Yuri Gubanov, Founder, Belkasoft

by

Yuri is the founder of Belkasoft, an independent software vendor specializing in computer forensics and system software for the Windows and Mac OS platforms.

Yuri, can you tell us something about your background and who you are?

I have a degree in mathematics and software engineering. I graduated with honors from St-Petersburg State University, Mathematical and Mechanical faculty. This is one of the oldest and best universities in the second largest city in Russia, famous for its white nights in June when you can even read at night being outside.Before starting my own company, I changed many hats being a junior and senior software developer, project and product manager, and then becoming a top manager in a software company.

You founded a software company, Belkasoft, in 2002. Tell us more about the motivation behind that decision.

Frankly, I have never thought I would end up in the forensic business. In 2002 I didn’t even know that word, “forensics”! But you know, you never know! As a software developer, I visited many places I never thought I would when studying computer science. Just an example; at the time we were working on software and hardware for analyzing grain, I visited many tiny towns in Australia like Wagin and Katanning, meeting with our potential customers – farmers.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Being an employee never completely satisfied me, and I started exploring options to be in a business of my own. It took a few years of trials and failures until one of my small utilities became successful on the forensic market. The tool’s only job was extracting data from ICQ databases, but my tool worked much better than the official ICQ convertor, which made it popular among home users and forensic customers.

At that time I was still working as an employee for an outsourcing company, being a ‘programmer for hire’ and doing random pieces in various software products. It took me a few more years before I finally decided to quit. It was a tough decision as I had no business background of my own. Fortunately, I learn quickly. I am much more confident in what I am doing today than I was back then. At that time my company already had a name in the forensic market, and offered tools that were way more sophisticated than the initial ICQ analyzer. Though I haven’t had forensic background at that time, I managed to develop myself in this direction. Today, they label me as a “forensic expert” when quoting my words.

Briefly, tell us more about the software Belkasoft creates. What specific challenges faced by digital forensic examiners are you trying to address?

Forensic examiners are enormously overloaded with work. On the one hand, they have piles of hard drives and disk images to investigate. On the other hand, each and every one of those drives contains hordes of various software pieces and bits of essential information to take into account. Now, adding time pressure into account, investigators only have so long to find evidence before another crime happens or the suspect flees abroad. It is close to impossible to do the job in time without a great deal of automation.

Our software aims to ease the process of forensic investigation as much as possible. We are keen to back our slogan, “forensics made easier”. The ultimate goal is to have a product that’s as easy as possible to operate, while supporting all common software pieces out of the box. We understand the nature of forensic investigations. We met with people who’re doing this job. We took notes, implementing what they wanted in our product the way they wanted it to be. Today, we’re proud to discover hundreds of artifacts without placing high demands on our customers. Our users don’t need to be computer science experts. In particular, they don’t have to know about all those database, log-file and history formats, registry places, encryption algorithms, file paths in the many different operating systems, etc.

We are best known for our instant messenger support, the area in which our product can be called best in its class. We support more than 70 various instant messengers, chat rooms and social network apps for Microsoft Windows and Mac OS.

What does your own role involve? What sorts of things are you involved with on a day to day basis?

Belkasoft is not a big company, so I am doing various things except for one: software development. Well, that’s not entirely true; I do software development when I’m fed up with my other work. In general, my daily schedule is filled with two things: leading our product development and selling our products. The latter allows me to travel extensively for conferences and meetings with our customers. I love traveling, so I’m pretty happy with that part of my job.

What are the biggest challenges you face as a developer of forensic software? What do you most enjoy about the role?

The biggest challenge is to decide what to do next. Our customers are brilliant at suggesting new features. Some of the features we invent ourselves. It’s impossible to implement all the features and do all the suggestions at once, if at all, so we struggle to keep the number of new features reasonable. Maintaining a world-class product means we must constantly test it every time a new version of supported software is released, which becomes harder and harder the more artifacts we support.

