Monday, August 3, 2009

Computer Forensics Case Assessment and Triage

I received an e-mail linking to an article entitled "Computer Forensics Case Assessment and Triage - some ideas for discussion."


In 1955, in an article in The Economist, Cyril Northcote Parkinson first suggested Parkinson’s Law that “work expands so as to fill the time available for its completion”. At that time he was referring to public administration but today’s corollary to this might be that “computer forensic examinations expand in proportion to the increase in size of forensic units thus maintaining a significant backlog.”

At present, in 2009, it is commonplace for digital forensic units to have a backlog, several as long as twelve months. Many units have increased in size but have still continued to have a backlog and it is suggested that bringing more staff into a unit will not on its own reduce the backlog of work. This paper discusses how cases submitted to units can be assessed and prioritised, and how software triage can be used to target resources more efficiently.

The author invites discussion on this topic and would welcome any comments on how the issues are dealt with within other units."

There's an increasingly strong cross-over between computer forensics techniques and DVR examinations / evidence retrievals. It's worth a look to see what's going on with this issue. Check it out for yourself by clicking here.

No comments: