The Way Forward for Digital Forensics |

TABLE OF CONTENTS
1. Why Existing I.T. Solutions Are Falling Short | pg 3

2. Forensic Challenges By Industry | pg 4

3. The Changing Nature of Investigations | pg 5-7

4. The Way Forward | pg 8-12

5. A Better Way | pg 13

The Way Forward for Digital Forensics | 2

 WHY EXISTING I.T. SOLUTIONS
ARE FALLING SHORT

It’s challenging times for organizations and professionals engaged in forensic analysis.
Investigations are multiplying and diversifying–there are more of them, and new types of
cases arise all the time. Spurred by global trends and challenges, such as COVID-19 which
forced many workers to work from home whether their organization was ready or not;
BYOD (bring your own device); proliferating privacy regulations; and cloud computing, the
environment for conducting effective investigations has become increasingly complex and
more difficult to negotiate than ever before. Across all sectors, investigations are
becoming more collaborative, now frequently drawing in staff from HR and other
departments who are not legal professionals, but need to interact with forensic
technologies.

What this means is that existing forensic tools and technologies can’t always provide the
kind of performance needed to keep up with the growing investigation load, and can’t
accommodate the changing nature of how investigations must be managed. Forensics
professionals are confronting much larger data loads, with new, complex information types
tapped from a growing diversity of sources. As volumes and complexity increase, meeting
deadlines and reaching beneficial outcomes becomes more difficult.

Surely, what’s needed are new solutions – more powerful, flexible forensic technologies
that can handle big, diverse data loads faster than existing platforms. But it’s not just about
more processing power. Investigators need better indexing, higher scalability and nimbler
collection capabilities. Just as important, today’s solutions must accommodate the
changing nature of investigations and empower diversifying teams. More than anything,
today’s solutions need to be smarter.

The Way Forward for Digital Forensics | 3

 FORENSIC CHALLENGES
BY INDUSTRY

CORPORATIONS
Today’s corporations are dealing with enormous amounts of digital data, all being shared among
teams, departments, global locations, and devices. Even in industries as varied as healthcare to
finance to energy, enterprises need to manage digital investigations and e-discovery faster, more
efficiently and more securely, while reducing cost. Additionally, it’s critical to have a global view while
applying standards to data activity. Varying data privacy regulations, as well as regional risks and
communication practices, must all be taken into consideration to ensure data security and improved
efficiency. Finding tools to help you create the appropriate balance between collecting relevant
evidence for investigations and maintaining privacy rights should be priority number one.

PUBLIC SECTOR
Along with the perennial challenge of cash-strapped budgets, public sector organizations today are
grappling with increased backlog from growing, more complex caseloads. More than ever, it’s critical
that teams can zero in on relevant evidence fast, and build cases to fight fraud and other crimes
endemic to government and the public sector. What’s needed are tools to locate and analyze data
often unavailable through conventional processes, allowing examiners and investigators to collect
key evidence quickly and with confidence.

LAW FIRMS
More and more, law firms want to better serve their clients by simplifying their e-discovery processes
and reducing costs. This can be a tough challenge with today’s caseloads where millions of docu-
ments and terabytes of data are commonplace. To make e-discovery more efficient, you need access
to integrated tools for processing, review, and case organization. And you need a real-time review
platform that allows secure collaboration, regardless of where any member of the litigation team
is located.

SERVICE PROVIDERS
Multinational service providers, consultants, and accounting organizations have unique business
challenges that cut across the corporate and legal world. Like law firms, service providers need to be
able to carry out complex e-discovery projects. They’re also expected to provide expert support for
international compliance efforts. As such, there’s an urgent need for tools that can support globally
dispersed investigatory teams and real-time collaboration. And as with large enterprises, service
providers need to balance evidence collection and privacy rights.

The Way Forward for Digital Forensics | 4

 THE CHANGING NATURE
OF INVESTIGATIONS –
More Investigations,
More Challenges

Talk to people who conduct investigations for a living, and you’ll hear some common themes.
Investigations today involve more data, from more and more sources. Investigators are also work-
ing with increasingly complex information types, many of which can be difficult to access. Overall,
there are just more investigations to conduct, with tightening deadlines and greater pressures to
rein in costs.

IDG conducted a survey at the beginning of the pandemic to find out what incident management
challenges companies are facing. Some of the biggest challenges are coordination of incident
detection, appropriate IT skills sets and decreased IT Ops productivity.

47% 45% 41%

Respondents cited that Number of respondents
Respondents reported
coordinating IT incident identifying decreased IT
that it was difficult to
or outage detection, identify needs and Ops productivity as a
analysis and response bring in appropriate IT business impact of
across siloed IT teams skill sets incident management
is their #1 challenge challenges

Source: IDG Report - 2020 and Beyond: IT Ops Facing Change, Disruption and the Unknown

The Way Forward for Digital Forensics | 5

 THE CHANGING NATURE
OF INVESTIGATIONS –
Increasing Workloads
Are Shifting Priorities

New Investigations Kick Off Every Week

Weekly cadence is the new normal for investigations, as teams increasingly
struggle with compliance, data security and incident response.

Source: IDG Enterprise Survey

The Way Forward for Digital Forensics | 6
 THE CHANGING NATURE
OF INVESTIGATIONS –
Breaches, Regulations &
The IoT

Executives are becoming more focused on data security in light of high-profile data breaches that
have tarnished brands such as Facebook, Instagram, LinkedIn, Microsoft Exchange and dozens of
other tech and consumer brands in recent years. Additionally, data privacy legislation such as the
EU’s GDPR , California's CCPA as well as the next iteration, CPRA and other state-level regulations in

“
the U.S. are driving greater awareness of security issues and leading to more investigation activity.
Increasingly, C-level executives want reassurance from their cybersecurity teams that their data is
secure and the company is compliant.

