Digital forensic tools mature
As many of you know, this is the time of year when we engage the services of my cyber forensic students at Norwich University to conduct testing and to write reviews. This will be the fifth year we have done this, and the results have always been satisfying.
For this month, a typical review team consisted of two students working on a single product for an average of three weeks. We used the Norwich University forensic teaching lab and the computing resources of the university's Center for Advanced Computing and Digital Forensics to build our test beds.
Additionally, I participated directly since digital forensics is my primary area of interest. I supervised the testing and reviewing process. Bottom line is that SC Lab Manager Mike Stephenson got the month off, the products went through a testing “meat grinder,” and the students and I spent quality hands-on time with some really fine products.
The first thing that we discerned is that maturity clearly does not equate to complacency. Over the past year, there have been numerous creative features added to just about every product that we reviewed.
The second trend we uncovered was that there were few point solutions to narrow individual problems. The tools we saw did more and covered more types of digital forensic analysis than in years past. I interpret this development to suggest that point solutions are becoming less popular as the digital forensic landscape becomes more generalized. By that I mean that a given incident requiring digital forensic analysis is likely to include computers, networks, mobile devices and malware.
The third thing that impressed me was the inclusion of case management in this year's set of products. A solid case management tool has been conspicuously absent in prior years, and digital investigators often are expected to create some form of manual case management or figure out a way to warp a case management tool that is not meant for the unique requirements of digital investigation.
Overall, this was a banner month. We hope that if you are looking at forensic tools – as many are these days – you will find something here that aids your search. While law enforcement still is a healthy market for these tools, one thing is certain in today's digital environment: Digital forensics is not just for law enforcement anymore. Enjoy!