Digital Forensics – Top 10 Challenges


The ability of criminals and terrorists to maximise the opportunities offered by new technology is constantly evolving. Burying incriminating data within the increasing storage capacity of PCs and laptops presents the police and security forces with new and demanding challenges; challenges that are exacerbated by the very short space of time in which examinations of seized assets can take place. Through experience gained delivering solutions across the UK Security & Resilience community, Andrew Nanson presents the Top 10 challenges that organisations are likely to face when implementing digital forensics solutions.

1. Storage

When each suspect can store over 10 terabytes of information on home equipment, a forensic laboratory must be able to cope with the uploading, retention and manipulation of that data. It’s no longer viable to rely on local storage for each analyst. Centralised-storage is becoming a necessity.

To address this issue, we have looked at the advantages offered by Fibre-Channel storage for the initial uploading and subsequent retention of data. Fibre-Channel storage is fast, reliable and supports very high levels of input-output for multiple applications and intensive processes, such as indexing. This is ideal for forensic laboratories that must perform to timescales and can’t afford for their capability to fail.

In addition, we believe it is advisable to complement the Fibre-Channel storage with very large amounts of Serial Advanced Technology Attachment (SATA) storage. SATA is cheap and reliable. By providing both Fibre-Channel and SATA disk storage, it is possible to balance the real needs of a forensic laboratory, at the best possible price.

The solution has been proven working alongside forensic-analysts using real data at a ListX facility in Bristol.

2. Backup / archive

Forensic laboratories are often now scaled to hold up to one PetaByte of online storage. We have devised a manageable solution that guarantees against loss of data. Furthermore, it does this without impacting on the performance of a system; a system that has to be operational 24/7/365.

By taking a ‘snapshot’ of the data before it’s sent to offline media, the performance of the live storage is never degraded. This provides the users and the business with what it needs: a system without planned downtime.

3. Application performance

The effectiveness of forensic laboratories is often down to the performance of the applications that are used by the forensic analysts. This is either because the applications do

not yet take advantage of modern hardware, or because the nature of their function is such that they will never perform as quickly as the business would like. To address this issue, VEGA can devise solutions that allows the most intensive forensic applications to be served from powerful-servers. This enables applications to operate with as little ‘lag’ as possible.

By providing multiple variables of the same application, forensic analysts can initiate multiple actions from a single workstation. This results in greatly increased productivity, removing ‘dead-time’ where analysts may have traditionally had to wait hours before undertaking other activities.

4. Scalability

All technology solutions have their limits, often requiring a step-change in hardware or software to expand or contract. This can be a prohibitive factor in gradual expansion of capabilities due to the cost associated with this step-change.

Therefore, developing solutions that are fully scalable, supporting capability and user expansion / contraction through modularised technology is essential as these can be designed to scale up to a PetaByte of storage from the start and can be further increased if required. There is no theoretical limit on the number of users that can be hosted.

In addition, as the majority of forensic applications are served, thin-clients can be deployed within minutes anywhere, with the full set of forensic tools required for any investigation.

5. Malware protection

One of the biggest issues for forensic laboratories is unknown malware. To understand what an unidentified piece of software can do, analysts sometimes need to reverse engineer it, or execute it and monitor what it does. If it transpires to be unknown malware, there is the potential of corrupting the entire forensic laboratory and calling into doubt the integrity of the environment used to produce evidence.

Even the best anti-virus programmes only mitigate known risks and attack-vectors. Therefore, a series of security-enforcing functions should always be built that are invisible to the user and enable forensic analysts to examine unknown code without risk to the integrity of the forensic laboratory.

6. Accreditation

The high profile data losses of recent years have propelled the issue of information assurance to the top of the political agenda. Having devised secure systems for the most sensitive parts of UK Government, we have the experience to create a solution that complies with HMG Manual of Protective Security, as well as JSP440. The security enforcing functions mitigate against high confidentiality, integrity and availability requirements.

7. System Integration

Forensic laboratories are normally isolated technical units that use an air-gap between themselves and the main desktop infrastructure. A solution can include secure and reliable integration methods that enable organisations to transfer data safely, between corporate systems and laboratories. This is based on devising methods to bring multiple sources of information together, to provide a seamless system that meets accreditation requirements, as well as extends the information available to users.

8. Support

It is unacceptable for forensic laboratories to require a high level of maintenance. Specialist understand this and have created a solution based on Commercial Off The Shelf (COTS) products, which means clients are not tied into any supplier for long-term support, since the skills required are readily available.

