Member-only story
Maintaining Digital Forensics’ Integrity in the Age of Automation
When the term “push button forensics” was coined 10+ years ago, it was a sarcastic pejorative. A lot of forensic examiners resisted vendors’ efforts to automate the acquisition and analysis of digital data. They believed automation would make it harder to document, validate, and thus defend their science in a court of law.
That started to change as hard disk drives reached the 1TB range and the iPhone led the way for a new breed of smartphone. Not only were storage sizes increasing; the number of storage media — phones, gaming devices, external drives, USB sticks, etc. — being seized climbed, too. Forensic labs ended up with backlogs, some as severe as several months. That delayed investigations, which could impact criminal defendants’ right to a speedy trial.
“The number of people available who can manually sort through the complex evidence isn’t keeping pace,” blogged David Kovar in late 2009 — the year the United States’ Great Recession tightened both public- and private-sector belts, limiting labs’ ability to hire and train more people.
At the time, Kovar and Dark Reading’s John Sawyer saw opportunity. Forensic practitioners could employ a two-tier system already in use in law and private investigation practices: give the automated work to junior associates, leaving the analysis…
