As in many domains, there is increasing agreement in the user and research community that digital forensics analysts would benefit from the extension, development and application of advanced techniques in performing large scale and heterogeneous data analysis. Modem digital forensics analysis of cyber-crimes and cyber-enabled crimes often requires scrutiny of massive amounts of data. For example, a case involving network compromise across multiple enterprises might require forensic analysis of numerous sets of network logs and computer hard drives, potentially involving 100's of gigabytes of heterogeneous data, or even terabytes or petabytes of data. Also, the goal for forensic analysis is to not only determine whether the illicit activity being considered is taking place, but also to identify the source of the activity and the full extent of the compromise or impact on the local network. Even after this analysis, there remains the challenge of using the results in subsequent criminal and civil processes. Given this enormous volume of data, new tools and techniques are needed in order to analyze and resolve this data in the form of a forensic analysis. Currently, much digital data goes completely unanalyzed due to the time requirements imposed by their analysis. Thus, many researchers are exploring novel techniques for the analysis of digital data to more efficiently and effectively understand the extent of cyber-crimes and cyber-enabled crimes. In addition to the analysis of the digital data itself, there is an equally pressing issue as to whether or not the techniques being developed are incorporating the capabilities needed for the application to criminal and civil processes. For instance, is the analysis process reproducible, demonstrable, and validatable? Is the analysis process following accepted forensic analysis requirements? When presented in court, will opposing council be able to successfully attack the credibility of the presented material, and the foundation for the evidence's construction, or will these materials pass muster of acceptability?
展开▼
