Computers Expert Witness On Computer Forensics

In What’s the Future of Computer Forensics?, computers expert witness Steven G. Burgess writes:

As for 5 years from now, I see three things continuing to advance at a rapid clip:

1: Hardware -The size of storage media & memory and the speed of processors.
I expect that in 5 years, computers will come standard with 5TB or more of storage and that portable media like flash drives will carry something like 250GB of data – what the average hard drive was holding one or two years ago. In 5 years, computers will probably be 7 or 8 times faster. So these things will hold lots and lots more data and people will fill them up with lots & lots more data.Therefore, each computer forensics job will require sorting through and analyzing many times more data than today.

2: Computer Forensic Tools – The capabilities, automated nature and cost of computer forensic tools.
I expect that in 5 years, computer forensic tools will be about 5 times as fast, and twice as sophisticated. That means that even with all the additional data, the average, non-automated job will take about the same effort as it does now.

However, a lot of automated tools for collection and initial processing are starting to be released. These tools can be used by less-trained people, so it may be that data collection and preliminary processing will be faster due to automation.

I expect that the cost of computer forensic tools will not go down in relative terms. However, more Open Source forensic tools will be available for free for those willing to learn to use them.

3: Bad guys – Anti-forensics tools & schemes, sophistication of hackers There’s always a race between how harmful software and cyber-marauders can be and the defenses against them. There is also software constantly being developed to stump investigation by erasing or scrambling traces of wrongdoing. This trend will continue to accelerate and there will continue to be an uneasy balance between the two sides, with lots of collateral damage. In most cases, people will continue to forget to hide or cover all of their tracks and there will still usually be evidence to find.

