As the amount of data held in hard drives increase, keyword searches started bringing thousands of search hits. It is not uncommon that an examiner can get around 70.000 search hits in a keyword search . Certainly not all of the results are relevant to the case, however you have to go over each of them to decide whether or not they are relevant to the case.
Sometimes the search for a specific key word which is related to the case might be very important. And you have to search for it. However, when you make the search -let's say a person's name- and it turns out that name is also used for something else, such as "Daisy" or "Eve".
The number of text lines that human eye can examine without break time is so limited, and you might miss the one if you hurry. And it can take hours even days to go over each search hit.
So, is there any good way of reducing time that has to be spent on going over thousands of search hits without reducing the quality of forensic work?
Greetings,
ediscovery is facing these challenges as well. Context searching and other statistical based methods are getting a lot of attention, but the courts (or just the lawyers going to court) are reluctant to accept new technologies so uptake is slow.
Unfortunately for forensics, statistical search techniques require support from the tools you're using. Until the forensics tools support it, you may be stuck.
This is but one reason that I think that demands for traditional forensics may shift towards demands for ediscovery and why I encourage pure forensics practitioners to learn more about ediscovery.
-David
You might want to check out the first thread you stated on this topic 😉
http//www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=7144