9. Longevity

The rapid development of information technology and the ability of criminals and terrorists to use them to their advantage, demands that any digital forensic solution is able to evolve quickly and with minimum disruption. We work with leading forensic application providers to ensure that we understand how best to improve capability for users now and in the future. Solutions should take account of the latest hardware in production, software development, and the ever-increasing burden on forensic analysts and that of the business. This long-term planning and investment demonstrates our commitment to this field.

10. Ensuring best value-for-money

As public sector budgets come under increasing pressure, and expenditure faces intense scrutiny, organisations must ensure investment in IT provides value-for-money.

Emergency Shelter and Forensic Work

Think of those, who have to bear being beaten, abused and harassed by their families, or ones who have been through a terrible accident. Even worse is the fact that there is nothing they can do about it. They have no place to flee and no doorway to escape. They have endured such tortures for years and have been living in darkness, completely unaware of any way out.

What are these people supposed to do? Where are they supposed to live? Victims of sexual abuse, domestic violence, natural disasters etc, need a temporary home to escape the injustice that has been dwelled upon them. These people need temporary homes, because, for several reasons, it is almost impossible for them to live in their previous residences.

This is where an emergency shelter comes in. An emergency shelter is like a temporary home where all such victims can stay all day, except when they have to go out for school or work. An emergency shelter varies in terms of the facilities it provides. Some are capable of providing meals, mental health counseling, and other medical facilities, while others are not.

Many of these people are somehow victims of criminals. They need help to prove that they have been assaulted. Not only this, but it also needs to be ensured that the people responsible for their crimes are punished, and get what they actually deserve. Help, in terms of evidence and proof, is needed so that the suspect can be convicted.

A team of forensic workers can help these victims of assault by seeing the true picture behind the scene. Their excellence in terms of knowledge can help gather evidence scientifically. Nowadays, it is scientific evidence that can make or break a case. Studies of fingerprints, chromosomes and DNA tests have helped the authorities put many culprits behind bars.

Many people do forensic research for social work. They help those who cannot afford lawyers or such investigators. History has witnessed many cases being solved mainly due to the help of forensic evidences, involving rape attempts, murder cases, domestic violence etc.

People at emergency shelters need all the support they can get. They are in a way homeless and have no one to turn to for this purpose. In such a scenario, forensic researchers can help them prove right, make sure justice is served and the criminals are put behind the bar. It does not only make those people smile and live again, but from a greater perspective it helps to make the society and the world a better place to live.

Advancements in forensic technology and techniques will eventually lead to cases being solved quicker and in a much more effective way. The world will witness a significant decrease in the crime rate, resulting in a happier and healthier planet. Fortunately, with the emergency shelters and social forensic workers, the victims of assault have someone to refer to and share their problems with. Working hand in hand, they can reach their goals and give them a better life to live.

How Technology Can Help In Solving a Crime

Computer Forensic becomes a very popular occupation to handle computer based crimes with different techniques and strategies. These techniques and strategies can help a computer forensic investigator to point out illegal activities performed by some one. It is a scientific study of computer based investigations. The investigator works with the processed or unprocessed data to extract required information.

Technology also helps an investigator to solve the critical problem of computer based crimes. Due to advancement of technology in computer education, the job of investigation becomes so dynamic to handle the computer crimes. With the use of technology an investigator can examine every key stroke of the keyboard, printing, data dumping, etc.
Different types of languages of computer help us to become more secure security systems to save the privacy of the firms or individuals. This kind of technological development of the language enhancement helps an investigator to solve the complex crime with ease by developing the highly secured security softwares.

We can also use the different security tools to protect our computers from forensic problems. These tools record, monitor and restrict websites or tasks of the operating systems. Computer forensics tools also track the emails, instant messaging to purify the required information from viruses and other spammers.

There are lot of devices those we can use in forensics investigation. Road Master 3 is a computer that based on investigation softwares those help an investigator to investigate the crime by acquisition of data and analyze the data to predict some specific results. It is also called Forensics Lab. Finger print analyzer also helps us to point out the exact person who involves in a particular crime. Highly secured servers also protect and monitor our computer.

Computer forensic is an invention of the new technology that may solve a lot of computer based crimes by using the different type of forensic tools and techniques. Study of computer forensics is becoming more and more famous all over the world due to technological growth of the of computers.