8Challenges in Digital Forensics

Katrin Franke1 and André Årnes2

1Norwegian University of Science and Technology (NTNU), Gjøvik, Norway

2Norwegian University of Science and Technology (NTNU), Gjøvik, Norway; and Telenor Group, Oslo, Norway

One of the key challenges in digital forensics today is the huge amounts of unstructured data, often with inherent uncertainties and errors. Based on the chapters in this textbook, it should be clear that each phase of the digital forensics process can be very time and resource demanding, often exceeding the time and resources available for the investigation. Due to this, there has been substantial interest in leveraging big data, automation, and computational methods as part of the forensic process. For example:

  • The identification phase can be supported by intelligent detection and identification methods.
  • The collection phase can be supported by automated remote evidence acquisition tools with built-in evidence integrity assurance.
  • The examination phase can be supported by automated data recovery and data reduction.
  • The analysis phase can leverage computational methods and machine learning to identify patterns and data of interest in evidence.
  • The presentation phase can benefit from a wide range of visualization tools, as well as built-in report generation.

In this chapter, we will give a brief introduction to some open research topics, mainly based on research at the Norwegian Information Security Laboratory (NISLab). The purpose of this ...

Get Digital Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.