The landscape for Digital Forensics is changing constantly. In the early days when disks could at best hold a few hundred kilobytes or (sharp intake of breath) 1.44 Megabytes, it was just about possible to identify the meaning of every byte by hand. Those days are long behind us. 

The number of digital devices people own is growing rapidly. Once upon a time (in the 90's) families owned one computer, perhaps replacing it every few years. Now individuals have computers, smartphones, entertainment and media devices, wearables, and increasingly Internet of Things devices for home automation. Each new generation of technology offers an increasing range of new gadgets, rather than simply replacing an older model with a new one.

These devices have an exponentially increasing quantity of storage on them. Where once the 1.44MB floppy disk could just about hold one person's life's work, now we have smartphones with 1TB of storage. We can be sure next year’s models will offer even more.

Storage remains in a constant race with data - regardless of how much storage we have, it never seems to be enough. We download more content, take more pictures and record more videos. We record and instrument every part of our life, with storage so cheap it's easier to buy more than it is to clear out forgotten videos, the photos with our thumbs over the lens, and other detritus.

In addition to increased storage in traditional computing devices, we are beginning to see investigations solved by extracting data from new types of devices including VR, smart televisions and games consoles, increasing the number of devices requiring analysis. All of these devices, all this storage, and all of the data, have the potential to act as evidence for investigators.

The number of devices, quantity of storage and volume of data are increasing exponentially.

The budgets and teams in Digital Forensics have not grown exponentially (and never will).

The inescapable conclusion is that doing more of the same can't work.

Digital Forensics labs and teams are not seeing the exponential investment and growth needed to cope with exponentially increasing workload, and many are falling behind. This results in either growing backlogs or ruthless (and often arbitrary) prioritisation - both to the detriment of investigations.

The answer has to lie in transformational change. There are many forms this can take from automation of repetitive and time consuming tasks right through to AI assisted analysis. There is no single silver bullet, but rather that a jigsaw puzzle of practices and technologies need to be brought together to make this change happen.

An important piece of the jigsaw puzzle will be triage, and not just the triage that tries to move traditional investigative techniques into the field. Triage that can rapidly scan or screen devices, triage that is simple to use for frontline users, triage that gives simple results that can be used by frontline staff. Triage that enables better decisions earlier on in investigations, and reduces the number of devices that must be subjected to a full examination.

I believe what we are offering at Cyacomb, along with ideas from other forward thinking technologists, will be the beginning of a major evolution in triage that contributes significantly to the much-needed change in Digital Forensics.

Cyacomb is not just offering more of the same. We're offering innovative solutions to help teams under pressure cope in a world where workload is increasing exponentially.

I first wrote on this subject in 2019, at a time when Cyacomb had a handful of users in the UK. Now we have national and state level roll-outs across EU, Europe and North America and thousands of users have experienced how Cyacomb’s approach can contribute to a much-needed transformation. We’ve demonstrated the contribution we can make to

• Getting sufficient evidence to take safeguarding action fast
• Helping to rescue children from abuse and trafficking
• Empowering non-traditional users of forensics technology in probation, offender management and border protection
• Reducing unnecessary seizure of devices and associated backlogs
• Reducing collateral intrusion
• Increasing the capacity of teams to take on cases

We’ve proven time and time again that this approach works – establishing it as a new gold standard wherever it is adopted.

“The time saved through using Cyacomb is a remarkable efficiency improvement for our unit, and adopting it is a no-brainer.” - ICAC Investigator, US South

To find out more about how Cyacomb can help transform your digital investigations contact sales@cyacomb.com 

To see Cyacomb in action watch our demo video or to try it for yourself request a trial.