Well, it’s day two for me at Magnet Forensics, and I thought I would take the opportunity to say “hello” to everyone and briefly comment on why I chose to work here, and why INTERNET EVIDENCE FINDER (IEF) has been a “go to tool” in my toolkit for a while now.
Magnet Forensics is a very unique “family” business. Nobody is technically related, but everyone treats each other like family, and it is one of the most positive goal-oriented teams I have ever worked with. Everyone in the company has a genuine interest in producing tools that are not only very useful and functional, but also serve the greater good of helping the good guys beat the bad guys (Jad has taught them well).I also thought it might be relevant to explain why I chose to use IEF during investigations in the past. Since its day two for me at Magnet Forensics, my hope is that this message comes across as an impartial forensic examiner, and not as a Kool-Aid drinking employee of Magnet Forensics (it’s too early for that yet). For those of you who know me, you know I am not the salesman type and I try to keep things simple and provide fair and honest feedback.
I have used many of the common forensic tools for many years now and can conduct keyword searches with the best of them (even in GREP). I can also manually decode many of the common Internet-related artifacts that I may find or write an EnScript/Perl program to do it for me. But the reason why I have relied on IEF in the past is the simplicity and consistency in which it does exactly what I need. That is, search for Internet related artifacts – and then let me quickly review those artifacts to see if they are relevant and need to be included in the investigation, and provide me those artifacts in a form that I can either produce a succinct report, or combine it with other relevant data.
The simple answer is efficiency. I can certainly run a built-in automated process that is included with most existing forensic analysis tools, but none of them come close to the list of artifacts that IEF can find and more importantly can put that data in an easy to use form that does not require a bunch of munging to make it useful, or play nice with other data that I may have from other sources.
There are some amazing things on the drawing board for future releases of IEF. But with that said, I really encourage you to provide any type of feedback (good or bad) about the product. The amazing team of developers at Magnet Forensics have some great ideas about new features for future releases, but we may not think of every possible way people use IEF, the data it produces, or the way you want to use that data.
If you have a suggestion, idea or complaint, please feel free to contact me anytime. My goal is to make myself available to help in whatever way I can. Even if you need assistance with using IEF with your investigation, or just need information/something explained further, feel free to contact me anytime.
I can be reached at ‘lance (at) magnetforensics.com’
