August 17, 2010
Logicube Points to New Challenges Posed by the Changing Landscape of Capture and Preservation of Digital Evidence
Increasing Size of HDDs; Growing Sources of Admissible Evidence; Need for Faster Access to Captured Evidence Illuminate Need for New Advances in Digital Forensic Process
CHATSWORTH, Calif. -- When it comes to digital evidence, today’s technologies have combined with a changing landscape to present a critical crossroads – and pose a difficult challenge to investigative teams. eForensics has become a linchpin for resolving crimes that involve digital evidence, and the process is growing more and more complicated, due to the capacities of hard disk drives (HDDs) growing exponentially; the large amounts of potential digital data evidence seen in criminal investigations; the ever-increasing sources from which digital evidence can be obtained; the complex logistics of sharing seized evidence data among forensic analyst teams (in place locally and remotely); rising crime rates and strained budgets that have seen investigative teams shrink in size.
The volume of sources that digital evidence can potentially be taken from has exploded in recent years, as courts are now allowing items such as computer memory files, digital photographs, IM histories, ATM logs, word processing documents, accounting files, spreadsheets, Internet browser histories, databases, computer backups, computer printouts, GPS readouts, and digital video or audio files to be entered into evidence.
On top of this added volume, the increasing size of the hard disk drives that contain much of this information is growing as well – this is a direct reflection of users needing to store and access more and more data of all types. Today’s typical laptop or desktop PCs contain 1TB HDDs, though 2TB HDDs are also available, and analysts report that continued technology development will make 10 TB 3.5-inch HDDs, 5 TB 2.5-inch HDDs and 1 TB 1.8-inch HDDs possible by 2015.
According to industry analysts, the evolution and history of HDDs dictates that the explosive growth in size currently being experienced is all but guaranteed to continue – at a very rapid pace. It took more than 50 years for HDDs to reach 1 TB in size, and, just two years after reaching that milestone that was so long in the making, HDDs are already at double that capacity.
Industry expert and executive vice president and COO of Logicube, Farid Emrani, added that, “Due to many different factors, the industry is definitely seeing an exponential increase in the sheer amount of digital evidence needing to be captured, networked and preserved. It is of critical importance that solutions are available which keep up with current growth, and have the capability to handle future growth as well. The importance of getting the evidence into the hands of investigators who are building a case as quickly as possible cannot be overlooked.”
Forensically preserving digital evidence is key to a successful prosecution, and forensic investigators have several choices when it comes to data capture. They can use a software program on a host computer along with a hardware “write-blocker” (a device that prevents the host computer from modifying the contents of the suspect hard disk) connected to the suspect drive; custom software programs that will read the suspect hard disk without writing directly to the suspect drive; and hardware-based forensic duplicators that combine the functions of a write-blocker and a host computer. Software-based acquisition typically provides much slower transfer rates than hardware-based solutions and can be very expensive to maintain. The increase in drive capacities along with the quantities of hard drives that may need to be imaged for any given investigation make it imperative to shorten the capture process so that investigators can quickly move on to the analysis phase.
With the bulk of the forensic process occurring in the analysis stage, shortening the time it takes to capture the evidence and get it into analysis can save valuable resources. Investigative teams are often short on manpower due to budgetary issues. Doing more with fewer resources has become the mantra of the day, and time management is of even more critical importance. The faster that data can be captured, the faster that it can go into analysis and move further down the judicial process, freeing up investigators to take on the next case. Investigative teams are often located across geographical areas, and the ability to share evidence data so that different personnel can work simultaneously on the same data set is equally important to streamline the entire analysis process.
The impact of today’s new digital evidence landscape is widespread, as eForensics is being tapped by more than just law enforcement. In the private sector, corporations are becoming more diligent about protecting their assets by collecting digital evidence. Government-run operations like the Department of Homeland Security, the Army, FBI, NCIS, the Secret Service, and more also rely heavily upon digital evidence when prosecuting cases.
A pioneer and leader in digital forensics technologies, Logicube believes the answer to the growing complexity faced by investigators is found in a line of hardware solutions that work seamlessly together while addressing discrete capabilities. In other words, according to Logicube, a ‘total solution approach’ where forensic data is captured rapidly, that provides convenient high-capacity forensic storage and connectivity to a network for data preview or transfer, all in a forensically sound, verifiably unaltered manner.
Reflecting upon the current state of the digital forensic field, Emrani commented, “The only constant we can count on is that technology will continue to advance, which pushes the envelope for those of us involved in digital forensics. The good news is that Logicube has the expertise to leverage the advances in technology and develop cutting-edge solutions that can keep step with even the most rapid shifts.”
For more information, please visit www.logicube.com.
Logicube, the industry leader in hard drive and software duplication, back-up and hardware-based computer forensic technologies, was founded in 1997 and offers an extensive line of high-speed, hardware-based solutions. From its corporate headquarters in Chatsworth, CA, the company designs, engineers, manufactures, and distributes its products around the world.
Based on innovative design coupled with state-of-the-art technology, Logicube’s product lines offer power, versatility and dependability which are unequaled in the industry. The company's products are sold directly, as well as through a growing family of international distributors, authorized dealers and selected authorized manufacturer representatives.