Computer forensics is becoming an increasing important field as technology continues to bring the world closer. This literature review assesses the new developments and challenges in the field of computer forensics with the goal of identifying potential strengths and weaknesses. The evidence presented here illustrates that technology and cyber-crime are intertwined, and it will take a continuous effort to maintain effective digital forensics. This study will be useful to any further study of computer forensics.
Digital security and computer forensics is an area of growing concern for the entire world. As the phenomenon of cyber-crime continues to expand, the need to recover and use evidence to thwart crime increases. With a consistent process of development and innovation responsible for pushing the limits of technology, the need to examine and assess the newest developments and challenges in the digital forensics field is a critical exercise. This literature review will address the issue beginning with a brief overview of the need for digital forensics alongside a review of the emerging trends.
The emerging field of computer forensics address issues that arise following the commission of a digital crime (Forensics.nl. 2013). Computer forensics describes the efforts involved in recovery of digital, or computer data and utilizing this as a form of evidence in an investigation. This field of criminal activity covers computers and electronic malfeasance with the stated goal of conducting a structured investigation in order to determine what exactly happened on the suspect digital system (Crime-research.org. 2013). There are three phases to a computer forensic investigation including the acquisition of evidence, analysis of evidence and the generation of a report on the evidence (Forensics.nl. 2013). In this age, most cyber or computer criminals will leave a footprint behind as they trespass; it is the role of computer forensics to determine how that was done. The increasing ease of access to very complex technology makes this task increasingly difficult.
Recognizing the challenge to the existing digital enforcement system, agencies around the world are upgrading their computer forensics unit due to the rising rate of digital crime (Crime-research.org. 2013). With cyber-crime being viewed as a threat to national infrastructure, the need to prioritize the defence against this form of crime is paramount to many governments. A new development in the forensics industry is emerging organisations including F3 that are beginning to address the issues by creating an active forum for computer users to access the latest forensics information and trends (F3.org.uk. 2013). These organisations have been credited with undermining the efforts of several regulatory authorities by providing security information to the general public (Ariu, Giacinto and Roli 2011). Lacking any overriding enforcement or regulatory procedure, cyber-crime and how to deal with it is left up to individual nations, which in turn weakens the overall effort. There are several new developments in the field of computer forensics that are emerging security concerns (Ibid).
Developing Forensic Concerns
The next generation of computer technology is bringing a greater threat of computer centred crime (Garfinkel 2010). Lacking a global effort to produce a coordinated standardized counter strategy, the next ten years of technology development has the potential to radically outpace the law enforcement mechanisms (Ibid). However this concept of a standard platform is argued to be an easy platform for cyber criminals to infiltrate (Pilli, Joshi and Niyogi 2010). Reilly, Wren and Berry (2010) illustrate the point that emerging technology is providing as many opportunities for enforcement as it is for digital malfeasance, making it critical to consistently upgrade technology in order to stay current. Others point out that this increase in technology is hard to master, making implementation very difficult (Pilli, Joshi and Niyogi 2010). This indicates that security is dependent on the unique company, and individual budgets may not be sufficient to maintain pace with development (Pilli, Joshi, and Niyogi 2010). With no continuous outreach in this area of security, the capacity to accomplish meaningful computer forensics is diminished as well as the potential to lose sensitive information. The next generation of challenges rests in the emergence of technology.
Cloud computing is quickly emerging as a security challenge for computer forensics due to privacy and legality concerns (Accorsi and Ruan 2012). Others argue that remote servers have the capacity to increase security in several cases using emerging technology in order to better serve consumers (Reilly, Wren, and Berry 2010). Cloud computing allows users to keep information and data, of all varieties, on remote servers. Cyber criminals are turning to these areas more and more in their efforts to co-opt personal information in the pursuit of crime (Accorsi and Ruan 2012). Cloud server companies often dispute the claim of vulnerability and cite increased security statistics (Reilly, Wren and Berry 2010). The combined elements of cost reduction and ease of access are driving the industry to expand at a very challenging rate for digital forensics to match.