The thing I enjoy most is meeting a happy customer. At one of the first conferences I visited, most of the booth visitors I was talking to were saying: we know about your company, your software is great! It was a pleasing but surprising experience, as I didn’t do any ads at that time.

Another great thing (but a little bit more psychologically complicated) is turning an angry customer into a happy customer. Sometimes it takes a lot of effort if a customer faces a problem and already feels bad about our product, to make him say “wow, your support was brilliant in solving my problems!” But it’s definitely worth the effort.

In addition to your work with Belkasoft you recently also started a new website at f-interviews.com – tell us more about that project.

Speaking with people during the conferences, I learned that many of them are extremely interesting. They can tell a lot of stories, serious and funny, predict the future and give you good advice. All you need to do is listen. In that project, “f-interviews.com”, I’m trying to ask questions to key persons in our area. For example, one of the recent questions was how cloud technologies and social networks can affect the forensic market.

I have great hopes that maybe in a year or two I manage to speak with every well-known person in the area of digital forensics. This is the goal.

Looking to the future, how do you think the world of digital forensics will change over the next few years?

A lot of interesting predictions were made by the people I interviewed for the f-interviews portal. That included trends on giving up full drive imaging, changes caused by cloud software, and so on. So let me try giving predictions of my own, and not just repeating what my interviewees said.

1. I think in 5 years all forensic tools we are using now will be something completely different. We will rarely use then what we are extensively using now. The brands could be the same (e.g. Encase may be still named Encase), but they’ll do completely different things.

2. Desktop computers will leave most people’s homes. Average folks will have appliances such as media centers to keep images, video, music and documents. They’ll operate with a TV. Most folks will do their internet activities using their smartphones and tablets such as the iPad. Laptops will significantly decrease in number, remaining mostly in hands of business people.

3. It will be much harder to extract information from hardware devices. Locally stored data will be strongly encrypted by default, connection protocols will remain secure, and remote data will be securely stored in encrypted clouds. Most important data will be split in parts, with every part independently stored in different clouds (different computers, different countries) so you won’t be able to decrypt them even if you get full access to a particular cloud storage. This will be transparent to a user and won’t require any skills rather than to use a special application on your tablet.

4. More and more evidence against unskilled criminals will be pulled out of social networks. Police or third-party companies will have crawlers similar to Google crawler to index all open social network pages daily (if they don’t have that already). So, deleting unwanted information will not help. Of course, this will require powerful (and expensive) data centers to store tons of information, so most probably this will be commercial companies, not police (and police will pay them for every investigation)

5. Hmmm… I need to say something positive at last. Well, let me suppose that soon people realize the danger of having too much personal information publically available. They will publish it less often; social networks will help (or be forced to help) by implementing proactive mechanisms to prevent publishing potentially dangerous posts. Our children will be specially taught and trained in schools on how to be secure in social networks, so, after a bump, there will be much less crime based on disclosed personal information.

Finally, what do you do to relax when you're not working?

Various sports. Depending on time of the year it may be roller skating (one of my slalom clips got 70K+ views on youtube!) or snowboarding, football or even salsa (but not to the extent of David Lewis from Fulcrum, who even went to Cuba to master his salsa skills, heh).

I also love traveling. Though my tight schedule doesn’t allow me to travel much for leisure, I can spend a few days after a conference exploring the city. A few weeks ago I returned from my first vacation in 3.5 years, a vacation I spent on an Antarctica cruise. Three weeks with no Internet, no mobile phone and without the smallest chance to work! You can imagine what an excellent relaxation that was. And penguins, penguins, hordes of them!

Yuri can be contacted through the Belkasoft website.

