The Future of Computer Forensics

By Steve Burgess

A student asked me an interesting question today, regarding what I foresee in the field of computer forensics in the coming years: 5, 10, & 50. Having not thought about it before , my answers surprised me a bit.

Mr. Burgess,

I would like to thank you again for taking the time to speak with me. I would like to ask you another question if you don’t mind, it is regarding the future challenges and/or issues in the field of computer forensics. In your expert opinion, how do you see it 5, 10, and 50 years from now? I am looking forward to your response.

My response:

An interesting question!

First, let me say that I don’t have an expert opinion about the future, just a personal and educated one. In my profession, I can only really have an expert opinion about stuff I’ve worked on and so can’t have one about the future until I get my time machine fixed!

5 years

As for 5 years from now, I see three things continuing to advance at a rapid clip:

1: Hardware -The size of storage media & memory and the speed of processors.

I expect that in 5 years, computers will come standard with 5TB or more of storage and that portable media like flash drives will carry something like 250GB of data – what the average hard drive was holding one or two years ago. In 5 years, computers will probably be 7 or 8 times faster. So these things will hold lots and lots more data and people will fill them up with lots & lots more data.Therefore, each computer forensics job will require sorting through and analyzing many times more data than today.

2: Computer Forensic Tools – The capabilities, automated nature and cost of computer forensic tools.

I expect that in 5 years, computer forensic tools will be about 5 times as fast, and twice as sophisticated. That means that even with all the additional data, the average, non-automated job will take about the same effort as it does now.

However, a lot of automated tools for collection and initial processing are starting to be released. These tools can be used by less-trained people, so it may be that data collection and preliminary processing will be faster due to automation.

I expect that the cost of computer forensic tools will not go down in relative terms. However, more Open Source forensic tools will be available for free for those willing to learn to use them.

3: Bad guys – Anti-forensics tools & schemes, sophistication of hackers

There’s always a race between how harmful software and cyber-marauders can be and the defenses against them. There is also software constantly being developed to stump investigation by erasing or scrambling traces of wrongdoing. This trend will continue to accelerate and there will continue to be an uneasy balance between the two sides, with lots of collateral damage. In most cases, people will continue to forget to hide or cover all of their tracks and there will still usually be evidence to find.

Ten Years

Ten years from now is much harder to predict.

The field itself is not too much older than that.

Everything I said for the 5-year time frame will continue to be somewhat true.

Tiny storage devices weighing an ounce will hold multiple Terabytes of data; hard drives or their replacements will hold Petabytes and both kinds of devices will be very affordable.

Computers themselves may be quite different than what we are used to, will probably understand human speech well and will probably be quite intelligent, speeding up the ability to use them.

Because computers will be so smart, the role of the computer forensics examiner may change. Testifying experts will need to have an even more sophisticated knowledge of the software /hardware /wetware interactions and may have to specialize further.

Malware may have gotten the upper hand by then, or may not have – it is very hard to say.

Fifty Years

Just about impossible for me to say sitting where I am right now. Computers will be much smarter than humans by then. If human computer forensics experts still testify in court, they’ll be computer augmented, but then again, we probably all will be. Whatever replaces hard drives on your local device (if we have local devices) will store half a Zettabyte or more. We’ll be carrying around 5 Exabytes in our pockets or dental fillings. That’s if all storage isn’t in the Cloud and is essentially unlimited. Although from where I sit, a Petabyte seems pretty limitless.

Fifty years from now, our adversarial legal system may not have changed much. On the other hand the capabilities of humans, computers, and hybrids of the two may be near unrecognizable, but still inevitable.

Best Regards,

Steve Burgess

Copyright Steve Burgess, 2009

Subscribe to our free and informative weekly forensics newsletter!


Pin It on Pinterest

Share This