±Forensic Focus Partners
New Today: 0
New Yesterday: 8
±Follow Forensic Focus
· DFRWS Europe 2015 Annual Conference – Recap
· DFRWS EU 2015 – Dublin 23rd – 26th March
· SQLite Database Forensics – ‘Sleep Cycle’ Case Study
· Data Recovery As A Medium For Email Forensics
· Carving out the Difference between Computer Forensics and E-Discovery
· Forensic Analysis of SQLite Databases: Free Lists, Write Ahead Log, Unallocated Space and Carving
· How Secure Is Your Password? A Friendly Advice from a Company That Breaks Passwords
· Using SQL as a date/time conversion tool
· Forensics and Bitcoin
Future of the field
It's fairly easy to see that storage size is increasing, people are updating their devices annually and often having multiple devices running at the same time; so thats the first challenge
We're also starting to see the "internet of things" coming through, and as a result I can imagine that we will be seeing those devices eventually as well. I imagine that this could potentially blow out examination times as investigators may literally bring the kitchen sink and say "get data off this please".
We're also seeing mobile devices slowly becoming more secure when they're in an off state.
So my question is, what is the best way to stay ahead of the curve?
Do we pick a field and get good at it? Should we be moving more towards live forensics, or proactive forensics? and do people think that slowly dead box forensics will eventually become obsolete.
- Senior Member
- Senior Member
So I would say that Digital Forensics will get pulled in the same direction, especially the interaction between these devices and their cloud-based services. I see that potentially the kind of data that will be stored on physical devices themselves will only be files that are to large to be efficiently uploaded to a data center over current connections (aside from device configuration and Operating System artifacts). It will be an interesting challenge to work out how to get to the required data, not only from a legal perspective but also how to ensure a 'forensic copy' is acquired.
In order to 'stay ahead of the curve' I guess we'll have to keep our ear to the ground and see what the roadmap looks like for iOS/Android to see what features we may have to end up investigating.
Also, seeing what new web services emerge ('The Next Facebook') and what they leave in terms of artifacts on a system.