Skip to main content

The Globe and Mail

The case of the virtual detective and the missing Facebook chat

Getty Images/iStockphoto

The suspect claimed never to have had contact with the victim. Royal Canadian Mounted Police forensics experts in Saskatchewan suspected the two had been in touch through Facebook, but despite searching the suspect's computer hard drive they had been unable to find evidence.

Then they tried a piece of software called Internet Evidence Finder, from Magnet Forensics Inc. in Waterloo, Ont. It recovered from the computer clear evidence of a Facebook chat between suspect and what appeared to be the victim – "a nice back and forth conversation," says Constable Brian Ferguson, a forensic analyst with the RCMP Saskatchewan Technological Crime Unit in Regina.

Mr. Ferguson has been using Internet Evidence Finder since before Magnet Forensics even existed. He had met Jad Saliba, Magnet's founder and chief technology officer, at police forensics conferences when Mr. Saliba worked in the tech crime unit of the Waterloo Regional Police Service.

Story continues below advertisement

Mr. Saliba had a long-time interest in programming and had worked at Waterloo-area technology company OpenText Corp. before joining the police. He developed the Evidence Finder software in his spare time and offered it free to colleagues at other police forces.

"I started seeing that what a lot of evidence investigators wanted was from social networks like Facebook, Web mail, online chat and other Internet-related sites, but there wasn't anything out there to find that kind of data," Mr. Saliba says.

Computer hard drives are filled with data that can be useful to investigators. Even when a file has been erased, much of what it contains remains on the drive until the space where it was stored is used for new data.

Evidence Finder can't necessarily recover entire files and social-network conversations, since it can't get into the servers of Facebook and Google, but it can tell investigators what exists. If police know that a file whose name suggests it is relevant to an investigation was stored on an online storage service, for instance, "they could then get a search warrant based on that information," says Adam Belsher, Magnet Forensics' chief executive officer.

What sets Evidence Finder apart, Mr. Belsher says, is its ability to search for more than 60 types of data – and to do so in a single operation that an investigator can start and then leave alone until it's complete. Other tools that can find the same data, he says, but not all in a single toolkit like Evidence Finder.

The other thing that seems to make a difference to law enforcement customers is Mr. Saliba's first-hand knowledge of their needs.

"It's definitely police-friendly," says Det. Constable Jason Eddy, a forensic computer examiner at the London Police Service in London, Ont., who worked with Mr. Saliba in the forensics unit in Waterloo.

Story continues below advertisement

In the summer of 2011, Mr. Saliba left the police force to devote all his time to his software. He and Mr. Belsher, a former executive of Research in Motion Inc., founded JAD Software Inc., which they renamed Magnet Forensics in August of this year.

Thanks to the free copies Mr. Saliba had given out and to word of mouth, Mr. Belsher says, Evidence Finder already had a following among police forces.

Today, Magnet Forensics counts some major names in law enforcement among its customers – besides the RCMP, they include the Federal Bureau of Investigation, the Metropolitan Police Service in London, the New York Police Department and the U.S. Department of Homeland Security.

Magnet has branched out into government and military markets and started attracting corporate customers – among them Hewlett-Packard and Bank of America – who use Evidence Finder for purposes such as detecting employee fraud and preparing for litigation.

Mr. Belsher says police, government and military customers account for about 80 per cent of the company's business today, but the corporate market is looking good too.

Magnet is also looking at expanding its focus from searching computer hard drives to looking for evidence on mobile devices such as smartphones and tablets, and even game consoles, Mr. Belsher says.

Story continues below advertisement

The company has never sought outside financing, Mr. Belsher says. Revenue was around $650,000 in 2011, he says, and 2012 figures are running around 400 per cent ahead of last year. Mr. Belsher hopes for revenues around $3-million this year. That sounds like evidence of success.

Report an error Editorial code of conduct
As of December 20, 2017, we have temporarily removed commenting from our articles. We hope to have this resolved by the end of January 2018. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to If you want to write a letter to the editor, please forward to