The Goldilocks Effect

by


by Paul Slater | Nuix


The classic fairy tale Goldilocks and the Three Bears tells the story of a young child who wanders into a strange house owned by three bears in the middle of the woods. Each bear has its own food, chair, and bed. Goldilocks tries out each one in turn and finds that the first one is extreme in one way (too hot, too large, too hard), the next is extreme in the other way (too cold, too small, too soft) and the third one is “just right.”


This principle—the idea that something must fall within certain margins and not reach extremes at either end—applies even for investigations and legal matters. When it happens, it’s called the “Goldilocks Effect.”WHO'S BEEN EATING THE PORRIDGE?

Over the years, I’ve worked with many investigators and lawyers, helping them to understand and master the technical challenges involved in reviewing electronically stored information. What I’ve learned is how important and powerful it can be when people can collaborate on investigations. They can have multiple sets of eyes over the same evidence or divide it up based on sharing the workload or letting people focus on their area of expertise.

We recently wrote about this in our paper Nuix Lab Solutions for Digital Investigations.

Plenty of investigative products on the market try to provide this functionality. Their creators have come at the problem from several different angles. Some have retrofitted (as in, bought in and bolted on) a review platform onto a forensic tool. Others have tried adding forensic processing and analysis capabilities to an existing review platform.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


In either case, these solutions were designed to review text-heavy data such as emails and documents and often have overly complex ‘plumbing’ under the surface to connect different databases together. These platforms are great when used for large email-centric investigations. However, the time, effort, and cost required to use them on smaller investigations can be like using a sledgehammer to crack a nut. They are often too complicated, too restrictive, or just not right for the job.

Investigators also find traditional review platforms too restrictive when dealing with multimedia-heavy investigations that are common in a multi-device, internet-connected, social-media-driven world. These tools are typically very two-dimensional with little or no visualizations to uncover hidden connections between seemingly unrelated things.

From a technical perspective, data often needs to be passed between systems. This often requires reprocessing, converting, moving, and finally loading data into a review platform. Of course, this takes time, costs money, and adds further overheads such as quality control. And if an investigator uncovers the “smoking gun” after several rounds of reprocessing, it can cause enormous headaches trying to trace the review tool’s textual representation back to the original evidence source in order to produce evidence for a court or undertake further analysis, especially around maintaining provenance.

As a result, for seasoned investigators (and quite a few new ones), the technology they use to facilitate reviews or investigations often gets in the way or hinders their flow. All investigative tools require compromise. None were built from the ground up to support the sort of digital investigations we commonly conduct today.

NOT TOO HOT, NOT TOO COLD

So why am I telling you this? An important part of my job is spending time listening to existing and potential clients to understand their needs. They are the experts in their field—and they ultimately know what they want an investigation solution to do.

Based on a lot of this feedback, we recently launched Nuix Investigate. It enables investigators, lawyers, subject matter experts, and non-technical personnel to seamlessly collaborate on an investigation with the convenience of secure web access.

Users can now process, search, and collaboratively review evidence in a single workflow without converting or transferring data between tools.

Nuix Investigate includes powerful visualizations to help investigators quickly establish connections between people, objects, locations, and events, building on our ‘single pane of glass approach’ to digital investigations. This enables investigators to establish a case position sooner and identify the most influential suspects so investigators can make faster and better-informed decisions. And all of this is underpinned by the power of the Nuix Engine.

As Goldilocks famously said, “This one’s just right!”

Leave a Comment

Latest Articles

Digital Forensics Round-Up, April 24 2025
News

Digital Forensics Round-Up, April 24 2025

ByForensic FocusApr 24, 2025
The DFIR Investigative Mindset: Brett Shavers On Thinking Like A Detective
Podcast

The DFIR Investigative Mindset: Brett Shavers On Thinking Like A Detective

ByForensic FocusApr 23, 2025
2025 MD-Series Q1 Release Note Highlights
News

2025 MD-Series Q1 Release Note Highlights

ByGMDSOFTApr 23, 2025
AI And eDiscovery: A New Era In Legal Technology
News

AI And eDiscovery: A New Era In Legal Technology

ByCellebriteApr 22, 2025
Forensic Focus Digest, April 18 2025
News

Forensic Focus Digest, April 18 2025

ByForensic FocusApr 18, 2025
S21 Global Alliance Database (S21 GAD): Revolutionising CSAM Investigations With Unmatched Global Intelligence
Articles

S21 Global Alliance Database (S21 GAD): Revolutionising CSAM Investigations With Unmatched Global Intelligence

BySemantics21Apr 17, 2025