Thursday, December 23, 2010

Pre-Emptive Digital Forensics Research

by Chris Hargreaves

Chris Hargreaves
About the Author

Dr Chris Hargreaves is a lecturer at the Centre for Forensic Computing at Cranfield University in Shrivenham, UK.

In August 2010 it was announced that Google Wave would not be continuing as a stand-alone product, having been available to the general public for just 2-3 months. In that time period, it is unlikely that much research had begun into the digital artefacts left by Google Wave. However, if an investigation of a machine from that time-period required an examination of a suspect’s use of Google Wave, such research would need to be retrospectively carried out. This article discusses the advantages and disadvantages of pre-emptive and reactive digital forensics research.

Predicting the future is quite hard. This can be evidenced by the many quotes that are used as examples of failed predictions. Unfortunately the provenance of some of these quotes is questionable, but many are attributable:

“This ‘telephone’ has too many shortcomings to be seriously considered as a means of communication”, Western Union (1878)
“Heavier-than-air flying machines are impossible”, Lord Kelvin (1895)
“A rocket will never be able to leave the Earth’s atmosphere”, New York Times, (1936)
“I think there is a world market for about five computers", Thomas J. Watson (1943)
"Computers in the future may weigh no more than 1.5 tons", Popular Mechanics (1949)
“There is no reason anyone would want a computer in their home", Ken Olson (1977)
”640K ought to be enough for anybody”, Bill Gates (1981)

Despite the difficulty in predicting the success or failure of a particular technology, this is precisely what is required in order to conduct pre-emptive research in digital forensics. In this article, pre-emptive research refers to any research conducted that is not in response to a current investigation and is conducted in order to acquire some knowledge in advance of encountering a particular technology in a real investigation. Reactive research is the opposite, and is research that is conducted during an investigation in response to encountering some artefacts left by a suspect’s use of a particular technology...


No comments: