Technology has become the industry of more growth, even more than the energy, finance, healthcare, and manufacturing industry sectors. ***COMPTIA*** And, not only this, it is also part of every other industry. It’s impossible to assimilate a world without technology present on a daily basis. But as technology grows for our benefit, also the ways to use it for crimes grow. It’s being used as a tool to perform crimes, like identity theft, money laundry, terrorism, child pornography, among others. Digital forensics has become an indispensable field in the actuality as the need to deal with these types of crime rises.
Digital Forensics can be defined as the process of uncovering and interpreting electronic data. The goal of the process is to preserve any evidence in its most original form while performing a structured investigation by collecting, identifying and validating the digital information for the purpose of reconstructing past events.** Citation** In order for a digital forensics investigator to accomplish this, it is important that this field keep pace with the technology innovations. It is for that that to know the industry trends is vital.
As per research, the latest digital forensics trends identified are Internet-of-Things (IoT) platforms, cloud data storage, and volatile data collection and analysis. IoT forensics may be seen as a great challenge but it may use for good in the digital forensics field. The problems found in regards to IoT are the lack of strong regulations, in which encryption and privacy suffer, and the complexity and diversity of the platforms may make difficult the data acquirement. From the information recollected, from the digital forensics perspective, with the right tools and expertise, it would be a great source of information that may be vital evidence. IoT is present in so many ways and it is always in the background collecting all kind of information. **CITATION*> Regarding information assurance and the need of make the data obtained legally strong availability, authenticity and non-repudiation, are areas of improvement for IoT.
Volatile collection and analysis is a new trend and it may go in hand with “live” investigations. It makes emphasis on the importance of this type of evidence that it was ignored before. For example, the information that can be extracted from the RAM is considered volatile. Once a computer is off, all of that information would be gone and there may reside essential evidence for your case investigation.
The most important trend in the digital forensics industry is the performance of “live or on-the-spot investigations. In the past, it was vital for the investigator to collect the entire computer or equipment in order to copy the data from the memory to analyze it and use it as evidence. It was handled in the way that the system needed to be shutdown without any kind of alteration, and then a copy of the data in it was extracted, keeping its integrity. But that’s basically in the past. Technology has evolved way too much for it to be practical or useful. With live investigations it is possible to access the computer, server, or equipment needed, remotely, being able to access the registry, cache, and data required. There are many reasons on why this is so useful, and preferable in contrast with the old practices of digital forensics.
First of all, technology has made possible for the world to be connected, meaning that a single company can have offices and computers around the world, sharing a network. If someone in a company is suspected of accessing or corrupting some information, it would be smart, in a economic perspective, to be able to access the user computer from the distance, without the necessity of sending the specialist all the way across the world. Now, when there’s a suspicion of a security breach or a crime, the way to go should be a live investigation. No matter where the investigator or specialist in charge of the investigation is, the person would be able to access everything.
Another argument is encryption. The use of data encryption is rising. Most companies and individuals utilized encryption to protect their information. Most of the times, once a computer a shot down it may encrypt the files needed for the investigation. It doesn’t mean that it would be impossible to access them but it would be harder and the data may get corrupted in the process.
As well, a good reason for live investigations to be a go to is the new cloud storage era. Everything is stored in the cloud right now. As for 2016, 93% of organizations where using some kind of cloud storage. Companies and regular people are opting to pay a small fee, or sometimes even for a free service of cloud storage. This means that there’s no physical equipment to verify. Yes, the cloud is more like an idea and yes, there are servers with the information but it’s not the user property and it’s a whole other protocol. If what needs to be done it to access the data for evidence or to analyze it, the way to do it is remote. Then it can be identified and presented as evidence.
The third reason for live investigations would be the increase of data sizes. There can be a user that is using company data storage for criminal purposes and that server can be terabytes of size. The equipment utilized for the investigator would not make possible to seize the data for further analysis.