Digital forensic tools mature

Share this article:
SIEM City
SIEM City

As many of you know, this is the time of year when we engage the services of my cyber forensic students at Norwich University to conduct testing and to write reviews. This will be the fifth year we have done this, and the results have always been satisfying. 

For this month, a typical review team consisted of two students working on a single product for an average of three weeks. We used the Norwich University forensic teaching lab and the computing resources of the university's Center for Advanced Computing and Digital Forensics to build our test beds. 

Additionally, I participated directly since digital forensics is my primary area of interest. I supervised the testing and reviewing process. Bottom line is that SC Lab Manager Mike Stephenson got the month off, the products went through a testing “meat grinder,” and the students and I spent quality hands-on time with some really fine products. 

The first thing that we discerned is that maturity clearly does not equate to complacency. Over the past year, there have been numerous creative features added to just about every product that we reviewed.

The second trend we uncovered was that there were few point solutions to narrow individual problems. The tools we saw did more and covered more types of digital forensic analysis than in years past. I interpret this development to suggest that point solutions are becoming less popular as the digital forensic landscape becomes more generalized. By that I mean that a given incident requiring digital forensic analysis is likely to include computers, networks, mobile devices and malware

The third thing that impressed me was the inclusion of case management in this year's set of products. A solid case management tool has been conspicuously absent in prior years, and digital investigators often are expected to create some form of manual case management or figure out a way to warp a case management tool that is not meant for the unique requirements of digital investigation.

Overall, this was a banner month. We hope that if you are looking at forensic tools – as many are these days – you will find something here that aids your search. While law enforcement still is a healthy market for these tools, one thing is certain in today's digital environment: Digital forensics is not just for law enforcement anymore. Enjoy!

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in Reviews

Protecting email both ways

Protecting email both ways

Protecting your organization from attacks brought into the system by email is an ongoing challenge, says Peter Stephenson, technology editor.

Attestation at its best

Attestation at its best

Private Core vCage protects systems. It's a little complicated under the covers, but in practical use is simplicity itself.

Mobile devices are the new endpoints...and both need protecting

Mobile devices are the new endpoints...and both need ...

The use of social media spreads throughout the internet and cares little if the participants are Joe and Jane or the Massive Big Company. They're all swimming in the same ...