Given the ever – increasing prevalence of technology in modern life, there is a corresponding increase in the likelihood of digital devices being pertinent to a criminal investigation or civil litigation. As a direct consequence, the number of investigations requiring digital forensic expertise is resulting in huge digital evidence backlogs being encountered by law enforcement agencies throughout the world. It can be anticipated that the number of cases requiring digital forensic analysis will greatly increase in the future.
It is also likely that each case will require the analysis of an increasing number of devices including computers, smartphones, tablets, cloud – based services, Internet of Things devices, wearables, etc. The variety of new digital evidence sources poses new and challenging problems for the digital investigator from an identification, acquisition, storage, and analysis perspective. This paper explores the current challenges contributing to the backlog in digital forensics from a technical standpoint and outlines a number of future research topics that could greatly contribute to a more efficient digital forensic process.
Internet – of – Things
The Internet – of – Things (IoT) refers to a vision of everyday items that are connected to a network and send data to one another. Juniper Research (2015) estimates that there are already 13.4bn IoT devices in existence 2015, and they expect this figure to reach 38.5bn by 2020. These IoT devices are typically deployed in two broad areas: in the consumer domain (smart home, connected vehicles, digital healthcare) and in the industrial domain (retail, connected buildings, agriculture). Some IoT devices are common place items that have Internet connectivity added (e.g. refrigerators, TVs), whereas others are newer sensing or actuation devices that have been developed with the IoT specifically in mind.
Emerging Cloud Computing or Cloud Forensic Challenges
Usage of cloud services such as Amazon Cloud Drive, Office 365, Google Drive, and Dropbox are now common place amongst the majority of Internet users. From a digital forensics point of view, these services present a number of unique challenges, as has been reported in the 2014 National Institute of Standards and Technology’s draft report (NIST,2014). Typically, data in the cloud is distributed over a number of distinct nodes, unlike more traditional forensic scenarios where data is stored on a single machine.
Distributed Digital Forensics has been discussed for some time (Roussev and Richard III, 2004, Shanmugasundaram et al., 2003, Garfinkel et al., 2009, Beebe, 2009). However, there is more scope for it to be put into practice. Roussev et al. (2013) cite two main reasons that the processing speed of current generation digital forensic tools is inadequate for the average case: First, users have failed to formulate explicit performance requirements; second, developers have failed to put performance as a top – level concern in line with reliability and correctness.
- HPC and Parallel Processing
- GPU – Powered Multi threading
- Field – programmable Gate Arrays
- Applying Complementary Cutting Edge Research to Forensics
In this paper a number of current challenges in the field of digital forensics are discussed. Each of these challenges in isolation can hamper the discovery of pertinent information for digital investigators and detectives involved in a multitude of different cases requiring digital forensic analysis. Combined, the negative effect of these challenges is amplified. The digital evidence backlog is currently in the order of years for many law enforcement agencies worldwide. The predicted ballooning of case volume in the near future will serve to further compound the backlog problem – particularly as the volume of evidence from cloud – based and Internet – of – Things sources continue to increase.
In terms of research directions, practices already in place in many Computer Science sub – disciplines hold promise for addressing these challenges, including those in distributed, parallel, GPU and FPGA processing, as well as information retrieval techniques. These research directions can be applied to digital forensics requirements to help combat the backlog through more efficient allocation of precious digital forensic expert time through the improvement and expedition of the digital forensic process itself.
Source: Embry Riddle Aeronautical University
Authors: David Lillis | Brett A.Becker | Tadhg O’Sullivan | Mark Scanlon