Blog

Guest Blogger: Cassie Castrejon Interviewing Ira Victor

Q. Please introduce yourself to our readers
  1. My name is Ira Victor, and I am a big advocate of open-source software. I started working in forensics a couple decades ago, so I'm not new to this. I've seen a lot of commercial products come and go. The open source products have consistently been reliable and stable. But doesn't mean I'm open-source exclusive.

Q. What type of cases do you typically work?
  1. The vast majority of my work is in civil matters; I am not former law enforcement. Former law enforcement guys often have a comfort zone in the criminal world. My experience comes out of the private sector. The big exceptions to that is my involvement with InfraGard. There is a great need for digital forensics professionals within InfraGard, it is a public-private partnership between the FBI and the private sector to help protect critical infrastructure. I've worked cases on behalf of the FBI when they need help on certain special cases/circumstances. I would encourage people that are in the digital forensics, information security field, or those who want to get more into the field can do so with InfraGard. Go to https://www.InfraGard.org/ to find your local chapter get and involved. And, you can help protect critical infrastructure.

Q. When you select tools, what do you do for your selection process?
  1. The most important thing I do is I listen to my peers. I think that is the best way to know whether a tool can be useful to you. The Internet is great for that, of course, reading different bulletin boards, and blog postings. Also, talking face-to-face is the best way to know what tools people are using, what tools work in certain situations, and which tools are those to stay away from.

Q. What are the things you look for in evaluating new tools?
  1. The first and most important factor: does it work? You would be surprised how often a tool is either promoted or talked about, and then you actually have some work to do the tool flat out doesn’t work. Now, sometimes that’s because of a setting or something that needs to be fine-tuned. Work with a tool before you commit to buying it, or make other investments in hardware to run a tool.

Q. Do you watch any training videos that specific tools offer to see if you are doing the acquisition correctly?
  1. As a matter of fact, yes, I do. At the Paraben Forensics Innovators conference (PFIC), going back three or four years, Amber (CEO of Paraben) gave a great talk about how people should be going to YouTube, instead of just going to a search engine to find an answer to a technical question. There are so many users and companies is posting videos to demonstrate how a task is done, and the old saying a picture is worth a thousand words. Go to the sites that are going to give you links to videos, to show how a task is done, and to adapt that video to the problem that is sitting in front of you.

Q. What advice do you offer people just starting a lab?
  1. Three simple words IGNORE THE SPIN. Be skeptical. Keep in mind, there are a lot of companies out there, on the commercial side that will do spin and make promises they can't deliver. Even on the open-source side, someone will make a comment that says, oh I think this tool is good to do some particular task, but they really never actually did it, or they're not very well informed. Test your tools. You want to check with other peers and other sources, don't just accept one single source. Make sure to get a confirmation that other people are going around the problem, or achieving the goal using the same tool that you are using.

Q. Do you recommend multiple tools for validating software?
  1. Yes, I do. Validation is a really thorny issue because customers put a lot of pressure on providers to keep things at very low cost, and it's always a challenge to keep the cost low, and then spend an enormous amount of time on testing. I think it has to be reasonable. I test my tools and validate them, but you also have to be aware of the balance on how much time you were going to take to test something. Once I've reached a certain level of validation, that's when I have a reasonable expectation that the tool is right one for the task.

Q. Is there anything else you'd like to add as we conclude this interview?
  1. While I like and use open-source software, one of the features I like in quality commercial tools is that when I'm under a deadline, I can get help quickly. When you're in the open-source world, you have to spend a lot of time finding answers on your own. I don't always have that time. Find what works for you. You want to look for the appropriate tools for the appropriate project. When all you have in your hand is a hammer, everything looks like a nail. Be open-minded. Be flexible I would like to say one other thing. I find that a lot of people and digital forensics are only working in Windows OS, when on a computer. That really does limit your options if you are only working in Windows, I think everyone in digital forensics should not only be familiar with Windows, but Mac OS and Linux. My advice is you should have workstations or virtual machines for all three OS platforms. Sometimes the best tool that you want is really optimized for one platform, but not the other. You want to be able to flip and use the appropriate OS with the appropriate tool. That would be for both open-source and commercial tools.

 

Ira Victor has more than two and a half decades of information security and digital forensics experience. Ira has multiple certifications from SANS and ISACA. He is named as co-developer on multiple U.S. patents related to information security. Ira has hosted CyberJungleRadio, for more than a decade. The program covers security, privacy, and the law.