Published in


Challenges of Digital Forensics

DFI Part - 5

“It is of the highest importance in the art of detection to be able to recognize, out of a several of facts, which are incidental and which vital” - Sherlock Holmes

Rightly said by Sherlock Holmes, because when you make mistakes in recognizing facts then it may lead to inconclusive case. So today, let’s look at challenges in the Digital forensics .

During the digital investigations, investigators face many challenges, including but not limited to :

  • Legal Issues
  • Challenges with acquisition
  • Evidence type
  • Data hiding and encryption techniques
  • Size and distribution of the evidence.

Legal Challenges

Investigators need to ensure that evidence will be admissible or presentable in court. Guaranteeing admissibility starts with following the scope of a search warrant. For instance, the warrant may be issued for a particular device or a particular type of file within a computer. This means other collected artifacts are not included in the warrant and will be inadmissible. Unless included in another warrant.

Evidence Acquisition

The evidence may be in a device with unsupported interfaces or an operating system.

The evidence volume size is very large. Large size can lead acquisition run up to 2–3 days.

In some case, the investigator cannot power off the device or need to perform a remote acquisition.

Memory-only malware, these malicious programs load themselves into RAM, leaving no evidence of their existence on a hard disk. The solution is to capture the RAM of the system or to conduct live analysis of the system.

Keep in mind that acquiring RAM does not always get everything as it is constantly changing. Also, the live analysis could become very difficult if the device productivity and operations are still in use.

Type of Digital Evidence

With rapid changes in technology comes the possibility that the tools and methods used in current forensics investigations might not work in the future.

Digital devices are evolving on a yearly (some even less than that) basis with new versions and operating systems. With this comes a large variety of application versions and file formats used within each new version. Analyzing each application may require different tool !

Data Hiding and Encryption Techniques

The protection of personal data using various hiding techniques, such as encryption or steganography, is being used more and more by the average user, which adds another challenge for the analyst to retrieve digital artifacts.

Size and Distribution of Digital Evidence

It may be the biggest challenge for Digital Forensics Investigator who have to analyze a large amount of data within a limited time frame and sometimes even within limited resources !.

In some cases, you may encounter data with large size to analyze, and it is impossible to create a forensics image of this evidence. The solution is to define the relevant evidence to be collected or at least those that help in incriminating or exonerating the suspect.

Evidence Dynamic

Evidence Dynamic is any action that may modify, relocate, obscure, or erase the evidence from the time the evidence is transferred until the case ends. Either this action was intentional or accidental.

For example, a suspect may intentionally delete a file, overwrite data, or encrypt incriminating data. On the other hand, a system administrator may try to remediate an incident, but accidentally corrupt critical evidence. Other examples include but are not limited to mistakes done by forensics examiners or nature/weather.

At last before concluding i would just like to quote Sherlock Holmes again -

It is the first quality of a criminal investigator that he should see through a disguise”.

That’s all for now, I will be coming up with more such short articles on Digital Forensics. Stay tuned …..

Till then,




We here aim at providing Knowledge related to Cyber Security , Digital Forensics and Solutions to several Practicing Platform along with Some Programming Language Related Stuffs.

Recommended from Medium

Berty team at IPFS Camp, June 2019

Beefy Cross-Community Christmas Lottery


The danger of world writable NFS shares

EtherAddressLookup v1.23 Now Available — No More Fake YouTube Live Scams!

How TLS Secures Communications

What happens when you type a URL on the browser and press Enter

Hashing & Salting Part 3

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Yash Gorasiya

Yash Gorasiya


More from Medium

SOC145 — Ransomware Detected ( step-by-step analysis

What is Cyber Security?

Weekly newsletter on Cybersecurity (DevSecOps) — Issue #3

The Human Factor 👤 & BlackCat Ransomware 🐈