up to trainings and HR. And yes, I’m the one to give interviews as well 🙂 If you wake me up in the middle of the night (please don’t!) and ask any question about any of our products, I can’t help but start answering.How involved are you in the development of ElcomSoft's products?
I wish I were involved a little bit less 🙂 Our support and sales teams carefully collect all suggestions from our customers, and I decide what we have to implement, and when, and how the hell we’re going to do that. I am also monitoring about two hundred news feeds related to our industry, analyzing the trends, looking at new features introduced by our competitors, going through the latest vulnerability reports and security breaches, and so on and so forth. I do know all the strong sides and all the weak sides of our products, and have plans for their improvements for the next two years at very least. The only thing I do not do is coding (though I can do that as well if required).
You studied physics and mathematics at university. What initially sparked your interest in digital forensics?
That was a long time ago. Our company started over 20 years ago, but the first forensic product (it was just for breaking ZIP passwords at that time) only hit the market in 1998. And it was coded by me, and just for my own use. I did not even know the term “forensics”. Only a few years later we recognized the high demand for that kind of tools, and only when we got an order on this tool from the FBI. We were only working online at that time, but then we started taking part in various security and forensic events all over the world, building our own partner network, improving business processes in our company, and so on. My mathematical background really helped me here.
Tell us about some of the main challenges faced by digital forensics examiners today and the solutions offered by ElcomSoft.
In fact, our software only covers a very small (though very important) part of digital forensics. Generally speaking, we offer tools for two areas of digital forensics. The first category covers data decryption and password recovery, and the second one is for mobile forensics. These are tied closely together, as our mobile forensic tools also come with some password recovery features, allowing us to break passwords on device backups, and in some situations the device passcode. However, our mobile forensic tools are mainly intended for data acquisition from cloud services.
Speaking of the challenges in digital forensics, I can only speak about passwords (for documents, archives, databases, encrypted disks and so on). The times of snake-oil encryption is over; most vendors are using industry-standard algorithms, and their implementation is also proper. Moreover, they put special anti-cracking measures in place: password recovery speeds are very low even on the best equipment one can afford. That means that long and complex passwords cannot be cracked at all, so we rely mostly on the Human Factor, assuming that the password is not totally random. Password re-use also helps (we attack the weakest link, as real hackers do). And of course, other authentication methods are becoming more and more popular: biometrics, single sign-on, tokens and smart cards, etc.
As for mobile forensics, it is a rapidly expanding and constantly changing market. Examiners often need to crack device passcodes, and success rate here does not actually depend on the length and complexity of the password. The other approach is “chip-off” acquisition of the device, which is possible for most Windows Phone and BlackBerry devices, as well as many Androids. Our software uses a different approach (though we have tools for passcode cracking as well): we pull data from the cloud (Apple iCloud and Microsoft OneDrive for now, with Android/Google support is on the way). This method is often much more efficient because it does not require investigators to have access to the device itself. Instead, the expert will just need the appropriate authentication credentials (where and how to get them is a different story). As far as most smartphones sync their data across devices (through the cloud), we often get the same backup that you can obtain from the device itself. Our cloud acquisition is very flexible, and you can even pull just the selected data from the cloud. This is a completely new approach in digital forensics.
What does the future hold for ElcomSoft? What can we expect to see in the next year or so?
We don’t expect anything ground-breaking to appear in the password recovery field, yet we will actively maintain and update our tools. At this time, we invest more and more into mobile forensics. While it is a really interesting and challenging area for us to work in, we feel there is an extremely high demand on that. We have a very good background in encryption (and probably more in decryption), and this is where we can help the industry.
What are the most common public misconceptions around password recovery, and what can we as digital forensics professionals do to address these?
Do you know the most common question visitors ask at our expo booth? “How long does it take to crack the password?” 🙂 Yes, just like that, without any additional information about the kind of encryption being used or even mentioning the data format, without mentioning available equipment and just how complex the password is.
There are a lot of wrong assumptions, too. For example:
– passwords are going to die in next couple of years anyway (the first time I’ve heard that was 10 years ago)
– my password is secure (we silently hand such visitors one of our bumper stickers)
– I have nothing to hide
– you are hackers as you’re cracking passwords
– I developed an encryption algorithm that is impossible to crack (because no one cares)
– quantum supercomputers will be able to crack anything instantly
In general, most people don’t realize that security is not just software, or algorithm, or even a system. It’s a process.
I am not sure that I answered your question, actually. I would not even call myself a “digital forensics professional” – instead, those are our customers (well, most of them).
In your opinion, how will the world of digital forensics change over the next few years?
The most important changes occur in the amount of information being accumulated. Finding evidence is like searching for a needle in a haystack. It’s a huge challenge. Smartphones routinely come with 128 GB of storage and more , and though it could be just a few random HD videos, the other data may contain quite a lot of information that should be preserved, acquired, decrypted and analyzed. So, in my opinion, digital forensics will develop in the direction of smarter data analysis.
The second change should happen (and is already happening) in terms of “decryption”. Current encryption standards are good enough. Once they are implemented properly, it is already hard to deal with them, even if one has a lab with several supercomputers and the best security analytics. As a result, forensic people and law enforcement will have to use their authority and power to bypass the encryption.
One of the questions we often see on the Forensic Focus forums is “How do I get started in a computer forensics career?” What advice would you give to someone interested in becoming a developer of digital forensics software?
Do they want to become a “forensic examiner” or a “forensic software developer”? I don’t know much about being an examiner (though I’ve met a lot of them in the last ten years). Some of them are police officers who don’t know much about encryption, even though they are working in a forensic lab; others are dedicated analysts. Forensic software development requires more than the usual development and analysis skills.
General developers are only following specifications and guidelines. Of course, if one wants to become a forensic developer, they’ll need deep knowledge of encryption, UI design, system programming and more. But it is not enough to be an excellent developer to develop good forensic software. One must understand what their client really needs. Basically, if they look at the first question in this interview, they’ll understand what they are up to if they choose this career.
Finally, what do you do to relax when you're not working?
I hate working 24/7, but often do. Even when dining, or sleeping, or swimming in the pool, planning my next day or solving a problem that looks impossible at the first glance…
What I value the most is spending time with my family, whatever we do – traveling, skiing or just chatting about something not-so-important 🙂
Speaking about traveling, it’s my passion. I visited almost 50 countries, but that’s just the beginning. I love speaking to people who have different and unusual views. I learn a lot from them, whether it is a kid, a pensioner, or a policeman.
When I want to relax, I listen to the music – CD’s or good old vinyl.
Vladimir Katalov is the CEO of ElcomSoft, a software development company that creates solutions for digital forensics professionals, its main services being password and system recovery.
