This article discusses two projects funded by the National Institute of Justice (NIJ) that addressed innovative ways to process digital evidence.
Digital evidence is information stored or transmitted in binary form that may be presented in court. It can be found on a computer hard drive, a mobile phone, a CD, or the flash card of a digital camera, among other sources. Because digital data are so prevalent as evidence in various types of crime, law enforcement agencies are incorporating the collection and analysis of digital data into their infrastructure. Digital forensics consists of a three-step sequential process: 1) Seizing the media; 2) Acquiring the media, i.e., creating a forensic image of the media for examination; and 3) Analyzing the forensic image of the original media, so as to ensure that the original media are not modified during analysis. In order to address these challenges, in 2014 NIJ funded two projects. Grier Forensics received an award to develop a new approach to acquiring digital media, and RAND Corporation received an award to work on an innovative means for analyzing digital media. After 4 years of work, these software applications are coming to fruition. Related issues discussed in this article are the identification of disk regions that may contain evidence; potential limitations of sifting collectors; the acceleration of digital forensics analysis; the potential limitations of DFORC2 (Digital Forensics Compute Cluster); and the need to conduct independent testing, validation, and peer review of the methods developed under these two awards. 3 exhibits and citations for the grants