Arman Gungor - CEO of Metaspike

in the chair with Jon Munsey - December 2019





Arman, Forensic E-Mail Collector (FEC) was recently reviewed here on Computer Forensic Reviews Online acheiving a massive 9 out of 10 score, with Metaspike also acheiving a Super Vendor award for outstanding conduct and support.


Following on from that, we like to interview vendors to find out a little more about them, their company and their products.


I don't allow sales pitches or corporate bulls*it on these pages, so readers, you should find something for everyone here, from which bugs were hard to squash, through to where they are going next.


I'm no journalist, but hope you enjoy the read and remember to subscribe to be notified of new interviews (people are lining up!!!!) in the future.


Anyway, enough waffle and on with the show;


About Metaspike:


Q1.  Can you tell us how Metaspike came to be, how long have you been in existence?


Also, where are you based and what’s the weather like their this time of the year (us English folk love to talk about the weather!). 


A1.  Thanks for taking the time to review FEC, Jon!


As a digital forensics firm, we have needed a reliable forensic email acquisition software for as long as I remember.


Metaspike was born to develop that software and other forensic cloud preservation tools and make them available to fellow forensic examiners worldwide.


We formed the company in 2017 in Los Angeles, California.


We are spoiled by the weather in Los Angeles—it is 73 F (~23 C) as I type this!


Q2. What is the working environment at Metaspike?


Do you have free soda and candy/chocolate and yoga matts everywhere, or is it more like roman galleon ship with you walking up and down the middle of the cubicles whipping the programmers?


A2.  We do have a relaxed work environment, but we don't indulge much in the free soda and candy—mostly coffee and occasional happy hours to blow off some steam.


Our office is in a coastal city called El Segundo in Los Angeles county.


Q3.  In relation to the business, not products - what are you plans for the company?  Are you planning to stay small and nimble or are you looking to grow larger?


A3.  Our plan is to stay agile and retain both our financial and creative freedom. While there are many successful software companies that are large, I've found that my favorite products often come from smaller teams.


About Arman Himself:


Q4. Can you introduce yourself to our readers.  If you can give us a little bit about your background, how did you get into forensics? 


A4.  Sure! My background is in electrical engineering and I started in the legal field in 2004 in Washington, DC when I took a job at an eDiscovery company.


At first, my work involved managing the eDiscovery department and its related software development efforts.


My focus quickly shifted from eDiscovery to digital forensics and I've been an active digital forensic examiner since then. 


Q5.  Can you tell us your favourite piece of forensic software that you use regularly?


A5. If I could only pick one forensic tool (other than FEC, of course), it would have to be X-Ways. It is very versatile, and I love the no-nonsense approach.

That said, I usually prefer using multiple, focused tools rather than forensic suites in my investigations.


Two of my favorites at the moment are USB Detective and EZ tools.


[Editor - Ooooo, I like the sound of those tools, added to the list of tools to review!]

Also, when I set up a new Windows computer, the two things I install first are Directory Opus and UltraEdit—in that order.



Q6.  In your experience can you name two forensic software companies who you feel have great customer support.


A6.  F-Response and BlackBag have impressed me in the support department in the past.


Development of FEC:


Q7.  Can you tell us how you came up with the idea of FEC?


A7.  The general outline of FEC has been in my mind since mid-2000s.  I was often tasked with collecting large Yahoo and AOL mailboxes back then, and the tools that were available did not keep track of acquired items, resume failed acquisitions, or report issues.


I would frequently end up with incomplete acquisitions and had to perform hours of quality control and jump through many hoops to get a complete acquisition. I was sure there had to be a better way!


In the last few years, multi-factor authentication gained traction and collecting emails with legacy tools became even more painful.  We also started receiving many requests for searching mailboxes before the acquisition due to privacy and scope concerns


These led us to put the development of FEC on the fast track.


Q8.  What was the most challenging  part of FEC development from a programmatical perspective?  What was the most difficult thing to make work ?


A8.  Working with email hosted in the cloud.


Unlike working with local files that can be accessed and queried reliably, cloud APIs are fussy.


Servers throw tantrums and put the brakes on.


Building the throttling mitigation and fault tolerance aspects of FEC has been the most challenging part so far.

Q9.  Can you tell us about development team behind FEC ?
A9.  A small team with digital forensics experience mainly focused on .Net development.
We are also into web apps, so you might see some web-based forensic tools from Metaspike in the future.
Q10.  Can you give us a few examples of bugs that were difficult to squash (track down) during development process. 
A10.  FEC works in a multi-threaded manner using multiple CPU cores to perform CPU-intensive tasks such as hashing. Getting the multi-threading to work correctly took some extra coffee and head scratching/banging at times.
Q11.  Can you tell us what method you used to create Microsoft PST files when Outlooks is not installed on the acquisition machine ? 
A11.  When we launched FEC, we were relying on Outlook to create output PST files.
While this worked quite well, it had a couple of drawbacks: It made deployment more challenging (users had to have Outlook installed for PST support) and imposed limitations on parallel acquisitions as we could output to one PST at a time on the same computer.

