From The Lab: DFS Jay Varda on Advanced Data Extractions

Jay Varda is a Federal Digital Forensic Specialist (DFS) at Grayshift. He is a subject matter expert in Mobile Device Forensics. Before joining Grayshift, Varda served in Federal Law Enforcement for over 29 years, with over half of those years as a Computer Forensics Agent within Homeland Security Investigations. Varda possesses several certifications and is a court-qualified expert witness in Digital Forensics. He graduated from Western Illinois University and earned a Master of Science in Forensic Computing and Cybercrime Investigations from the University College of Dublin (UCD). 

In addition to good advice for new law enforcement agents and civilians, Varda brings extensive knowledge of advanced data extractions and how digital forensic tools can make a difference in your backlog to this interview – and a love for drones.  

Meet Jay Varda: 

1. It’s obvious you’re a #nerdcop. What’s your favorite type of technology you love to use every day?  
   I have often been described as jolly, always having fun and enjoying myself. I enjoy apps that allow me to wind down at night, laugh, and relax. Also, I love flying drones, but I am not so good at it, so I keep crashing them, which keeps me from doing too much of it. 

2. When you were a digital forensic investigator, what types of cases did you typically encounter? 
   I was an agent with Homeland Security Investigations (HSI), and about eighty percent of the cases handled by the forensic lab were Child Exploitation cases. The rest of the cases were a mixture of drug cases, fraud cases, and human trafficking. Within many of these cases, we encountered locked or damaged devices that made it difficult to extract data. 

3. Is there an example of a case you investigated with GrayKey? Can you tell us how GrayKey could have helped? 
   When I was assigned to the HSI Cyber Crime Center, my primary role was advanced data extraction from mobile devices. My unit was the last resort for the entire forensics program to obtain data from mobile devices. It was sent to my unit only if a forensic agent could not get that data from a device. So, we had cases from all over the world. HSI also has a significant number of task force officers, so our unit would also help their respective departments. Before  GrayKey, we had about a yearlong backlog of devices to extract data from. After receiving two GrayKey units, we went through that backlog in about two months, using the GrayKey tools almost 24 hours daily. They made a difference in getting actionable data out to case agents. 

4. What is one thing you wish people understood about the job? 
   I wish people understood the amount of time and work that goes into forensics. So many TV shows and movies make it look like an instant process for a full forensic analysis. And there is not an “All Evidence” button to simplify things. 

5. What was the most challenging crime you solved with GrayKey? 
   There wasn’t one that stood out over the others; my unit extracted data from over 700 devices in three years, most of which were done with GrayKey. A lot of the time, we never knew the outcome of the cases for which we extracted the data. Still, anytime we helped rescue a child or stop a child predator, the hard work was worth it. 

6. What challenges did you regularly face as a mobile forensics examiner? 
   Extracting data from encrypted or damaged devices. Encryption has made forensic units rely heavily on vendor tools to bypass or defeat encryption to extract data. Damaged devices most often need to be repaired or board transfers completed to extract the data. The most challenging damaged device cases were devices with internal damage, not just a broken screen, which can also be difficult if not done right. 

7. What advice would you give new digital forensic specialists to help them overcome similar challenges? 
   Attend as much training as possible, not just vendor-based training, but on a wide variety of topics that will allow them to handle a wide variety of cases. They should also consider training such as cell phone repair or soldering to help with damaged devices.  

8. What do you know now that you wish you knew when first starting out? 
   I wish I knew everyone on the DFS team when I was first starting out, so I could ask them questions. The DFS team has a wealth of knowledge and skills that complement each other. The ability to have people to ask questions and learn from them is invaluable in a technical field like forensics. No one will ever know everything there is to know about forensics. Still, an excellent forensic agent will learn how to find the answers, which includes asking others. 

9. What’s a secret about one of your teammates that most people don’t know but should?  
   Josh Carder spent a good deal of time on the front lines in the war on terrorism. Often travelling to undesirable places for months long deployments, he sacrificed time away from home to help forces eradicate some truly terrible people. 

10. What superpower do you bring to Grayshift? 
    I am relentless, no matter if it is trying to solve a problem, working all hours to test things, or creating and delivering presentations. Once on task I will not stop until I reach my end goal or assist someone in achieving theirs. 

Law enforcement professionals worldwide are no strangers to being relentless in getting the job done. If you’re interested in learning more about Grayshift technology solutions – like GrayKey or ArtifactIQ by Grayshift – for local, state, and federal law enforcement, click here. 
 
Other resources you might be interested in: 

• The Investigators Corner (login credentials required/can be requested) 
• A Beginner’s Guide to Building and Funding a Mobile Device Forensics Lab 
• Simplifying The Digital Forensics Analysis Workflow 
• Full Access to Braden Thomas and Scott Hettinger on ArtifactIQ by Grayshift 

© 2022. Grayshift, LLC. All rights reserved. Proprietary and confidential.