| A student asked me an interesting question today, | | | | those willing to learn to use them. |
| regarding what I foresee in the field of computer | | | | 3: Bad guys - Anti-forensics tools & schemes, |
| forensics in the coming years: 5, 10, & 50. Here's | | | | sophistication of hackers |
| the question, my answer - and, dear reader, I'd love to | | | | There's always a race between how harmful |
| hear your comments. | | | | software and cyber-marauders can be and the |
| Mr. Burgess, | | | | defenses against them. There is also software |
| I would like to thank you again for taking the time to | | | | constantly being developed to stump investigation by |
| speak with me. I would like to ask you another | | | | erasing or scrambling traces of wrongdoing. This trend |
| question if you don't mind, it is regarding the future | | | | will continue to accelerate and there will continue to be |
| challenges and/or issues in the field of computer | | | | an uneasy balance between the two sides, with lots of |
| forensics. In your expert opinion, how do you see it 5, | | | | collateral damage. In most cases, people will continue |
| 10, and 50 years from now? I am looking forward to | | | | to forget to hide or cover all of their tracks and there |
| your response. | | | | will still usually be evidence to find. |
| My response: | | | | Ten Years. |
| An interesting question! | | | | Ten years from now is much harder to predict. |
| First, let me say that I don't have an expert opinion | | | | The field itself is not too much older than that. |
| about the future, just a personal and educated one. In | | | | Everything I said for the 5-year time frame will continue |
| my profession, I can only really have an expert opinion | | | | to be somewhat true. |
| about stuff I've worked on and so can't have one | | | | Tiny storage devices weighing an ounce will hold |
| about the future until I get my time machine fixed! | | | | multiple Terabytes of data; hard drives or their |
| 5years | | | | replacements will hold Petabytes and both kinds of |
| As for 5 years from now, I see three things continuing | | | | devices will be very affordable. |
| to advance at a rapid clip: | | | | Computers themselves may be quite different than |
| 1: Hardware -The size of storage media & | | | | what we are used to, will probably understand human |
| memory and the speed of processors. | | | | speech well and will probably be quite intelligent, |
| I expect that in 5 years, computers will come standard | | | | speeding up the ability to use them. |
| with 5TB or more of storage and that portable media | | | | Because computers will be so smart, the role of the |
| like flash drives will carry something like 250GB of data | | | | computer forensics examiner may change. Testifying |
| - what the average hard drive was holding one or two | | | | experts will need to have an even more sophisticated |
| years ago. In 5 years, computers will probably be 7 or | | | | knowledge of the software /hardware /wetware |
| 8 times faster. So these things will hold lots and lots | | | | interactions and may have to specialize further. |
| more data and people will fill them up with lots & | | | | Malware may have gotten the upper hand by then, or |
| lots more data.Therefore, each computer forensics job | | | | may not have - it is very hard to say. |
| will require sorting through and analyzing many times | | | | Fifty Years. |
| more data than today. | | | | Just about impossible for me to say sitting where I am |
| 2: Computer Forensic Tools - The capabilities, | | | | right now. Computers will be much smarter than |
| automated nature and cost of computer forensic tools. | | | | humans by then. If human computer forensics experts |
| I expect that in 5 years, computer forensic tools will be | | | | still testify in court, they'll be computer augmented, but |
| about 5 times as fast, and twice as sophisticated. That | | | | then again, we probably all will be. |
| means that even with all the additional data, the | | | | Whatever replaces hard drives on your local device (if |
| average, non-automated job will take about the same | | | | we have local devices) will store half a Zettabyte or |
| effort as it does now. | | | | more. We'll be carrying around 5 Exabytes in our |
| However, a lot of automated tools for collection and | | | | pockets or dental fillings. That's if all storage isn't in the |
| initial processing are starting to be released. These | | | | Cloud and is essentially unlimited. Although from where |
| tools can be used by less-trained people, so it may be | | | | I sit, a Petabyte seems pretty limitless. |
| that data collection and preliminary processing will be | | | | Fifty years from now, our adversarial legal system |
| faster due to automation. | | | | may not have changed much. On the other hand the |
| I expect that the cost of computer forensic tools will | | | | capabilities of humans, computers, and hybrids of the |
| not go down in relative terms. However, more Open | | | | two may be near unrecognizable, but still inevitable. |
| Source forensic tools will be available for free for | | | | |