In October 2018, we switched to a Direct PST Writer model where FEC creates the PST itself without help from Outlook.
This takes place in managed code without dependencies and scales nicely. We can now write to multiple PSTs at the same time on the same computer.
Q12.  What language did you programme FEC in? Can you tell our readers a little about why you choose this language?
A12.  Most of FEC was written in C# because, in my opinion, it is a powerful and elegant language—especially for GUI app development for Windows. 
Q13.  The dongle you use for FEC is pretty cool and does not require any drivers under Windows 10, can you tell us why did you choose this particular vendor for your dongle?
A13.  Thanks! While dongles give the user great freedom in how licenses can be deployed, they can also cause great frustration.
Dongle conflicts between different software products and virtualization troubles come to mind.
We went with a "driverless" dongle to minimize friction. You plug it in, launch our software, and it just works.

You can use our dongles in virtual machines and even deploy them remotely over a network with USB over Ethernet.
Upcoming Features for FEC:
Q14.  We have recently had server side searching, along with POP protocol access to mailboxes, what is the next MAJOR feature to be added to FEC in the future?
A14.  The next major feature you should expect to see is queue manager.
We will build a nice user interface around managing batch acquisitions of multiple mailboxes.
Q15.  Are there any MINOR features that you planned to implement in next release? 
A15.  The next feature we are working on right now is revision support for Google Drive attachments.
Soon, FEC will be able to preserve point-in-time revisions of Drive attachments of emails during Gmail / G Suite acquisitions. Not necessarily minor, but I would say imminent.
FEC and the Competition:
Q16.  Who do you feel is your main competitor in relation to FEC?
A16.  Based on the feedback we get from our users, most of our users are switching to FEC from either using the email acquisition capabilities that are built into forensic suites, or from general-purpose email conversion and migration tools.
Q17.  Knowing that there was a competition out there, why did you feel that there is was a need for FEC?
A17.  We've found that the tools that have been available for forensic email preservation were not purpose-built.
While they did many other things, they had limited functionality in terms of email preservation.
Most of them were added to larger tools as an afterthought.
We wanted to build software that does one thing and does it very well.
Q18.  Why should our readers buy FEC instead of competitors product?
A18.  FEC is backed by real-world email forensics experience. We use it in our cases actively just as our other users do, and we built it from the ground up keeping the final act in mind: the courtroom.
Emails are collected in a read-only manner with all the detail you would need to authenticate and investigate them.

Secondly, FEC has many unique features not found anywhere else such as Remote Authentication, in-place search across Gmail, Exchange, and IMAP, Drive attachment acquisition, and more.

Finally, we aim to provide the best customer support experience in the industry. When you contact our support, you do not waste your day away talking to support representatives that barely know the software.
You talk to people who have participated in the development of the product.
Q19.  What options do your customers have to contact you about FEC?  Is there any way that they can read about other users’ experiences and submit feature requests? 
A19.  The best way to reach us is by emailing our support or getting in touch using the live chat on our website.
If needed, we offer to move the conversation to a phone call or video call to assist more effectively.

We hold regular user training sessions where our users can chat, ask questions live, and provide feedback.
We also have an ideabaord where we collect feedback and allow our users to vote on features they would like to see implemented.
Q20.  Do you have a discussion forums and if not, are there any plans to?
A20.  We do not have discussion forums at the moment, but we are open to putting it together if there is interest.
I invite our users to send us a note (or use our ideaboard) if they would like us to make it happen.
Training Courses:
Q21.  You have a vast array of guides and webinars available on the FEC website, do you have any plans to create a training course that customers can attend ?
A21.  We have had a few inquiries about this recently.
We have plans to have training courses for both FEC and also on email forensics in general.
Again, if interested, please send us a note so we prioritize accordingly.
Other Projects:


Q22.  We have recently seen mailbox Obliterator, do you have any plans for additional software that will be released within  the next 6 months.


A22.  Obliterator [editor - review is on the cards!] will likely get some major updates as it has received a lot of interest—both from our users as well as non-users.

We also have plans to release other forensic tools with a focus on forensic preservation from the cloud.


We are currently in the planning phase, hard to say if you will see the next software materialize within the next 6 months.


Events & Product Promotion:


Q23.  Are you promoting Metaspike or FEC at any upcoming events, if so can you share which   ones and when? 


A23.  Our preference has been to attend industry events as speakers and participants, rather than to simply promote FEC with a vendor booth.

This year, I've attended the Techno Security & Digital Forensics Conference in San Diego as well as the SANS DFIR Summit in Austin where I had presentations on email forensics.


While I didn't promote Metaspike or FEC, I feel that it was a great way to connect with our existing users as well as establish relationships with fellow forensic examiners.

We will send out an announcement once we make plans to attend the next industry event.


Long Term Future Products:


Q24.  Are you currently, or do you have any plans to release any other software products in a different area of the forensic software spectrum?


A24.  We are hyperfocused on forensic preservation at the moment, but we have a couple of long terms ideas around specialized forensic investigation tools for specific data types.

Thank you Arman for taking part in our “Super Vendor” interview, we wish you well with FEC and Metaspike, your products are always welcome here on CFRO as are your comments.


Keep up the good work and remember we don't want the kitchen sink in FEC, keep it E-Mail only and if you have any other cool ideas, put them in a separate product - we will buy anything :)

Want to Advertise ?

If you wish to advertise your company or specific products on CFRO, please visit the Advertise Here page for more details and pricing.

By sponsoring an advert on this page you can help us continue making honest and independent reviews.

Print | Sitemap
(c) 2024 CFRO - Not to be copied or reproduced without written permission.