In 2018 my team and I spoke about Cyan Forensics at events across the UK and Internationally from Texas to Germany. I’m delighted by the really positive response we have received, but there’s one message that seems to resonate above all others: The need for radical change.
Digital Forensics is hardly a new field, but the landscape is changing constantly. In the early days when disks could at best hold a few hundred kilobytes or (sharp intake of breath) 1.44 Megabytes, it was just about possible to identify the meaning of every byte by hand. Those days are long behind us.
The number of digital devices people own is growing exponentially. Once upon a time (in the 90’s) families owned one computer, perhaps replacing it every few years. Now individuals have computers, smartphones, entertainment and media devices, wearables, and increasingly Internet of Things devices for home automation. Each new generation of technology offers an increasing range of new gadgets, rather than simply replacing an older model with a new one.
These devices have an exponentially increasing quantity of storage on them. Where once the 1.44MB floppy disk could just about hold one person’s life’s work, now we have smartphones with 1TB of storage. We can be sure next year’s models will offer even more.
Storage remains in a constant race with data – regardless how much storage we have, it never seems to be enough. We download more content, take more pictures and record more videos. We record and instrument every part of our life, with storage so cheap it’s easier to buy more than it is to clear out forgotten videos, the photos with our thumbs over the lens, and other detritus.
In addition to increased storage in traditional computing devices, we are beginning to see investigations solved by extracting data from new types of device, increasing the number of devices requiring analysed. All of these devices, all this storage, and all of the data, has the potential to act as evidence for investigators
The number of devices, quantity of storage and volume of data are all increasing exponentially.
The budgets and teams in Digital Forensics are not. (And never will.)
Therefore, doing more of the same simply can’t work.
Digital Forensics labs and teams are not seeing the exponential investment and growth needed to cope with exponentially increasing demand, and many are already falling behind. This results in either growing backlogs or ruthless prioritisation – both to the detriment of investigations.
I profoundly believe that the answer has to lie in transformational change. There are many forms this can take from automation of repetitive and time consuming tasks right through to AI assisted analysis. I don’t believe there is a single silver bullet, but rather that a jigsaw puzzle of practices and technologies will be brought together to make this change happen
I believe an important piece of the jigsaw puzzle will be triage, to enable better decisions earlier on in investigations, and potentially to reduce the number of devices that must be subjected to a full examination.
I believe what we are offering at Cyan Forensics, along with ideas from other forward thinking technologists, will be the beginning of a major evolution in triage that contributes significantly to these much-needed changes in Digital Forensics.
We’re not just offering more of the same. We’re offering innovative solutions to help teams under pressure cope in a world where demand for their services is increasing exponentially.