Top 5 Challenges Digital Forensic Investigators Will Face

We are living in times when the technology landscape is rapidly changing. This poses new technological challenges for digital forensic professionals. In this article, we will discuss the top 5 challenges investigators face in their day-to-day work and how they can be resolved using Oxygen Forensic® Detective.

1. Devices and encryption algorithms are getting more secure.

Apple devices used to be considered the most secure some time ago. However, the emergence of high-end Android devices, especially Samsung and Huawei/Honor phones has brought new challenges to the DFIR world. Moreover, the availability and popularity of secure messengers and vault apps used by criminals have made things even worse for forensic investigators.

Solution:

Oxygen Forensic® Detective incorporates advanced methods of locked device extraction and decryption. It covers a wide variety of Android devices based on Kirin, Exynos, MTK, Qualcomm and Spreadtrum chipsets. Refer to this brochure for more details about extraction methods.

The brute force module that is built into the software offers the ability to find a passcode using a dictionary and other types of attacks. Investigators do not need to wait for advanced forensic services, they can extract and decrypt on their work computers. A full license of Oxygen Forensic® Detective will pay off with 3-4 devices that investigators usually send for advanced services.

Additionally, the software can decrypt a wide range of secure storages, such as Huawei PrivateSpace, Samsung Secure Folder, Vault apps and secure Messengers.

Image 1. HuaweiPrivate Space brute force

2. Dramatic increase in the volume of digital evidence.

Even if the user passcode is known and data is decrypted, it does not mean the investigation will be easy. According to the latest survey, the average American has access to more than ten connected devices in their household and owns more than two computers and two mobile phones at the same time. With this overwhelming number of devices per person, forensic experts should have access to powerful triage methods to extract only what is needed in the shortest possible time.

Solution:

This is where our OxyAgent utility comes in handy. With it, investigators can quickly extract selected artifacts, including the most popular apps from any unlocked Android device. Besides triage, OxyAgent allows users to take screenshots of any Android data and video recordings of it.

One more benefit is that simultaneous extractions are supported. Connect devices and leave all the other jobs to Oxygen Forensic® Detective.

3. There is never enough manpower and backlogs are constantly growing.

Since law enforcement officials are constantly overburdened with work, there are two ways to solve this problem – hire more personnel or automate the processes. Obviously, the second option is preferable. Highly skilled professionals can benefit from the implementation of artificial intelligence and concentrate on what really matters.

Solution:

Oxygen Forensic® Detective includes a vast variety of analytical tools that process huge amounts of data and give results in the blink of an eye. Analytics include:

  • Facial Recognition and face search throughout extracted evidence
  • Image Categorization into 16 categories to include nudity, terrorism, extremism, drugs, alcohol, graphic violence and more
  • Optical Character Recognition on extracted screenshots and documents
  • Quick Insights into the subject’s social connections and close circle of contacts
  • Data search across an extraction or a case by various criteria, including keywords, regular expressions, hash sets, etc.
  • Timeline of events to quickly see what happened when and where
Image 3. Image Categorization  

4. The single-source approach does not work anymore.

Years ago, a computer was the primary source of evidence for forensic investigators. Soon after, it was replaced by mobile phones. As we previously mentioned, the average tech user possesses several electronic devices. Consequently, evidence can be found across many sources, such as smartphones, the cloud, computers, smart devices, wearables, and even drones.

Solution:

Oxygen Forensic® Detective is an all-inclusive digital platform that enables data extraction and analysis from all mentioned digital sources. One of the key features is the powerful, built-in Cloud Extractor, currently supporting 96 cloud services – more than any other competitor on the market.

Image 4. The Cloud Extractor main window

5. Remote work and collaboration issues.

This problem has been aggravated by the global pandemic. Curious on how to make collaboration smoother during investigations, whether in-person or remote? We have that covered!

Solution:

The Oxygen Forensic® Detective Enterprise license allows remote work from anywhere in the world. All the user needs to do is connect to the license server and enter the IP address. Learn more about our Enterprise license here.

Every Oxygen Forensic® Detective license comes with a free portable Viewer, which any colleague or external stakeholder can use to open extracted evidence. Furthermore, Oxygen Forensics evidence reports can be ingested in popular eDiscovery software for further analysis.

Image 5. The Load file settings for evidence to be exported to other solutions, i.e. Relativity

To sum it up, Oxygen Forensic® Detective effectively addresses the most prominent challenges of the modern forensic world being an all-in-one tool for device decryption, triage, AI-based analysis, and remote collaboration.

Know of any other challenges? Tell us about them using this form. Let’s work together to make this world safer!

Leave a Reply

Your email address will not be published. Required fields are marked *