Gary Coulthart
Digital Forensics Specialist, Australia
Grayshift

My first “forensic” acquisition of a mobile device whilst working for a public sector corruption investigation commission in Australia occurred 20 years ago. At the time, I could not have imagined the mobile device advancements, and the forever “catch up” cycle that would commence for forensic software and hardware companies. The future held constant challenges in the evolution for mobile forensic software and hardware vendors to provide clients with solutions to extract and decode data from devices (which was always slower back then for Australia). Armed with a digital camera, you dutifully took photos of every screen of the device, being a Nokia 8310, Ericsson T68i or similar. These devices had no built-in camera and limited memory, which in turn had limited positions (slots) for calls and SMS messages. Security of the device and data was limited. (How did we survive with no in-built in cameras or apps?) Once you took the hundreds, if not thousands of screen shots, then you imported the images into your agency’s word processor program, and it took weeks to create the report for the investigator.  

Fast forward a couple of years, and evolution in Mobile Devices with PDAs (personal digital assistants) being gaining popularity, and then Symbian, RIM and Windows operating systems commenced as the first “Smartphones.” Device memory, removable media card slots and the ability to surf the internet at GPRS speeds (if you could afford the plans) became an everyday reality. A logical extraction with forensic software/hardware became possible; this approach relied upon the ability of the mobile manufacturer’s desktop syncing software. A report could be obtained within hours, which was a godsend to investigators, who and were all happy with just a logical extraction of the devices. Although forensic solutions progressed so that you could obtain physical extractions, it still took several years to support this functionality in some operating systems.  

I left the government sector and started my own consultancy business with the focus on providing services in digital forensic, digital forensic training and providing expert evidence. I wanted to provide value for services not like what I had experienced with some products and services being offered in the industry being exorbitant.  

When Grayshift asked me to join their team, I was excited at the prospect of working for a business that had a highly regarded reputation in the industry and a sought-after product – the GrayKey solution. One of the reasons why Grayshift is held in high esteem is because its GrayKey product fills a critical void in the forensics industry, far exceeds the expectations of users and supports their clients even on the other side of the world. 

Since I joined the company, Grayshift has exceeded my expectations – the integrity of the business as well as the work ethic and professionalism of all the people who work there. They genuinely care about Law Enforcement and assisting them to complete their duties more effectively and efficiently. Bringing 30 years of experience combined with my skills in investigations and digital forensics, I hope that I can contribute – even just a little – to making life easier for the digital forensics officers by ensuring that Grayshift keeps abreast of our customers’ requirements globally. 

The material and information contained in this resource is based on 30+ years of in-the-field experience from the Grayshift Digital Forensic team and is intended for general information purposes only.  As always, please defer to your department’s policies and procedures as they relate to digital forensics.