Leave a Comment

Latest Videos

Forensic Focus

Forensic Focus
Throughout the past few years, the way employees communicate with each other has changed forever. 69% of employees note that the number of business applications they use at work has increased during the pandemic. Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment. Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with. Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review. With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications. Join Monica Harris, Product Business Manager, as she showcases how investigators can: - Manage multiple cloud collections through a web interface - Cull data prior to collection to save time and money by gaining these valuable insights of the data available - Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box - Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee - Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 4 hours ago

As a hybrid working environment continues to be a way of life for many professionals, the way employees communicate has been altered as well. The scope and volume of data that needs to be collected and reviewed from computers, mobile devices and cloud applications is evolving.<br /><br />As the devices and collaboration platforms employees use changes, the approach to collecting data generated on emerging devices and platforms grows increasingly complex as a result. In a 2022 Endpoint Intelligence benchmark survey, only 65% of legal professionals are confident in their ability to collect relevant data from endpoints.<br /><br />Understanding this ever-changing collection landscape is essential for legal and litigation technology professionals as modern data increases in volume in discovery.<br /><br />Join Monica Harris, Product Manager at Cellebrite Enterprise Solutions for an educational discussion on the what, when, why and how of modern data collections for legal teams.

As a hybrid working environment continues to be a way of life for many professionals, the way employees communicate has been altered as well. The scope and volume of data that needs to be collected and reviewed from computers, mobile devices and cloud applications is evolving.

As the devices and collaboration platforms employees use changes, the approach to collecting data generated on emerging devices and platforms grows increasingly complex as a result. In a 2022 Endpoint Intelligence benchmark survey, only 65% of legal professionals are confident in their ability to collect relevant data from endpoints.

Understanding this ever-changing collection landscape is essential for legal and litigation technology professionals as modern data increases in volume in discovery.

Join Monica Harris, Product Manager at Cellebrite Enterprise Solutions for an educational discussion on the what, when, why and how of modern data collections for legal teams.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_jVTDS1UTTtA

We’re Not in Document Land Anymore: Modern Data Collections for Litigation Technology Professionals

Forensic Focus 6th March 2023 10:00 am

In this episode of the Forensic Focus podcast, Si and Desi explore the cutting-edge technology of deepfake videos and image manipulation. In addition to discussing the latest technological developments and efforts being made to detect manipulated media, they also examine the associated legal and ethical implications. Show notes: Boris Johnson image - https://www.theguardian.com/politics/2023/jan/10/spot-the-difference-boris-johnson-appears-scrubbed-from-photo-posted-by-grant-shapps Deep Fake Neighbour Wars - https://m.imdb.com/title/tt21371376/ Stalin image - https://www.history.com/news/josef-stalin-great-purge-photo-retouching Nvidia eye contact AI - https://www.polygon.com/23571376/nvidia-broadcast-eye-contact-ai and https://www.youtube.com/watch?v=xl87WTDrReo Birthday problem - https://en.wikipedia.org/wiki/Birthday_problem Same frightening woman in AI images - https://petapixel.com/2022/09/09/the-same-frightening-woman-keeps-appearing-in-ai-generated-images/ Inherent mysogeny of AI portraits - https://www.theguardian.com/us-news/2022/dec/09/lensa-ai-portraits-misogyny Midjourney - https://www.midjourney.org/ Deepfake porn legality - https://www.theverge.com/2022/11/25/23477548/uk-deepfake-porn-illegal-offence-online-safety-bill-proposal and https://www.technologyreview.com/2021/02/12/1018222/deepfake-revenge-porn-coming-ban/ AIATSIS - https://aiatsis.gov.au/cultural-sensitivity Fake tiger porn story - https://www.dailydot.com/unclick/tiger-porn-britain-law/ Group photo with no blinking - https://www.countrylife.co.uk/comment-opinion/curious-questions-group-photo-179102 Emma Watson deefake audio - https://www.thetimes.co.uk/article/ai-4chan-emma-watson-mein-kampf-elevenlabs-9wghsmt9c Domestika - https://www.domestika.org/en/courses/981-introduction-to-interviewing-the-art-of-conversation Investigative Interviewing - https://www.amazon.co.uk/dp/0199681899?ref=ppx_pop_mob_ap_share Forensic Focus events calendar - https://www.forensicfocus.com/events/ Si Twitter - https://twitter.com/si_biles

In this episode of the Forensic Focus podcast, Si and Desi explore the cutting-edge technology of deepfake videos and image manipulation. In addition to discussing the latest technological developments and efforts being made to detect manipulated media, they also examine the associated legal and ethical implications.

