Current Challenges and Future Research Areas for Digital Forensic Investigation

In the given the ever-increasing occurrence of technology, there is a consistent rise in the likelihood of digital devices being relevant to a criminal investigation or civil litigation in modern life. As a direct significance, the sum of investigations requiring digital forensic skills is ensuing in huge digital evidence backlogs being come across by law enforcement agencies during the world. It can be expected that the number of cases requiring digital forensic analysis will importantly increase in the future. It is also possible that each case will need the analysis of a collective number of devices including computers, smartphones, tablets, cloud-based services, Internet of Things devices, wearables, etc.

Introduction 

The 21st century has seen a theatrical rise in new and ever-evolving technologies obtainable to consumers and trade the same. Usually, the consumer-level user base is now more skilled and well-informed about what expertise they pay in their day-to-day lives. The sum of cases where digital evidence is appropriate to an inquiry is ever-increasing and it is intended that the existing backlog for law implementation will balloon in the coming years as the pervasiveness of digital devices rises. It is for these explanations that it is important to revenue stock of the current state of affairs in the field of digital forensics. Cloud-based services, Internet of Things devices, and forensic techniques dispersed and high volume storage, and the sheer volume and heterogeneity of relevant devices pose new and challenging problems for the acquisition, storage, and analysis of this digital evidence. Due to the utter volume of data to be developed, stored, analyzed, and reported, joint with the level of expertise necessary to confirm the court acceptability of the resultant evidence, it was predictable that a significant backlog in cases awaiting analysis would occur (Hitchcock et al., 2016). Three particular features have donated to this backlog (Quick and Choo, 2014):

1. An increase in the sum of devices that are detained for analysis per case.

2. The number of cases whereby digital evidence is considered apposite is ever-increasing.

3. The volume of possibly evidence-rich data stored on each item detained is also increasing.

This backlog is having a significant influence on the ideal legal procedure. According to a report by the Garda Síochána Inspectorate [2015] (Irish National Police), suspensions of up to four years in conducting digital forensic investigations on seized devices have “extremely jammed on the timeliness of criminal investigations” in recent years. In some cases, these delays have resulted in prosecutions being dismissed in courts. This subject regarding the digital evidence backlog is further compounded due to the cross-border, inter-agency collaboration mandatory by several forensic investigations.

Rashaan (2013) bordered five major task areas for digital forensics, gathered from a survey of research in the area:

The complexity problem

The complexity problem, rising from data being acquired at the lowest (i.e. binary) format with growing volume and heterogeneity, which noises for sophisticated data decrease techniques before the study.

The diversity problem

The diversity problem, ensuing naturally from ever-increasing volumes of data, but also from a lack of standard techniques to examine and analyses the increasing numbers and types of sources, which bring a plurality of operating systems, file formats, etc. The deficiency of calibration of digital evidence storage and the formatting of connected metadata also pointlessly improves to the difficulty of distributing digital evidence between national and international law enforcement organizations (Scanlon and Kichadi, 2014).

The consistency and collaboration problem

The consistency and collaboration problem, caused by the fact that existing tools are planned to find remains of evidence, but not to otherwise assist in investigations.

The volume problem

The volume problem, causing increased storage abilities and the number of devices that store information, and an absence of sufficient automation for analysis.

The unified time-lining problem

The unified time-lining problem, where multiple bases existing different time zone locations, timestamp interpretations, clock skew/drift issues, and the arrangement features involved in generating a combined timeline.

Other issues contain boundaries on bandwidth for transporting data for investigation, the instability of evidence, the fact that digital media has a restricted lifespan that may probably result in evidence being lost, and the increasing ubiquity of encryption in modern transportations and data packing.

The following sections essence on several important emergent trends in modern calculating that contribute to the problems bordered above.

Internet of Things

The Internet – of – Things (IoT) mention a dream of everyday items that are associated with a network and send data to one another. Juniper Research (2015) estimations that there are already 13.4bn IoT devices in existence 2015, and they imagine this figure to reach 38.5bn by 2020. These IoT devices are classically organized in two broad areas: in the consumer field (smart home, connected vehicles, digital healthcare) and the industrial domain (retail, connected buildings, agriculture). Some IoT plans are commonplace items that have Internet connectivity extra (e.g. refrigerators, TVs), while others are newer detecting or actuation devices that have been established with the IoT precisely in mind.[i]

Future Research

Distributed Processing

Distributed Digital Forensics has been deliberated for some time (Roussev and Richard III, 2004, Shanmugasundaram et al., 2003, Garfinkel et al., 2009, Beebe, 2009). However, there is more choice for it to be put into exercise. Roussev et al. (2013) cite two main reasons that the dispensation speed of present age group digital forensic tools is inadequate for the average case: First, users have failed to formulate explicit performance necessities; second, developers have failed to put performance as a top-level concern in line with dependability and precision.

