Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Digital Evidence Source Growth During Recent Years

Logicube : 19 August, 2010  (Technical Article)
Logicube explains the requirements for new digital forensic methods as the quantity of data takes a massive leap through hard drive size increases as well as broadening of sources of data including IM log histories and other captured logs
When it comes to digital evidence, today's technologies have combined with a changing landscape to present a critical crossroads - and pose a difficult challenge to investigative teams. eForensics has become a linchpin for resolving crimes that involve digital evidence, and the process is growing more and more complicated, due to the capacities of hard disk drives (HDDs) growing exponentially; the large amounts of potential digital data evidence seen in criminal investigations; the ever-increasing sources from which digital evidence can be obtained; the complex logistics of sharing seized evidence data among forensic analyst teams (in place locally and remotely); rising crime rates and strained budgets that have seen investigative teams shrink in size.

The volume of sources that digital evidence can potentially be taken from has exploded in recent years, as courts are now allowing items such as computer memory files, digital photographs, IM histories, ATM logs, word processing documents, accounting files, spreadsheets, Internet browser histories, databases, computer backups, computer printouts, GPS readouts, and Digital Video or audio files to be entered into evidence.

On top of this added volume, the increasing size of the hard disk drives that contain much of this information is growing as well - this is a direct reflection of users needing to store and access more and more data of all types. Today's typical laptop or desktop PCs contain 1TB HDDs, though 2TB HDDs are also available, and analysts report that continued technology development will make 10 TB 3.5-inch HDDs, 5 TB 2.5-inch HDDs and 1 TB 1.8-inch HDDs possible by 2015.

According to industry analysts, the evolution and history of HDDs dictates that the explosive growth in size currently being experienced is all but guaranteed to continue - at a very rapid pace. It took more than 50 years for HDDs to reach 1 TB in size, and, just two years after reaching that milestone that was so long in the making, HDDs are already at double that capacity.

Industry expert and executive vice president and COO of Logicube, Farid Emrani, added that, "Due to many different factors, the industry is definitely seeing an exponential increase in the sheer amount of digital evidence needing to be captured, networked and preserved. It is of critical importance that solutions are available which keep up with current growth, and have the capability to handle future growth as well. The importance of getting the evidence into the hands of investigators who are building a case as quickly as possible cannot be overlooked."

Forensically preserving digital evidence is key to a successful prosecution, and forensic investigators have several choices when it comes to data capture. They can use a software program on a host computer along with a hardware "write-blocker" (a device that prevents the host computer from modifying the contents of the suspect hard disk) connected to the suspect drive; custom software programs that will read the suspect hard disk without writing directly to the suspect drive; and hardware-based forensic duplicators that combine the functions of a write-blocker and a host computer. Software-based acquisition typically provides much slower transfer rates than hardware-based solutions and can be very expensive to maintain. The increase in drive capacities along with the quantities of hard drives that may need to be imaged for any given investigation make it imperative to shorten the capture process so that investigators can quickly move on to the analysis phase.

With the bulk of the forensic process occurring in the analysis stage, shortening the time it takes to capture the evidence and get it into analysis can save valuable resources. Investigative teams are often short on manpower due to budgetary issues. Doing more with fewer resources has become the mantra of the day, and time management is of even more critical importance. The faster that data can be captured, the faster that it can go into analysis and move further down the judicial process, freeing up investigators to take on the next case. Investigative teams are often located across geographical areas, and the ability to share evidence data so that different personnel can work simultaneously on the same data set is equally important to streamline the entire analysis process.

The impact of today's new digital evidence landscape is widespread, as eForensics is being tapped by more than just law enforcement. In the private sector, corporations are becoming more diligent about protecting their assets by collecting digital evidence. Government-run operations like the Department of Homeland Security, the Army, FBI, NCIS, the Secret Service, and more also rely heavily upon digital evidence when prosecuting cases.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo