±Forensic Focus Partners
New Today: 2
New Yesterday: 11
±Follow Forensic Focus
· Project Spartan Forensics
· FT Cyber Security Summit Europe – London 22nd September
· The Future of Mobile Forensics
· TSFIC 2015 – Recap
· Evidence Acquisition and Analysis from Live Exchange
· TDFCon 2015 – Recap
· Acquiring Windows PCs
· Evidence Acquisition and Analysis from iCloud
· TSFIC 2015 – Myrtle Beach 31st May – 3rd June
Future of the field
It's fairly easy to see that storage size is increasing, people are updating their devices annually and often having multiple devices running at the same time; so thats the first challenge
We're also starting to see the "internet of things" coming through, and as a result I can imagine that we will be seeing those devices eventually as well. I imagine that this could potentially blow out examination times as investigators may literally bring the kitchen sink and say "get data off this please".
We're also seeing mobile devices slowly becoming more secure when they're in an off state.
So my question is, what is the best way to stay ahead of the curve?
Do we pick a field and get good at it? Should we be moving more towards live forensics, or proactive forensics? and do people think that slowly dead box forensics will eventually become obsolete.
- Senior Member
- Senior Member
So I would say that Digital Forensics will get pulled in the same direction, especially the interaction between these devices and their cloud-based services. I see that potentially the kind of data that will be stored on physical devices themselves will only be files that are to large to be efficiently uploaded to a data center over current connections (aside from device configuration and Operating System artifacts). It will be an interesting challenge to work out how to get to the required data, not only from a legal perspective but also how to ensure a 'forensic copy' is acquired.
In order to 'stay ahead of the curve' I guess we'll have to keep our ear to the ground and see what the roadmap looks like for iOS/Android to see what features we may have to end up investigating.
Also, seeing what new web services emerge ('The Next Facebook') and what they leave in terms of artifacts on a system.