This post is an excerpt from our recent brief, Creating a Single View of Digital Forensics Data.
Forensics and investigations have been in place as long as even the most rudimentary justice systems have existed. In the past, however, investigations primarily relied on physical evidence or traditional forensics to build cases and prosecute criminals.
Today, we more often hear the term “digital forensics.” That refers to electronic probative information that is stored or transmitted in digital form. It comprises a large portion of evidence used in prosecution, simply due to the exponential growth in digital communication and interaction among the public.
But Dr. Jim Kent, Global Head of Security and Intelligence for Nuix North America, and his colleague Keith Lowry, Senior Vice President of Nuix U.S. Government Services (USG) and Business Threat Intelligence and Analysis, explained that the new term doesn’t necessarily mean new evidence. “Digital forensics is still being able to relay the evidentiary trail and facts that you’d find in any investigation, and relay them to the person in a courtroom,” said Dr. Kent. “It’s basically the same old-fashioned criminal investigations but using digital and new methods of investigating those crimes.”
Whether it’s a fingerprint lifted from a crime scene or scanned at a security checkpoint, Dr. Kent and Lowry agreed that the evidence could equally contribute to the same case. But while digital forensics achieves the same goals as traditional forensics, the digitization of evidence does present new challenges to investigators.
Specifically, the explosive increase in digital data can overwhelm investigators and the systems they use to sort through evidence. “Because the world has become so digitized, the data is almost immeasurable,” said Lowry. “The size and quantity of data that you have to cull makes it extremely difficult and time-consuming to figure out what’s pertinent to the case at hand.”
So while digitization has created a wealth of new information that investigators can use to prosecute cases, it’s also presented significant challenges to managing that data, and – more importantly – turning it into digestible information. For resource-constrained agencies, providing the staff and computing power to sift through mountains of data can seem nearly impossible.
Additionally, with so much data coming from so many different sources, in so many different formats, siloes of information are often created. Those disparate repositories prevent investigators from getting the full picture of a single case, and from drawing intelligence between cases.
In order to make sense of the ever-expanding amount of digital forensics data, Lowry and Dr. Kent advocate for a different approach to investigations and have been hard at work to make that approach a reality. That methodology – called a “single
pane of glass” approach – combines all relevant data into one cohesive view, so that any investigator can quickly pull out
important case details and cross-reference it with other information.
To learn how to implement that approach to forensic data analysis, read GovLoop's brief Creating a Single View of Digital Forensics Data.