Show notes:

Boris Johnson image - https://www.theguardian.com/politics/2023/jan/10/spot-the-difference-boris-johnson-appears-scrubbed-from-photo-posted-by-grant-shapps

Deep Fake Neighbour Wars - https://m.imdb.com/title/tt21371376/

Stalin image - https://www.history.com/news/josef-stalin-great-purge-photo-retouching

Nvidia eye contact AI - https://www.polygon.com/23571376/nvidia-broadcast-eye-contact-ai and https://www.youtube.com/watch?v=xl87WTDrReo

Birthday problem - https://en.wikipedia.org/wiki/Birthday_problem

Same frightening woman in AI images - https://petapixel.com/2022/09/09/the-same-frightening-woman-keeps-appearing-in-ai-generated-images/

Inherent mysogeny of AI portraits - https://www.theguardian.com/us-news/2022/dec/09/lensa-ai-portraits-misogyny

Midjourney - https://www.midjourney.org/

Deepfake porn legality - https://www.theverge.com/2022/11/25/23477548/uk-deepfake-porn-illegal-offence-online-safety-bill-proposal and https://www.technologyreview.com/2021/02/12/1018222/deepfake-revenge-porn-coming-ban/

AIATSIS - https://aiatsis.gov.au/cultural-sensitivity

Fake tiger porn story - https://www.dailydot.com/unclick/tiger-porn-britain-law/

Group photo with no blinking - https://www.countrylife.co.uk/comment-opinion/curious-questions-group-photo-179102

Emma Watson deefake audio - https://www.thetimes.co.uk/article/ai-4chan-emma-watson-mein-kampf-elevenlabs-9wghsmt9c

Domestika - https://www.domestika.org/en/courses/981-introduction-to-interviewing-the-art-of-conversation

Investigative Interviewing - https://www.amazon.co.uk/dp/0199681899?ref=ppx_pop_mob_ap_share

Forensic Focus events calendar - https://www.forensicfocus.com/events/

Si Twitter - https://twitter.com/si_biles

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i41eg24YGZg

Deepfake Videos And Altered Images - A Challenge For Digital Forensics?

Forensic Focus 13th February 2023 10:30 am

Load More... Subscribe
This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Tips And Tricks: Data Collection For Cloud Workplace Applications
Webinars

Tips And Tricks: Data Collection For Cloud Workplace Applications

ByCellebriteMar 20, 2023
ADF Solutions Offers Complimentary Mobile Forensics Training On March 22nd
News

ADF Solutions Offers Complimentary Mobile Forensics Training On March 22nd

ByadfsolutionsMar 16, 2023
Digital Forensics Round-Up, March 16 2023
News

Digital Forensics Round-Up, March 16 2023

ByForensic FocusMar 16, 2023
Magnet RESPONSE: New Free Tool For IR Investigations
News

Magnet RESPONSE: New Free Tool For IR Investigations

ByMagnetForensicsMar 15, 2023
UPCOMING WEBINAR – Video Evidence in 2023: Trends, Challenges, Potentials
News

UPCOMING WEBINAR – Video Evidence in 2023: Trends, Challenges, Potentials

ByAmpedSoftwareMar 14, 2023
Digital Forensics Round-Up, March 09 2023
News

Digital Forensics Round-Up, March 09 2023

ByForensic FocusMar 9, 2023
Share to...
BufferCopyFlipboardHacker NewsLineLinkedInMessengerMixPinterestPocketPrintRedditSMSTelegramTumblrVKWhatsAppXingYummly