±Forensic Focus Partners

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 0
Overall: 27500
Visitors: 74

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

future challenges and trends

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2, 3, 4  Next 
  

future challenges and trends

Post Posted: Wed Mar 29, 2006 2:25 pm

i was wondering if people here could speak on or direct me to resources that discuss some challenges or trends that face computer forensics. i'm new but am interested in the field. thanks  

keen
Newbie
 
 
  

Re: future challenges and trends

Post Posted: Wed Mar 29, 2006 3:47 pm

One that really stands out is the size of storage media that we are faced with. Not only individual hard drives, but even home users are installing RAID's now. A 500 gig case is really not unusual. That takes a great deal of time and really taxes the hardware.
_________________
Greg Marshall, EnCE 

gmarshall139
Senior Member
 
 
  

Re: future challenges and trends

Post Posted: Wed Mar 29, 2006 3:56 pm

Yes, I agree with Greg, this kind of stuff makes me cringe.

ogadget.com/after-magn...s-182.html

Hey Greg, new job? Congrats!
_________________
GSEC, GCFA, GCIH, EnCE
Certified Forensic Examiner
St. Louis, MO 

m7esec
Senior Member
 
 
  

Re: future challenges and trends

Post Posted: Wed Mar 29, 2006 6:09 pm

I second what Greg said, and would like to throw in something else...the need for "live" forensics. There are many systems out there that need to be examined but cannot be taken down.

Also, the knowledge level of the investigator is something that needs to be addressed. Gone are the days of DOS, fellas. In addition, the age of "Nintendo" forensics has passed, as well. How many images are examined, and not enough evidence is found simply because the investigator has little knowledge of the Registry, or of the log files on a system. As anyone hanging around this forum has seen, simple text searches don't always work with the Registry...you've got to contend with Unicode, Rot-13, and applications that store ASCII information in binary format (yeah, that's you, Adobe).

Keyword searches are still useful, but useful in the way that a toolbox with just a Philips head screwdriver in it is "useful". Guys, don't expect EnCase to add "Find all evidence" and "Issue subpeonas" buttons to their GUI.

Just my $0.02...see me if you want change.

Harlan  

keydet89
Senior Member
 
 
  

Re: future challenges and trends

Post Posted: Wed Mar 29, 2006 7:16 pm

Some of my thoughts.

*Native whole disk encryption, 3rd party whole disk encryption.
*Thin Client computing.
*Use of virtual machines.
*Anti Forensics tools.
www.metasploit.com/pro...forensics/
www.cyberforensics.pur...ckheed.ppt  

arashiryu
Senior Member
 
 
  

Re: future challenges and trends

Post Posted: Wed Mar 29, 2006 8:05 pm

Did you happen to read the PPT?

From the third slide:
"The volatility of DE and the reliance on tools makes cyber forensics very vulnerable to AF"

I do agree that anti-forensics tools are an issue, but

Also, whole disk encryption can be addressed with live acquisition. The producer of ProDiscover found this out...he acquired a system that had PGP Disk running.

Harlan  

keydet89
Senior Member
 
 
  

Re: future challenges and trends

Post Posted: Thu Mar 30, 2006 5:42 am

I'd like to add "Physical memory analysis" to the list...

Harlan  

keydet89
Senior Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 1 of 4
Go to page 1, 2, 3, 4  Next