Tuesday, April 20, 2010

How to Triage Computer Evidence

"If you process digital evidence on a day-to-day basis, chances are those days are booked up for weeks to come. How long, on average, does it take your team to analyze the data in a new case? Security, law enforcement, and corporate computer-forensics departments are stretched beyond their resources; reported backlogs of digital evidence vary but they are often in the eight- to 12-month range or more.

Take a quick glance at why these backlogs exist, and it becomes obvious that things will not get better by simply doing more of the same. The rapid growth of digital devices is readily apparent as netbooks, smart phones, and flash drives have joined desktop computers and laptops as standard computing fare. Underneath the plastic and metal bits is the true, less discernible reason for the backlog scramble: the storage capacity of these devices has grown exponentially. Traditionally, the more storage capacity a device has, the longer it takes to analyze it thoroughly."

Click here to read the rest of the story.


No comments: