±Partners and Sponsors
New Today: 2
New Yesterday: 3
· Webmail Forensics – Digging deeper into Browsers and Mobile Applications
· Operation Endeavour: The Tip of the Iceberg?
· Forensic analysis of the ESE database in Internet Explorer 10
· WhatsApp – discovering timestamps of deleted messages
· Man In The Middle Attack: Forensics
· Extracting Evidence from Destroyed Skype Logs and Cleared SQLite Databases
· Windows 8 File History Analysis
· Understanding Rootkits: Using Memory Dump Analysis for Rootkit Detection
· Bitcoin Forensics Part II: The Secret Web Strikes Back
±Follow Forensic Focus
Future of the field
It's fairly easy to see that storage size is increasing, people are updating their devices annually and often having multiple devices running at the same time; so thats the first challenge
We're also starting to see the "internet of things" coming through, and as a result I can imagine that we will be seeing those devices eventually as well. I imagine that this could potentially blow out examination times as investigators may literally bring the kitchen sink and say "get data off this please".
We're also seeing mobile devices slowly becoming more secure when they're in an off state.
So my question is, what is the best way to stay ahead of the curve?
Do we pick a field and get good at it? Should we be moving more towards live forensics, or proactive forensics? and do people think that slowly dead box forensics will eventually become obsolete.
- Senior Member
- Senior Member
So I would say that Digital Forensics will get pulled in the same direction, especially the interaction between these devices and their cloud-based services. I see that potentially the kind of data that will be stored on physical devices themselves will only be files that are to large to be efficiently uploaded to a data center over current connections (aside from device configuration and Operating System artifacts). It will be an interesting challenge to work out how to get to the required data, not only from a legal perspective but also how to ensure a 'forensic copy' is acquired.
In order to 'stay ahead of the curve' I guess we'll have to keep our ear to the ground and see what the roadmap looks like for iOS/Android to see what features we may have to end up investigating.
Also, seeing what new web services emerge ('The Next Facebook') and what they leave in terms of artifacts on a system.