Editor's Desk | Live forensics
Computer forensics, much like more traditional forensics, is an art as much as a science. Its practice demands a detective's intuition and a technician's know-how. Only in this case, it's to discern digital clues from the inner workings of electronic file systems.
As more of the world's work'and opportunities for criminal activity'take place on networked computing systems, the need for computer forensics experts is growing exponentially.
That's putting new and increasing demands on, and within, government. Law enforcement agencies have the most obvious burden. But the Defense Department, as we report in this issue, is also seeing a rising need for digital forensics teams. Then there are the overseers of financial and commercial sectors, not to mention the government itself, where fraud and abuse are increasingly taking electronic form.
Few can doubt we are facing a potential tidal wave of digital investigations.
On the surface, the implications are clear: We'll not only need to recruit and train a new subindustry of digital forensics sleuths, but also gear up for a tremendous amount of data storage that will be required to stage casework and maintain evidence. No doubt, too, we'll see new strains on the legal system as it attempts to adapt the language of physical evidence and apply it to wrongdoings in cyberspace.
The real challenge, though, will be the move from postmortem to real-time investigations. Cybercriminals and abusers enjoy many advantages: the portability of terabyte hard drives, the ability to access networks anywhere in the world, the means to spoof system logs, and most of all, the speed with which they can cut and run. Critical state information can vanish forever just from pulling the computer plug.
These and other factors are placing a new world of demands on investigators. It's increasingly clear: The emerging art and science of digital forensics will involve becoming adept at collecting live evidence, not just digital footprints.