Vladimir, you’re co-founder and CEO at ElcomSoft. Tell us a bit about your role – how has it changed this year?
I do quite a lot of things from marketing to technical support, and from project management to presentations about our research on various events worldwide, from HR to accounting. It’s easier to say what I do not do 🙂
But most of my time is being spent on product development. It is me who decides which particular features our products should receive, how those features should be implemented, and what new products we should release. It is actually something new every single day.What are you currently working on and why?
In a word, improving our products. It is easy to say but much harder to describe in detail. We know they are not perfect (yet), but we want them to be. That’s quite an interesting process, though sometimes I start thinking it has no end 🙂
How did you come to develop cloud forensics solutions, and were there any other developments of yours that brought you to this area?
For years, we have been developing desktop forensic software – mostly for data decryption and password recovery, and remain the leader in that market. Several years ago, we noticed that Apple has added password encryption to iTunes backups, so we implemented password recovery products for them, too. A bit later, iCloud backups were introduced, and we found that the product allowing people to download such backups may have value not just for consumers, but also for forensic and LE customers. That was a serious challenge.
Once that product has been launched (and at that time, it was unique), we discovered that even though there were a lot of mobile forensic tools on the market, there was a very high demand for some particular functionality that nobody was able to implement at the time. Those things were considered impossible; for example, breaking iOS 4 encryption (and we were the first who did that). After that, we had no problem deciding what we need to do – our customers are guiding us.
The current mobile forensics market is somewhat overwhelmed. How different are your solutions compared to others and what are your unique technologies and functionality?
As noted above, our top priority is customers’ demands. Our technical support team is not just helping our customers to resolve issues, but paying special attention to challenges encountered by forensic analysts, and taking note of any particular features they are missing. Also, we are carefully monitoring a number of different forums related to mobile forensics, and get more ideas from there – especially when people say that there is no product that can do this and that.
Finally, we are analyzing the changes and updates in mobile operating systems and mobile applications, always thinking what interesting information (for LE) can be obtained from those sources. And of course, we are looking at our competitors – when they release some new interesting features, we always consider if we could do the same, just better 🙂
We are always trying to do something really unique. We cannot brag about supporting thousands of devices – but you know, “There is an app for that” already. We do something nobody did yet – or just do it better. “Better” means faster, more convenient, more reliable.
Next, we pay quite a lot of attention to details, usability in particular. Using our software does not require expensive and time-consuming training. Our tools can be even used without reading the docs. We have a social department in our team dedicated to user interface only. They think over every single checkbox or button in our tools. At the end of the development phase, we spend dozens of hours testing everything carefully, including unusual conditions, weird software configurations and inexperienced users. That allows us not to just catch most of the bugs before the release, but to implement the most convenient user interface that allows our users to concentrate on the task itself, and not on figuring how to use the tool.
There are some restrictions for cloud forensics in different countries. Do you foresee any changes here? What do you think the future of cloud forensics will look like?
Physical acquisition becomes more difficult nowadays. It is now impossible to do anything with many locked smartphones (even using the tricky chip-off method), but the cloud comes to the rescue. By default, most devices sync their data with one cloud or another, and you can get almost the same information from there as from the device itself. Sometimes, you can obtain more data from the cloud than from the device itself. Second, cloud forensics can be performed without having access to the device itself. Third, this approach is universal, and works for almost all devices – so we may not care about fragmentation (which is extremely high for Android devices).
To summarize, I think cloud forensics is the future of mobile forensics. Yes, there are some legal questions in many countries. But most cloud providers (including Apple, Microsoft and Google) already process government requests about the data stored on their side; in fact, our products do almost the same, just much faster and more conveniently (and often returning more information).
What are ElcomSoft's plans for the near future? Can we expect to see any new products or developments over the next few months?
We will continue to do whatever our customers need. New challenges appear every day; and even going through our current “to do” list will take a couple of years at least. As noted above, cloud forensics is the king, and it will become more and more important every year. There are more mobile devices now than there are people in the world; we all go mobile, living (and working) online. And there are a lot of bad guys online, too. We will do whatever we can to help LE to fight them.
Finally, when you're not working, what do you like to do in your spare time?
I enjoy doing my job, of course – but my heart is always with my family. I love traveling (fortunately, my job gives me this opportunity, but we often go to some new places just for a weekend); my other interests are books and music.
Vladimir Katalov is Co-Founder and CEO of ElcomSoft, a digital forensics solutions provider specialising in password recovery, mobile and cloud forensics. Find out more on their website.