The State of Contemporary Digital Investigations – Part 2

Since my early days of forensics, like data storage and available devices, data transfer cables were a growth area. To stock a competent digital forensics laboratory, you needed to have the cables and adapters to read all the devices you might find in the wild. These included IDE, the occasional RLL and about 100 different configurations of SCSI cables. Along with these cables, it was important to have the appropriate write blocking technology to enable proper preservation of digital evidence while duplicating it.

Times have naturally changed, as I discussed in part 1 of this series. As storage interfaces grew and changed, the type and number of these write blockers grew at the same time. The investigator needed to show up in the field, confident that no matter the size and configuration of a storage device, they had the equipment to properly interface with it and conduct analysis.

While the need to be prepared and competent has not diminished in the slightest, the sheer volume of digital data found at a given crime scene or under a search warrant has exploded, from a bunch of floppy disks and maybe a hard drive or two in the late 90s to multiple tens of terabytes or more in the 2020s. This dramatic increase in raw data has required the high-tech investigator to learn additional strategies to find key data on-site, possibly before performing full forensic analysis in a lab. Tools like Nuix Data Finder and Automatic Classification can be deployed in the field to find crucial items of digital evidence now, not 6-12 months from now when the laboratory backlog gets to your case.

THE DIFFERENCE IN DECADES

I mention ‘prepared and competent’ because it can’t be overstated that what was required in the 90s is darn near trivial when compared to the massive scope of the digital investigations field today.

In a nutshell, investigators in the 90s required knowledge of:

  • Windows
  • DOS
  • Linux
  • To a very minor extent, Macintosh/Apple.

The knowledge included how their file systems worked and the technical ability to analyze floppy disks and hard drives using:

  • IDE
  • RLL
  • SCSI

While networking could be a factor in business investigations, most people using their computers at home dialed up to their service provider and the records were fairly easy to understand.

Fast forward to today and what investigators need to know dwarfs all past generations:

  • Windows (multiple flavors)
  • Linux
  • OS/X
  • iOS
  • Android
  • Storage
    • SATA/SAS spinning disk
    • SATA/SAS solid state disk
    • IDE disks
    • SCSI disks
    • NVME disks
    • M2.Sata disks
    • Flash storage
      • SD/Mini-SD/Micro-SD
      • Compact Flash
    • USB 2/3/C hard drives
    • Wireless hard drives
    • Home cloud drives
    • Cloud storage
      • Azure
      • AWS
      • A variety of smaller/foreign cloud services
  • Connectivity
    • IPv4 networking
    • IPv6 networking
    • Bluetooth
    • Wi-Fi
    • 3G/4G/5G
  • Devices
    • Digital cameras with and without network connectivity
    • Tablets IOS/Android
    • Raspberry PI
    • Drones
    • Internet of Things (IOT)
    • Data centers
  • Security
    • Encryption – So many impacts on file storage and networking that it deserves its own novel
    • Multi-factor authentication

This list goes on and on. It’s almost impossible to recognize the field of high technology investigations when comparing the decades of development and advancement. It’s hard to imagine how a modern investigator can even be moderately competent given the breadth of knowledge required.

After all this history, I’m sure many readers will have some of the same questions. I’ll try to answer what I know I’d be asking, but I encourage you to reach out if you have others that I don’t cover here!

How Can Our Team Cover The Breadth Of Knowledge You’ve Outlined Here?

Having the properly trained and experienced personnel assigned to the cases involving the skills they are most experienced in is vitally important. Given the amount of available information out there, it is inconceivable that there is a single person in any organization who is best able to handle every type of case.

It’s also important to have the appropriate technical and hardware resources on hand to address the challenge of each type of data (and the platform it lives on).

What’s The Key To Ensuring We Are Focusing On The Right Pieces Of Evidence?

The one constant in my high-tech investigations tenure is the ability to interact competently with all types of people. Learning to interview and interrogate where appropriate and paying close attention to the facts of a case, including environment, are crucial components to locating all the data types required in each scenario to perform a thorough examination.

