What are the Issues or Challenges Involved in Computer Forensics?

No task if free of challenges, so is computer forensics. The issues involved in computer forensics at Elijaht are classified into three categories— technical, legal, and administrative.

Technical Issues

  1. Encryption

It is impossible to crack the encrypted data without using the correct password or key. The experts should also consider that the password or key is stored in some other location of the computer or another system on which the suspect has access to. It could also be hidden in the volatile memory of a computer or RAM.

  1. Increasing storage space

The examiner needs to have a sufficient processing power and storage available in order to deal with the searching and analysis of huge amounts of data.

  1. Innovative technologies

The field of computers have innovations emerging in a fraction of seconds. The examiner should be expected to work on these innovations whenever required. Be prepared and able to test and experiment with the working of the new technologies.

  1. Anti-forensics

It is a practice to thwart the practices of computer forensics. It includes encryption, data over-writing, modification of files’ metadata and disguising of files. It also uses encryption to secure away the files. The password or key is stored in some other location of the computer, or in another system entirely.

Legal Issues

Legal issues are deemed to confuse the findings of the computer examiner. For instance, the Trojan defence. Trojan is referred to as a computer code imitating as something harmless but carries a malicious purpose. Trojans are used for key logging purposes, upload-download of files, and installing viruses. A lawyer will help in justifying that the actions were not carried out by the user by the injected Trojan’s in his client’s system without his knowledge. In such situations, you will need an opposing lawyer, supplied with proof from an expert forensic analyst, in order to win the argument. An efficient examiner will ascertain and address the possible arguments from the opposed party while executing the analysis and report-writing.

Administrative Issues

  1. Accepted standards

Despite the existence of a plethora of standards and guidelines, only a few are universally accepted. This is because of the involvement of standard-setting bodies which are tied deeply with the legislations. Standards are aimed either at law enforcement or commercial forensics, but never both.

  1. Fit to practice

In many cases, no qualifying bodies are involved to inspect the competence and integrity of computer forensics examiners. Hence, anyone can represent himself as a computer forensic expert which might result in questionable quality.