ARLINGTON, VA. -- The increasing storage requirements of consumers and businesses has become a plague for computer-crime investigators, a former special agent told attendees at the Black Hat DC Conference on Wednesday.
While only one percent of crimes involved DNA evidence, a majority of cases involve some sort of digital evidence, said Jim Christy, a retired special agent and director of the Defense Cyber Crime Center. And that evidence keeps growing in size. In 2006, the Defense Computer Forensics Laboratory--the largest such lab in the world--processed 681 case, up from 269 cases in 2001. The number of investigations increased 130 percent, a number that seems modest when compared with the factor of 13 increase--to 156 terabytes--of data processed during the year.
"This is the challenge that we face today in digital forensics," Christy said.
Digital forensics has taken center stage in the past two months, because security experts have questioned the evidence provided in a controversial criminal trial that found a Connecticut substitute teacher guilty of four charges stemming from pornographic pop-up ads that appeared on a classroom PC. Some members of the security community have banded together to attempt to analyze the hard-disk drive image of the PC to show that spyware, and not the conduct of the teacher, led to pornography appearing on the computer's monitor.
To improve the quality of digital forensics investigations in the future, Christy stressed that cybercrime laboratories need to become accredited, even though the certification can raise costs by 30 to 40 percent. Already, three states have passed laws that require that all digital evidence must be processed by an accredited laboratory to be admissible in court.
Posted by: Robert Lemos