Secondary to the staff’s personal competence and their ability to ask pertinent questions about the environment they are investigating, is having a deep bench in terms of hardware, software and intelligence that will guide them to all available sources of digital evidence. Further, by having the knowledge and experience to learn all about the environment under investigation, the entire staff will be deeply steeped in the art of triage. This enables them to focus on most-likely-important evidence first and widen the scope needed to obtain all the facts without crushing themselves under the weight of trying to analyze ALL.

Which Tools Do You Recommend As Imperative For An Investigative Team?

This is a slam dunk. Nuix Workstation gives me the single pane of glass to all the evidence types I’m interested in, while Nuix Investigate® allows me to present all the evidence I’ve collected and processed to support staff and case agents, who will perform the detailed review of documents and communications to determine their relevance to the case.

How Do We Fill In The Gaps?

Again, I’ve got the core of most of my needs in the Nuix suite of tools. Where Nuix does not have a solution, like threat intelligence feeds or cooperative intelligence like the ISACS, I can incorporate information from those feeds directly into my Nuix cases and correlate across all the available data to solve the questions posed by the investigation.

EMPOWERING THE MODERN-DAY INVESTIGATOR

We know investigations take on many different forms depending on where you work. While criminal investigations will differ in some ways from, for example, a corporate environment, many of the details remain the same.

I encourage you to visit the Solutions section of our website and see for yourself how Nuix helps investigators in government, corporations, law enforcement, and more.

source: https://www.nuix.com/blog/state-contemporary-digital-investigations-part-2

Nuix Partners with EDMS Consultants to Target Mining, Energy, and Utilities

Perth, Australia – May 11, 2021, Global software company Nuix (www.nuix.com, ASX:NXL) and leading solution provider EDMS Consultants, have announced a new partnership to offer Nuix solutions to the natural resources sector in Western Australia and ASEAN region.

Both companies aim to provide litigation and investigations technology to support the booming natural resources sector which faces increasing regulations, class actions, cybersecurity and privacy issues, internal investigations, and intellectual property disputes.

“Throughout the years we have been in the business, the energy, resources, and utilities sectors are among the most highly regulated industries,” said Peter Buck, Business Development Director of EDMS Consultants. “Now more than ever, operators need full access to their unstructured data or data silos to ensure regulatory compliance.”

He added, “We have worked with PETRONAS, BP, Exxon, PTTEP, and KPOC (PETRONAS/ Shell / ConocoPhillips) on various services throughout the years, and we believe based on experience Nuix has the ideal solution for big organisations with unstructured data”.

The explosion of unstructured data places an increasing burden on large enterprises – especially those in the mining and energy sector that manage very complex projects – to sort through the massive volumes of content they gather, generate and exchange every day. Added to this challenge, the often remote and distributed business model with operations and assets spread over a wide geographical area means that information governance and data access are crucial.

‘’Nuix has a proven history of partnering with large enterprises to solve their messy data challenge,’’ said Jonathan Rees, Nuix Executive Vice President, International. “We have the world’s leading technology for extracting intelligence from high volumes of structured and unstructured data, forged from our experience with regulatory inquiries. Opening new markets and customer segments will continue our growth path and I am excited to partner with EDMS, to drive our combined solution and services, into the wide footprint EDMS has in the natural resources industry.”

About Nuix

Nuix (www.nuix.com, ASX:NXL) creates innovative software that empowers organisations to simply and quickly find the truth from any data in a digital world. We are a passionate and talented team, delighting our customers with software that transforms data into actionable intelligence and helps them overcome the challenges of litigation, investigation, governance, risk, and compliance.

About EDMS

EDMS is a leading solution provider in the Asia Pacific Region, providing enterprise data solutions to the Energy, Resource & Utility industry. We continuously explore and find the best solution to offer our clients. We have a multi-disciplined team of specialists, based in Kuala Lumpur, Malaysia, and Perth, Australia to support our clients. EDMS has implemented projects to the leading Energy, Resource & Utility throughout the region.