The drive to implement a standard for oversight and enforcement is a significant challenge for digital forensics (Accorsi and Ruan 2012). Many who argue for the standardization cite the reduction in safety concerns as decreasing overall implementation cost (Reilly, Wren and Berry 2010).Others demonstrate that a standard system is increasingly vulnerable to risk factors (Accorsi and Ruan 2012). Each unique server and company will have the responsibility to upgrade their elements in order to aid in the digital forensic requirements of the modern and emerging era (Reilly, Wren, and Berry 2010). This leads to the recognition of larger issues that must be dealt with in order to achieve progress.
Another field of digital forensic challenges rests in the sheer quantity of data that must be analysed in order to justify the expense of resources (Garfinkel 2013). As the global market for electronics continues to grow and become incorporated into daily life, the number of opportunities for cyber-crime will climb. However, many companies cite the presence of emerging technology has being able to cope with the mass of information (Accorsi and Ruan 2012). The area of machine learning in computers has the potential to alleviate much of the tedious work that digital forensics entails (Ariu, Giacinto and Roli 2011). However, machine learning has been argued to produce security issues that could further complicate the digital forensics task at hand (Garfinkel 2013). Much of the issues of security have the potential to be resolved with the implementation of a wide ranging standard (Ibid). A published standard is argued to be more vulnerable and predictable than the piece meal approach used today (Casey 2004). While a good idea a standard substantially increases the overall risk factors.
As opposed to the area of cloud computing the areas of quantity and network forensics stands to become a primary area of concern as companies and individuals employ the technology for gain (Pilli, Joshi and Niyogi 2010). The development of Network Forensic Analysis Tools, or NFATs, is a challenge that must be met by regulators and oversight entities in order to minimize the fundamental impact of cyber-crime. Others illustrate that these same tools hold the potential to be turned against a standardized system (Ariu, Giacinto and Roli 2011). There needs to be a balance between oversight and individual freedoms as regards privacy and security.
The area of digital forensics is facing many new challenges going into the next generation. There is a need to balance the rights of the individual with those of the enforcement agencies. Further, the lack of a standard regulation around the world makes any long term enforcement prospect dim. At the same time, any implementation of a wide ranging standard runs the risk of becoming easy to corrupt, thereby raising even more digital issues. The area of Cloud Computing, due to the low cost to consumer and easy accessibility is a primary concern for the area of digital forensics. With challenges ranging from the acquisition to the processing to the legalities of the use of the data acquired form this market, there is a real sense of urgency in the drive to rein in cyber-crime. Each of these factors makes the market attractive to cyber-crime and a continuous challenge for digital forensics.
Further areas of development and increasing challenge rest in the processing of high quantities of data and the accompanying levels of security present on any single network. In each case of computer forensics in these areas there is a critical need to continuously update or risk the threat of being overrun by the sheer numbers. There is a need to innovate in order for computer forensics to recover and utilize evidence in the face of an ever increasingly complex digital world.
Accorsi, R. and Ruan, K. 2012. Challenges of Cloud Forensics: A Survey of the Missing Capabilities. Cybercrime, p. 32.
Ariu, D., Giacinto, G. and Roli, F. 2011. Machine learning in computer forensics (and the lessons learned from machine learning in computer security). pp. 99–104.
Casey, E. 2004. Digital evidence and computer crime. London: Academic Press.
Crime-research.org. 2013. Computer Crime Research Centre – Daily news about computer crime, internet fraud and cyber terrorism. [online] Available at: http://www.crime-research.org/ [Accessed: 10 Dec 2013].
F3.org.uk. 2013. F3 – The First Forensic Forum | Uniting digital forensic practitioners. [online] Available at: https://www.f3.org.uk/ [Accessed: 10 Dec 2013].
Forensics.nl. 2013. Computer Forensics, Cybercrime and Steganography Resources. [online] Available at: http://www.forensics.nl/ [Accessed: 10 Dec 2013].
Garfinkel, S. 2010. Digital forensics research: The next 10 years. Digital Investigation, 7 pp. 64–73.
Garfinkel, S. 2013. Digital Forensics Modern crime often leaves an electronic trail. Finding and preserving that evidence requires careful methods as well as technical skill. AMERICAN SCIENTIST, 101 (5), pp. 370–377.
Pilli, E., Joshi, R. and Niyogi, R. 2010. Network forensic frameworks: Survey and research challenges. Digital Investigation, 7 (1), pp. 14–27.
Reilly, D., Wren, C. and Berry, T. 2010. Cloud computing: Forensic challenges for law enforcement. pp. 1–7.