In Forensic IT currently we have the next seven long term challenges :
- big data
- number of students in ICT
- different formats
- presenting complicated evidence in court
- big data
The issue with big data is that cases are growing rapidly. If all data from a person is collected in a case, the amount grow rapidly, also due to multimedia and fast datalinks. Currently indexing over 100 Petabyte is not easy, also HADOOP has issues with it and new solutions are developed by social networks such as facebook. Indexing video data is also not easy. Filtering is important, and triage is one of the solutions. Cloud computing is an issue here, since often the data is available in other states with different jurisdictions.
Issues with malware developers is that it is difficult to investigate. Zero day exploits can be seen more often, and botnets and other attacks of many systems such as SCADA, are an issue. Malware on mobile phones is so common that the FBI placed a warning. Lawyers might use it as defense. Even medical devices can be infected by malware. Also people claim that governments develop malware.
3. number of students in ICT
ICT and related studies are not very popular, so it is difficult to fill all vacancies. Software engineers are difficult to hire, and are needed for all developments.
With encryption methods getting more sophisticated and also implemented in hardware such as SSD-disks, live forensics methods are the choice instead of trying to break the keys. However live systems should be shielded from network communication, since it is possible to remotely wipe systems.
5. different formats
Many developers will make new file formats which deviate from the file format, and use coding which is not public. Analysing and repairing them is important. The golden age as Simon Garfinkel mentioned is over, and we will enter a digital forensic crisis.
There are many hardware manufacturers as well as software developments. It is hard to keep up with developments and have methods available for doing a forensic analysis. Mobile device forensics with chip extraction is an option, however remains time consuming and expensive.
7. presenting complicated evidence in court
Often digital evidence especially in hacking cases is difficult to interpret for juries and judges. The challenge for the forensic examiner is to present the evidence in court such that it is acceptable. Many times new methods have to be developed and validated for the court, and also privacy laws have to be taken care of.