±Forensic Focus Partners
±Your Account

![]() |
![]() |
![]() |
![]() |
±Latest Articles
±Latest Videos
±Latest Jobs
Back to top
Skip to content
Skip to menu
Back to top
Back to main
Skip to menu
future challenges and trends
Page 1, 2, 3, 4 Next-
keen - Newbie
future challenges and trends
i was wondering if people here could speak on or direct me to resources that discuss some challenges or trends that face computer forensics. i'm new but am interested in the field. thanks
-
gmarshall139 - Senior Member
Re: future challenges and trends
One that really stands out is the size of storage media that we are faced with. Not only individual hard drives, but even home users are installing RAID's now. A 500 gig case is really not unusual. That takes a great deal of time and really taxes the hardware.
_________________
Greg Marshall, EnCE
_________________
Greg Marshall, EnCE
-
m7esec - Senior Member
Re: future challenges and trends
Yes, I agree with Greg, this kind of stuff makes me cringe.
ogadget.com/after-magn...s-182.html
Hey Greg, new job? Congrats!
_________________
GSEC, GCFA, GCIH, EnCE
Certified Forensic Examiner
St. Louis, MO
ogadget.com/after-magn...s-182.html
Hey Greg, new job? Congrats!
_________________
GSEC, GCFA, GCIH, EnCE
Certified Forensic Examiner
St. Louis, MO
-
keydet89 - Senior Member
Re: future challenges and trends
I second what Greg said, and would like to throw in something else...the need for "live" forensics. There are many systems out there that need to be examined but cannot be taken down.
Also, the knowledge level of the investigator is something that needs to be addressed. Gone are the days of DOS, fellas. In addition, the age of "Nintendo" forensics has passed, as well. How many images are examined, and not enough evidence is found simply because the investigator has little knowledge of the Registry, or of the log files on a system. As anyone hanging around this forum has seen, simple text searches don't always work with the Registry...you've got to contend with Unicode, Rot-13, and applications that store ASCII information in binary format (yeah, that's you, Adobe).
Keyword searches are still useful, but useful in the way that a toolbox with just a Philips head screwdriver in it is "useful". Guys, don't expect EnCase to add "Find all evidence" and "Issue subpeonas" buttons to their GUI.
Just my $0.02...see me if you want change.
Harlan
Also, the knowledge level of the investigator is something that needs to be addressed. Gone are the days of DOS, fellas. In addition, the age of "Nintendo" forensics has passed, as well. How many images are examined, and not enough evidence is found simply because the investigator has little knowledge of the Registry, or of the log files on a system. As anyone hanging around this forum has seen, simple text searches don't always work with the Registry...you've got to contend with Unicode, Rot-13, and applications that store ASCII information in binary format (yeah, that's you, Adobe).
Keyword searches are still useful, but useful in the way that a toolbox with just a Philips head screwdriver in it is "useful". Guys, don't expect EnCase to add "Find all evidence" and "Issue subpeonas" buttons to their GUI.
Just my $0.02...see me if you want change.
Harlan
-
arashiryu - Senior Member
Re: future challenges and trends
Some of my thoughts.
*Native whole disk encryption, 3rd party whole disk encryption.
*Thin Client computing.
*Use of virtual machines.
*Anti Forensics tools.
www.metasploit.com/pro...forensics/
www.cyberforensics.pur...ckheed.ppt
*Native whole disk encryption, 3rd party whole disk encryption.
*Thin Client computing.
*Use of virtual machines.
*Anti Forensics tools.
www.metasploit.com/pro...forensics/
www.cyberforensics.pur...ckheed.ppt
-
keydet89 - Senior Member
Re: future challenges and trends
Did you happen to read the PPT?
From the third slide:
"The volatility of DE and the reliance on tools makes cyber forensics very vulnerable to AF"
I do agree that anti-forensics tools are an issue, but
Also, whole disk encryption can be addressed with live acquisition. The producer of ProDiscover found this out...he acquired a system that had PGP Disk running.
Harlan
From the third slide:
"The volatility of DE and the reliance on tools makes cyber forensics very vulnerable to AF"
I do agree that anti-forensics tools are an issue, but
Also, whole disk encryption can be addressed with live acquisition. The producer of ProDiscover found this out...he acquired a system that had PGP Disk running.
Harlan
-
keydet89 - Senior Member