The proliferation of digital devices has, for some time now, posed significant challenges to investigators in the digital forensics field. Four of the top challenges at present are more devices, more data, more storage and risks associate with delays and backlogs. End users have undoubtedly gained greater variety and choice from the rapid and continued growth in digital devices for consumer use, however, it has also given those in the Digital Forensic & Incident Response (DFIR) field much to consider when conducting digital investigations. Now, let us look at those four challenges in more detail. 

1. More devices 

In 2020, it was estimated that the average UK home had 10.3 internet enabled devicesi, an increase of 26% from the previous three years. It is also estimated that the number of devices per household shows no signs of decreasing as more devices enter the digital device market, particularly within the Internet of Things (IoT) space. 

The exponential growth in the number of digital devices for personal use has inextricably led to a rise in digital forensic investigations. This has inevitably led to backlogs and delays in digital investigations.  

An independent inspection of how well police and other agencies use digital forensics in their investigations found that as many as 25,000 devices were awaiting examination across all UK police forcesii. Yet, this is not a regional issue and one that is experienced by law enforcement agencies worldwide. 

2. More data 

With more devices being used, this inevitably leads to more data being generated by those devices which in turn requires examination, collection, and analysis.  

This can present opportunities in digital investigations, presenting a trove of information for the examiner. This increase in the amount of data present also has a downside. The sheer amount of data present on, for example, a typical smartphone means that it can take time to acquire this data before analysis can begin. 

This is time that investigators can ill afford, particularly for those investigations that are time-sensitive in nature. 

The volume of data in digital investigations is only going to rise as the number of digital devices we use increases in the interconnected world we now live in.  

3. More storage 

As the amount of data has grown so too has the demand for greater storage capacities on devices. 

Device manufacturers have met that demand by offering a range of storage options to meet different user needs. 

Within the Personal Computing market, storage capacities found in laptop computers can vary typically between 64GB and 1TB.  

Most of the technology websites offering advice on purchasing a laptop suggest that the majority of users will find 250GB and 500GB sufficient for their needs, while higher capacity drives are available for those with increasing storage requirements for specific applications e.g. gaming, video/photo editing etc… 

Advances in drive technology such as flash storage have also impacted the cost of drives, making them more affordable and accessible to end users.  

While Solid State Drives have gained popularity largely due to their efficiency and reliability, the cost of these devices still presents a barrier (although this is shifting!) which makes Hard Disk Drives a more cost-effective data storage solution. 

The availability of cloud storage cannot be overlooked too as users look for local storage alternatives such as Dropbox and Google Drive to store, share and collaborate on digital content, but it is those heavy users mentioned previously who will require immediate access to their files, particularly when working offline, and complete control of personal data, making on device and external storage the preferred choice.  

From a Digital Investigations perspective, it is more likely that evidence will exist on personal devices more so as those involved in nefarious activities aim to keep a low profile online. 

4. Risks with delays and backlogs 

The presence of more devices and more data means that any delays and backlogs encountered during digital investigations will increase the associated risks. 

The importance that these risks pose and the devastating consequences they yield is nowhere more apparent than in time critical investigations. 

In Child Sexual Abuse Material (CSAM) investigations, there will be safeguarding issues, the risks to victims being exposed to ongoing abuse and of further offences being committed if perpetrators are not identified from the outset and seized devices remain in backlogs for long periods of time, awaiting examination in Digital Forensic laboratories. 

For Terrorism related investigations, the effects can be just as profound where terror plots may be completed or actioned while the evidence relating to them is held up in backlogs because of delays in waiting for devices to be examined. 

Digital Forensic Triage and Cyacomb Forensics – A more focused and targeted approach 

Digital Forensic Triage addresses the issues outlined above that DF practitioners face by taking a more focused and targeted approach to digital investigations. Devices requiring a full examination can be identified and seized early on in investigations.  

This approach allows investigators to rapidly search through multiple devices while also providing benefit to staff in Digital Forensic laboratories by prioritizing those devices in need of a thorough examination. 

At Cyacomb Forensics, we have developed tools to empower investigators in labs and on-scene and to meet the challenges outlined above.  

Our tools help investigators locate evidence in minutes, for example, a 1TB drive may take several hours, using traditional hashing techniques to locate illegal material, whereas Cyacomb’s tools can take typically under 3 minutes to provide a first result for evidence of contraband material.

Keep your eyes peeled for our next blog when we’ll be discussing in more detail how Digital Forensics Triage can help investigators with each of the challenges mentioned above.  

Interested in knowing more? Contact us for further information about our exciting tools and game-changing technology that is making a real-world difference to digital investigations