Digital forensic tools mature

Share this article:
SIEM City
SIEM City

As many of you know, this is the time of year when we engage the services of my cyber forensic students at Norwich University to conduct testing and to write reviews. This will be the fifth year we have done this, and the results have always been satisfying. 

For this month, a typical review team consisted of two students working on a single product for an average of three weeks. We used the Norwich University forensic teaching lab and the computing resources of the university's Center for Advanced Computing and Digital Forensics to build our test beds. 

Additionally, I participated directly since digital forensics is my primary area of interest. I supervised the testing and reviewing process. Bottom line is that SC Lab Manager Mike Stephenson got the month off, the products went through a testing “meat grinder,” and the students and I spent quality hands-on time with some really fine products. 

The first thing that we discerned is that maturity clearly does not equate to complacency. Over the past year, there have been numerous creative features added to just about every product that we reviewed.

The second trend we uncovered was that there were few point solutions to narrow individual problems. The tools we saw did more and covered more types of digital forensic analysis than in years past. I interpret this development to suggest that point solutions are becoming less popular as the digital forensic landscape becomes more generalized. By that I mean that a given incident requiring digital forensic analysis is likely to include computers, networks, mobile devices and malware

The third thing that impressed me was the inclusion of case management in this year's set of products. A solid case management tool has been conspicuously absent in prior years, and digital investigators often are expected to create some form of manual case management or figure out a way to warp a case management tool that is not meant for the unique requirements of digital investigation.

Overall, this was a banner month. We hope that if you are looking at forensic tools – as many are these days – you will find something here that aids your search. While law enforcement still is a healthy market for these tools, one thing is certain in today's digital environment: Digital forensics is not just for law enforcement anymore. Enjoy!

Share this article:

Sign up to our newsletters

More in Reviews

The more things change...

The more things change...

SIEMs today are powerful beasts and they are necessary - if not always sufficient - for the protection of your enterprise.

UTMs are still defining themselves

UTMs are still defining themselves

A few years back, I boldly predicted that UTMs would merge into a single product type with gateways and SIEMs. Boy, did I get that wrong!

Pen testing or hacking?

Pen testing or hacking?

We are "ethical hackers" or "white hat hackers." We are penetration testers. Never let us be aligned with the mass media's view of hackers.