When the digital forensics profession was in its infancy back in the 1990s, we were examining computers that contained hard drives capable of holding a whopping 16 MB of data. In today’s world, that little keychain fob in your pocket holds 100 times that much digital evidence, and we recently saw the introduction of the 10 TB hard drive.
The result of this extraordinary growth in the amount of data that can be stored on computers and other electronic devices will be a breathtaking 50-fold increase in the size of our digital universe from 2010 to 2020, according to IDC’s Digital Universe Study.
This growing digital universe has complicated and prolonged complex forensics investigations. For starters, law enforcement agencies and corporate investigation teams are struggling to manage a backlog of computers and other devices waiting for examination. Unfortunately, by the time those devices are examined, it’s often too late to follow many of the leads that are produced.
Moreover, digital forensics examiners are fighting a tough battle to locate the needles amid the haystacks. The IDC study found that while roughly 23 percent of all available data would be useful if tagged and analyzed, just 3 percent is actually tagged and less than 1 percent is analyzed.
This challenge is exacerbated by the fact that our profession is too often using an “old world” approach in a “new world” society. Most investigators and attorneys don’t understand computer forensics and what it can accomplish in their investigations, and at the same time many computer forensic examiners don’t understand the larger arc of investigations and can therefore overlook relevant information. As a result, we somehow ended up with a “silo” approach to digital forensics, in which the Examiner and the Investigator work a case in separate cubicles and with little interaction.
The time has come to rethink this model. We need to find a way to bridge this gap and connect these two professionals. We need to leverage emerging technology tools so these professionals can better work together in the interests of both justice and efficiency. We need to enter a brave new world of collaboration.
The technology to achieve this goal is here now. For example, we can now use a centralized server architecture that allows 24/7 access to a case database from any office or any remote location in the field. And we can build on top of a web-based review platform that creates a collaborative environment for assessing digital evidence on a real-time basis.
AccessData is developing digital forensics software tools that help law enforcement agencies and corporate investigations teams break down the siloes and facilitate collaboration between forensic examiners and digital investigators. AD Lab is a powerful software platform for managing digital forensics investigations. It allows multiple examiners and reviewers to work on the same case—regardless of their location—and enables the team members to work together in an efficient, seamless way. This collaborative analysis streamlines the investigative process, facilitating a more productive workflow and reducing case backlog.
Keeping everyone involved in a digital forensics investigation on the same page, while maintaining data security and integrity, is a difficult task. But advanced forensics software solutions such as AD Lab can help make it easier to create a new workflow that destroys siloes and supports the collaboration required by modern digital forensics investigation teams.
About the Author
Nick Drehel is vice president of Digital Investigations Training for AccessData. Nick oversees the computer forensic, mobile forensic and incident response training staff, and also develops innovative training solutions worldwide for law enforcement agencies and corporations. His background includes more than 30 years of law enforcement experience, serving with the Houston Police Department Computer Crime/Forensic Unit and with the United States Secret Service Electronic Crimes Task Force.