The current technology utilized in digital forensics is a combination of hardware and software tools that are designed to perform each of the functions for the examination process. As each new technology appears in the 86 Bianchi and Pollitt market place, the forensic practitioner must acquire the tools required to deal with this new technology. Consequently, this discipline is driven by the market.
In the acquisition phase, the forensic practitioner must have the hardware that will allow for connection to the storage media or transmission media utilized by the original evidence. In many situations, existing software collection tools can be used. If they cannot, they will either have to be modified or new tools developed. The tools used in the documentation step of the examination phase must be updated to correctly interpret new file systems and packet structures. Likewise, data recovery and data reduction tools must be “aware” of the evolving technologies.
Currently, examiners typically utilize top-of-the-line desktop computers with a complex array of data inputs and removable storage. The average cost to set up a Digital Evidence laboratory is $25,000 per work station. Network attached storage devices are becoming commonplace tools for allowing the processing, in an automated fashion, of a number of pieces of evidence in either parallel or sequence. Storage attached networks an even more complex and expensive technology, are being explored to further reduce the time required to process evidence.
Forensic software is also going through an evolutionary process. The software tools first used in conducting examinations were products that were produced by manufacturers of hardware, operating systems, and network operating systems to troubleshoot their products. Software tools followed, often written by forensic practitioners, to perform specific steps, or even substeps, in the forensic process. These tools became more numerous and complex over time and evolved into the complex graphical user interface tools that are the backbone of current practice. In the static evidence arena, tools, such as EnCase, Ilook, and Forensic Tool Kit, are most commonly used. In the dynamic data area, tools, such as Ethereal, Etherpeek, and DCS-1000, are utilized.
Moore’s law and the insatiable demand for more information in modern society will serve to continuously push the capabilities of forensic examiners. Whenever and wherever new technology appears, the Digital Evidence forensic specialist will have to acquire, preserve, examine, analyze, and present Digital Evidence. Likewise, each new technology will be examined to see if it can be applied to perform these tasks better, faster, and cheaper.
In the acquisition phase, the forensic practitioner must have the hardware that will allow for connection to the storage media or transmission media utilized by the original evidence. In many situations, existing software collection tools can be used. If they cannot, they will either have to be modified or new tools developed. The tools used in the documentation step of the examination phase must be updated to correctly interpret new file systems and packet structures. Likewise, data recovery and data reduction tools must be “aware” of the evolving technologies.
Currently, examiners typically utilize top-of-the-line desktop computers with a complex array of data inputs and removable storage. The average cost to set up a Digital Evidence laboratory is $25,000 per work station. Network attached storage devices are becoming commonplace tools for allowing the processing, in an automated fashion, of a number of pieces of evidence in either parallel or sequence. Storage attached networks an even more complex and expensive technology, are being explored to further reduce the time required to process evidence.
Forensic software is also going through an evolutionary process. The software tools first used in conducting examinations were products that were produced by manufacturers of hardware, operating systems, and network operating systems to troubleshoot their products. Software tools followed, often written by forensic practitioners, to perform specific steps, or even substeps, in the forensic process. These tools became more numerous and complex over time and evolved into the complex graphical user interface tools that are the backbone of current practice. In the static evidence arena, tools, such as EnCase, Ilook, and Forensic Tool Kit, are most commonly used. In the dynamic data area, tools, such as Ethereal, Etherpeek, and DCS-1000, are utilized.
Moore’s law and the insatiable demand for more information in modern society will serve to continuously push the capabilities of forensic examiners. Whenever and wherever new technology appears, the Digital Evidence forensic specialist will have to acquire, preserve, examine, analyze, and present Digital Evidence. Likewise, each new technology will be examined to see if it can be applied to perform these tasks better, faster, and cheaper.