Go to the Globe and Mail homepage

Jump to main navigationJump to main content

(Getty Images/iStockphoto)
(Getty Images/iStockphoto)

SOFTWARE

The case of the virtual detective and the missing Facebook chat Add to ...

The suspect claimed never to have had contact with the victim. Royal Canadian Mounted Police forensics experts in Saskatchewan suspected the two had been in touch through Facebook, but despite searching the suspect’s computer hard drive they had been unable to find evidence.

Then they tried a piece of software called Internet Evidence Finder, from Magnet Forensics Inc. in Waterloo, Ont. It recovered from the computer clear evidence of a Facebook chat between suspect and what appeared to be the victim – “a nice back and forth conversation,” says Constable Brian Ferguson, a forensic analyst with the RCMP Saskatchewan Technological Crime Unit in Regina.

More Related to this Story

Mr. Ferguson has been using Internet Evidence Finder since before Magnet Forensics even existed. He had met Jad Saliba, Magnet’s founder and chief technology officer, at police forensics conferences when Mr. Saliba worked in the tech crime unit of the Waterloo Regional Police Service.

Mr. Saliba had a long-time interest in programming and had worked at Waterloo-area technology company OpenText Corp. before joining the police. He developed the Evidence Finder software in his spare time and offered it free to colleagues at other police forces.

“I started seeing that what a lot of evidence investigators wanted was from social networks like Facebook, Web mail, online chat and other Internet-related sites, but there wasn’t anything out there to find that kind of data,” Mr. Saliba says.

Computer hard drives are filled with data that can be useful to investigators. Even when a file has been erased, much of what it contains remains on the drive until the space where it was stored is used for new data.

Evidence Finder can’t necessarily recover entire files and social-network conversations, since it can’t get into the servers of Facebook and Google, but it can tell investigators what exists. If police know that a file whose name suggests it is relevant to an investigation was stored on an online storage service, for instance, “they could then get a search warrant based on that information,” says Adam Belsher, Magnet Forensics’ chief executive officer.

What sets Evidence Finder apart, Mr. Belsher says, is its ability to search for more than 60 types of data – and to do so in a single operation that an investigator can start and then leave alone until it’s complete. Other tools that can find the same data, he says, but not all in a single toolkit like Evidence Finder.

The other thing that seems to make a difference to law enforcement customers is Mr. Saliba’s first-hand knowledge of their needs.

“It’s definitely police-friendly,” says Det. Constable Jason Eddy, a forensic computer examiner at the London Police Service in London, Ont., who worked with Mr. Saliba in the forensics unit in Waterloo.

In the summer of 2011, Mr. Saliba left the police force to devote all his time to his software. He and Mr. Belsher, a former executive of Research in Motion Inc., founded JAD Software Inc., which they renamed Magnet Forensics in August of this year.

Thanks to the free copies Mr. Saliba had given out and to word of mouth, Mr. Belsher says, Evidence Finder already had a following among police forces.

Today, Magnet Forensics counts some major names in law enforcement among its customers – besides the RCMP, they include the Federal Bureau of Investigation, the Metropolitan Police Service in London, the New York Police Department and the U.S. Department of Homeland Security.

Magnet has branched out into government and military markets and started attracting corporate customers – among them Hewlett-Packard and Bank of America – who use Evidence Finder for purposes such as detecting employee fraud and preparing for litigation.

Mr. Belsher says police, government and military customers account for about 80 per cent of the company’s business today, but the corporate market is looking good too.

Magnet is also looking at expanding its focus from searching computer hard drives to looking for evidence on mobile devices such as smartphones and tablets, and even game consoles, Mr. Belsher says.

The company has never sought outside financing, Mr. Belsher says. Revenue was around $650,000 in 2011, he says, and 2012 figures are running around 400 per cent ahead of last year. Mr. Belsher hopes for revenues around $3-million this year. That sounds like evidence of success.

Follow us on Twitter: @GlobeSmallBiz

In the know

Most popular video »

Highlights

More from The Globe and Mail

Most Popular Stories