8Challenges in Digital Forensics
Katrin Franke1 and André Årnes2
1Norwegian University of Science and Technology (NTNU), Gjøvik, Norway
2Norwegian University of Science and Technology (NTNU), Gjøvik, Norway; and Telenor Group, Oslo, Norway
One of the key challenges in digital forensics today is the huge amounts of unstructured data, often with inherent uncertainties and errors. Based on the chapters in this textbook, it should be clear that each phase of the digital forensics process can be very time and resource demanding, often exceeding the time and resources available for the investigation. Due to this, there has been substantial interest in leveraging big data, automation, and computational methods as part of the forensic process. For example:
- The identification phase can be supported by intelligent detection and identification methods.
- The collection phase can be supported by automated remote evidence acquisition tools with built-in evidence integrity assurance.
- The examination phase can be supported by automated data recovery and data reduction.
- The analysis phase can leverage computational methods and machine learning to identify patterns and data of interest in evidence.
- The presentation phase can benefit from a wide range of visualization tools, as well as built-in report generation.
In this chapter, we will give a brief introduction to some open research topics, mainly based on research at the Norwegian Information Security Laboratory (NISLab). The purpose of this ...