HPC and Parallel Processing[ii]

Despite the bottleneck of many digital forensic actions being disk read-speed, there are ladders in the procedure that are not restricted by the physical read-speed of the storage expedient. For example, the analysis phase can ingest large sums of time by computers and humans. High-performance computing (HPC) advantages should be working wherever possible to decrease computation time and to reduce the time obligatory by humans. Traditional HPC techniques usually exploit some level of parallelism, and to date have been underexploited by the digital forensic communal. There are several applications where HPC techniques and hardware could be active, for example, on expediting each part of the digital forensic procedure after the gaining phase, i.e., preprocessing, storage, analysis, and reportage.

GPU-Powered Multithreading

GPUs excel at “single instruction, multiple data” (SIMD) additions with big numbers of general-purpose brook processors that can perform massively-threaded algorithms for several applications and stand to do so for several digital forensics necessities in theory.

Marziale et al. (2007), noted that GPUs have traditionally been both problematic to program and embattled at very specific problems. More newly, multicore CPUs joined with GPU accelerators have been extensively used in high-performance computing due to better power efficiency and performance/price relation (Zhong et al., 2012). Also, there is now a crowd of integrated GPUs that are on similar silicon die as the CPU, bringing both easier programming models and superior efficiency.

DFaaS[iii]

Digital Forensics as a Facility (DFaaS) is a modern postponement of the traditional digital forensic process. Since 2010, the Netherlands Forensic Institute (NFI) has applied a DFaaS solution to battle the volume of backlogged cases (van Baar et al., 2014). This DFaaS solution receipts care of much of the storage, automation, investigator question in the cases it manages. Van Baar et al. (2014) define the advantages of the present system including efficient resource management, permitting detectives to directly query the data, civilizing the turnaround time between founding a hypothesis in an investigation its confirmation based on the evidence, and enabling easier collaboration between investigators working on the same case through explanation and shared knowledge.

Field-programmable Gate Arrays

FPGAs are combined circuits that can be arranged after manufacture. FPGAs can devise any function that application-specific united circuits can, and offer several advantages over traditional CPUs. FPGAs can adventure inherent algorithmic parallelism (including low-level parallelism), and can frequently achieve results in fewer logic actions linked to traditional general-purpose CPUs, ensuing in faster processing times. FPGAs have newly found submission in areas such as digital signal processing, imaging and video applications, and cryptography. Despite demonstrating desirable characters for digital forensics researchers, they have yet to be subjugated for non-I/O-bound surfaces of digital forensics. Additionally, as SSDs and other technologies comfort the I/O bottleneck, FPGAs stand to be more generally appropriate in digital forensics.

Applying Complementary Cutting Edge Research to Forensics

Present investigation practice includes the analysis of data on separate workstations. As such, the sophistication of the methods that can be virtually employed is limited. Much research has been showing in a variety of areas that have theoretical significance to digital forensics but also have been unreasonable to apply to date. An undertaking towards DFaaS and high-performance figuring, as debated above, offers advantages beyond simply expediting the techniques currently used in forensics investigations, which continue reliant on manual input. It also potentials a situation where this balancing research may almost be brought to tolerate on digital forensic investigations.

Conclusion

In this paper, many present challenges in the field of digital forensics are debated. Each of these tests in separation can pannier the discovery of relevant information for digital investigators and detectives complicated in an assembly of diverse cases needful digital forensic analysis. Mutual, the negative result of these challenges is augmented. The digital evidence backlog is presently in the order of years for many law enforcement agencies worldwide. The forecast distending of case volume shortly will attend to further multiple the backlog problematic – particularly as the volume of evidence from cloud-based and Internet-of-Things sources endure increasing. In terms of research instructions, performs already in place in many Computer Science sub-disciplines hold promise for lecturing these challenges, counting those in distributed, parallel, GPU, and FPGA processing, as well as information retrieval techniques. These research instructions can be practical to digital forensics requirements to help battle the backlog through more efficient distribution of precious digital forensic expert time over the development and excursion of the digital forensic process itself.

Frequently Asked Questions

  1. What are some of the challenges that digital forensic scientists face?
  2. What are the six phases of the forensic investigation process?
  3. What are the six phases of the forensic investigation process?
  4. What are the 5 steps in crime scene investigation?

References


Leave a Reply

Your email address will not be published. Required fields are marked *