Digital Forensics and eDiscovery Trends: Keeping Up with the eTimesBondBeebe
Alex Helfand, ENCE, Computer Forensic Specialist
The digital forensics field is evolving rapidly to keep pace with the technology used to commit fraud. While eDiscovery often unmasks key evidence, criminals are still thwarting digital forensic specialists. The following technological trends are shaping digital forensics and forcing specialists to create new investigative technologies in order to effectively investigate fraud.
One of the biggest trends in digital forensics is developing technology to unmask anonymity. In countless fraud, espionage, and civil cases there are important e-mails that must be disregarded due to the fact that they were sent anonymously. However, that may change due to developing technology.
Concordia University in Canada is developing software to identify who typed an e-mail by simply viewing the e-mail text. It profiles a user by analyzing text or e-mails that they have written. The profile is then compared to the e-mail in question and the software determines if there is a match. Surprisingly, researchers claim a high accuracy rate. This seems to be far down the road in the cyber forensics future, but it is an emerging eDiscovery technology worth watching.
Examining Encrypted Devices
A US appeals court judge has just ruled that laptops and other digital devices carried into the US may be seized without a warrant. Seeing that the search limitations of digital devices seem to decrease with every court decision, a logical conclusion can be made that in the future all computer disks will feature full encryption. Very few users will voluntarily allow their personal property to be seized without a warrant, and encryption is a great way to protect data from prying government eyes. Encryption software is inexpensive and some versions are even available for free. Furthermore, all available versions of Windows feature full disk encryption.
This presents added challenges for digital forensics as specialists will need to find new ways to examine disks that will inevitably have full disk encryption. As more privacy and security are provided to users, more technological advances will be necessary to ensure that this privacy is not used for fraudulent purposes.