Digital forensics tools are crucial in the modern world but, as the volume of data grows, it’s an area which is becoming more and more challenging. Tod Ewasko, Vice President of Technical Engineering at AccessData, tells us why existing solutions are falling short and how Artificial Intelligence could herald a new era for digital forensics.
Why existing IT solutions are falling short
It’s challenging times for organisations and professionals engaged in forensic analysis and e-discovery. Investigations are multiplying and diversifying – there are more of them and new types of cases arise all the time.
Spurred by global trends such as BYOD (bring your own device) proliferating privacy regulation and cloud computing, the environment for conducting effective investigations has become increasingly complex and more difficult to negotiate than ever before.
Across all sectors, investigations are becoming more collaborative, now frequently drawing in staff from HR and other departments who are not legal professionals but need to interact with forensic technologies.
What this means is that existing forensic tools and technologies can’t always provide the kind of performance needed to keep up with the growing investigation load and can’t accommodate the changing nature of how investigations must be managed.
Forensics professionals are confronting much larger data loads, with new, complex information types tapped from a growing diversity of sources. As volumes and complexity increase, meeting deadlines and reaching beneficial outcomes becomes more difficult.
The challenges aren’t limited by industry, either. Whether it’s corporations, public sector organisations, law firms or service providers, they are all affected by a backlog of data and the need for collaboration, as well as ever evolving information types.
Today’s corporations are dealing with enormous amounts of digital data, all being shared among teams, departments, global locations and devices. Even in industries as varied as healthcare to finance to energy, enterprises need to manage digital investigations and e-discovery faster, more efficiently and more securely, while reducing cost.
Additionally, varying data privacy regulations, as well as regional risks and communication practices, must all be taken into consideration to ensure data security and improved efficiency. Finding tools to help you create the appropriate balance between collecting relevant evidence for investigations and maintaining privacy rights should be a priority.
Public sector organisations are perennially challenged by cash-strapped budgets as well as an increased backlog from growing, more complex caseloads.
More than ever, it’s critical that teams can zero in on relevant evidence fast and build cases to fight fraud and other crimes endemic to government and the public sector.
What’s needed are tools to locate and analyse data often unavailable through conventional processes, allowing examiners and investigators to collect key evidence quickly and with confidence.
Law firms want to better serve their clients by simplifying their e-discovery processes and reducing costs. This can be a tough challenge with today’s caseloads where millions of documents and terabytes of data are commonplace.
To make e-discovery more efficient, you need access to integrated tools for processing, review and case organisation. And you need a real-time review platform that allows secure collaboration, regardless of where any member of the litigation team is located.
Multinational service providers, consultants and accounting organisations have unique business challenges that cut across the corporate and legal world. Like law firms, service providers need to be able to carry out complex e-discovery projects.
They’re also expected to provide expert support for international compliance efforts. As such, there’s an urgent need for tools that can support globally dispersed investigatory teams and real-time collaboration. And as with large enterprises, service providers need to balance evidence collection and privacy rights.
Surely what’s needed are new solutions – more powerful, flexible forensic technologies that can handle big, diverse data loads faster than existing platforms. But it’s not just about more processing power. Investigators in any industry or sector need better indexing, higher scalability and nimbler collection capabilities. Just as important, today’s solutions must accommodate the changing nature of investigations and empower diversifying teams. More than anything, today’s solutions need to be smarter.
The changing nature of investigations – breaches, regulations and IoT
Executives are becoming more focused on data security in light of high-profile data breaches that have tarnished brands such as Facebook, Google, Marriott, British Airways and dozens of other tech and consumer brands in recent years.
Additionally, data privacy legislation such as the EU’s GDPR and state-level regulations in the US are driving greater awareness of security issues and leading to more investigation activity. Increasingly, C-level executives want reassurance from their cybersecurity teams that their data is secure and the company is compliant.
The way forward – cross-team collaboration
There’s growing consensus that effective collaboration is a key to success when managing investigations. No longer can teams work in metaphorical silos as the data that must be collected expands to different teams and devices. This holds true for forensic investigations whether at the corporate level or in the public sector.
At the same time, with HR, compliance and legal playing a more active role in data preservation, as well as collection and analysis as part of investigations, organisations need to facilitate better collaboration between teams.
The need is especially acute when outside counsel, law firms or service providers are brought into an investigation. Given these realities, decision-makers are increasingly demanding integrated tools that enable and foster that collaboration without requiring unnecessary data movement, longer timeframes or higher costs.
Technologies optimised to meet emerging challenges
To conduct successful investigations in today’s challenging environment, you need an end-to-end solution that will enable investigators to find relevant evidence as quickly as possible.
What to look for in a core platform:
- Speed and stability: Distributed processing and the ability to leverage multi-thread/multi-core computers to realise full potential of hardware resources.
- Up-front indexing for more efficient filtering and searching: The difference is that whether you’re investigating or performing document review, you have a shared index file, eliminating the need to recreate or duplicate files.
- Built on a single unified database: Single data store ensures that your data doesn’t have to move between separate, disparate platforms and products, thereby introducing risk and potentially disrupting the chain of custody.
What to look for in digital forensics:
Forensic investigations today frequently need to cut across distributed digital teams, with an overwhelming amount of data to process. From multiple office locations, to massive employee pools and remote workers, investigators need enterprise tool sets that provide deep visibility into live data directly at the endpoint, helping you conduct faster, more targeted enterprise-wide, post-breach HR and compliance investigations.
The way forward – The promise of Artificial Intelligence
The shifting nature of investigative challenges – more of them and of ever-increasing complexity – has drawn a logical response from technology developers serving the space.
We see this in new integrated investigatory systems that offer faster processing capabilities, more powerful databases, higher scalability and tighter team integration for more effective collaboration.
All of these have advanced the cause for dedicated investigative professionals as well as their colleagues in HR, IT, and others who frequently contribute to investigations. But where the future of automated digital forensic tools truly lays is in Machine Learning and Artificial Intelligence (AI).
The nature of Machine Learning is that through repetition and observation over time, solutions can deliver faster performance and improved outcomes. In the context of digital forensics, we’re seeing that with these new technologies investigative teams can be empowered at every skill level to conduct and close more accurate, advanced investigations on shorter timeframes.
The performance of the digital forensic tools you already know and trust gets elevated, providing even greater control over the way you process, locate, analyse and report on key pieces of data.
The difference Machine Learning can make has effects across the investigative spectrum:
- Exert greater control over visual data
Integrated visualisations, including timelines, maps, charts and social communications analysis, along with image recognition, including facial recognition from a single photo, power lightning-fast reviews.
- Reveal connections and discover insights
Advanced tools make it easy to search data across cases and develop deep cross-evidence insights; analyse volumes of information quickly and make large, diverse data sets more digestible.
- Guide current and future investigations
Machine Learning capabilities make it possible to monitor every step to help surface more accurate and relevant findings, faster; maximise resources with available tools for establishing workflows, automating tasks and collaborating across teams.