“
How do you ensure compliance and that employees are
protecting your data when accessing it from cell phones,
smart watches, or other new emerging devices?

Trends driving increases in investigation activity and challenges to effective investigations:

Increased awareness
driven by public breaches
and growing compliance
demands are spurring
growth in investigations.

Increasingly mobile
workforce driven by
BYOD, remote
work places. Sprawl: how does
IT ensure they have
visibility across all of
the endpoints where
their data resides?

The rise of the Internet

of Things is generating new data from
new devices and business processes
(smart car / smart home) that could be
relevant in an investigation.

Source: IDG Enterprise Survey

The Way Forward for Digital Forensics | 7
 THE WAY FORWARD –
Cross-Team Collaboration

There’s growing consensus that effective collaboration is a key to success when managing
investigations. No longer can teams be siloed as the data that must be collected expands to
different teams and devices. This holds true for forensic investigations whether at the corporate
level or in the public sector. At the same time, with HR, compliance, and legal playing a more
active role in data preservation, as well as collection and analysis as part of investigations, organi-
zations need to facilitate better collaboration between teams. The need is especially acute when
outside counsel, law firms or service providers are brought into an investigation. Given these
realities, decision-makers are increasingly demanding integrated tools that enable and foster that
collaboration without requiring unnecessary data movement, longer timeframes or higher costs.

COLLABORATION IS KEY TO SUCCESS OF DIGITAL INVESTIGATIONS

Level of importance of collaboration between

HR, IT, and investigative teams to the success
of digital investigations

Source: IDG Enterprise Survey

The Way Forward for Digital Forensics | 8
 THE WAY FORWARD –
Technologies Optimized to
Meet Emerging Challenges

To conduct successful investigations in today’s challenging environment, you need an end-to-

end solution that will enable investigators to find relevant evidence as quickly as possible.

CORE PLATFORM – What to Look For:

• Speed & Stability: Distributed processing and ability to leverage multi-
thread/multi-core computers to realize full potential of hardware resources.

• Up-front indexing for more efficient filtering and searching: The difference
is that whether you’re investigating or performing document review, you
have a shared index file, eliminating the need to recreate or duplicate files.
• Built on a single unified database: Single data store ensures that your data
doesn’t have to move between separate, disparate platforms, and products
thereby introducing risk and potentially disrupting the chain of custody.
o With conventional approaches—which lack a forensically secure
back-end database—data must pass between platforms and tools.
The result is that every time you have to move your data, you risk
corruption or potential loss—not to mention added cost.
o A connected database means your cross-functional teams can
more easily collaborate on an investigation, speeding resolution
times for your investigations.

The Way Forward for Digital Forensics | 9

 THE WAY FORWARD –
What to Look for in
Digital Forensics

Forensic investigations today frequently need to cut across distributed digital teams, with an
overwhelming amount of data to process. From multiple office locations, to massive employee
pools and remote workers, investigators need enterprise tool sets that provide deep visibility
into live data directly at the endpoint, helping you conduct faster, more targeted enterprise-wide,
post-breach HR and compliance investigations.

ENTERPRISE PLATFORM CAPABILITIES – What To Look For:

• Optimizes support for internal investigations conducted by HR, IT, or other
non-legal stakeholders.
• Ability to respond quickly, remotely, and covertly (deployed to a specific
machine / laptop / workstation / file share ) while maintaining chain of custody.
• Facilitates focused forensic investigations and post-breach analysis, without
interruption to business operations.
• Eliminates need to travel / shipping costs to have physical access to machines
to perform collections.
• Provides pause / resume functionality so that once a collection is started,
if the machine were to go offline, the job will resume once it is back online.

CENTRALIZED PLATFORM CAPABILITIES – What To Look For:

• Facilitates collaborative analysis utilizing a distributed workforce across
geographic locations, including cases requiring a cross-discipline approach
among attorneys, HR, IT, or other parties across functional disciplines.
• Ability to power through massive data sets, handle various data types and
run multiple cases at the same time, all within a collaborative,
scalable environment.
• Supports distributed processing, allowing investigators to utilize additional
hardware to dramatically increase case processing and resolution
speed as needed.
• Incorporates powerful web-based review functionality and expanded
processing capabilities with a centralized database infrastructure and
virtually limitless scalability (depending on your hardware).
• Provides data visualization that supports deeper analysis by uncovering
relationships and patterns to support better decision making, leading to
more favorable outcomes.

The Way Forward for Digital Forensics | 10

THE WAY FORWARD –
The Promise of
Artificial Intelligence

The Way Forward for Digital Forensics | 11

 THE WAY FORWARD –
Harnessing the Power of
Machine Learning

The nature of machine learning is that through repetition and observation over time, solutions
can deliver faster performance and improved outcomes. In the context of digital forensics, we’re
seeing that with these new technologies investigative teams can be empowered at every skill
level to conduct and close more accurate, advanced investigations on shorter timeframes. The
performance of the digital forensic tools you already know and trust gets elevated, providing
even greater control over the way you process, locate, analyze and report on key pieces of data.
The difference machine learning can make has effects across the investigative spectrum:

Exert Greater Control Over Visual Data

Integrated visualizations, including timelines, maps, charts and social
communications analysis, along with image recognition, including facial
recognition from a single photo, power lightning-fast reviews.

Reveal Connections and Discover Insights

Advanced tools make it easy to search data across cases and develop
deep cross-evidence insights; analyze volumes of information quickly and
make large, diverse data sets more digestible.

Guide Current and Future Investigations

Machine-learning capabilities make it possible to monitor every step to
help surface more accurate and relevant findings, faster; maximize resources
with available tools for establishing workflows, automating tasks and
collaborating across teams.

The Way Forward for Digital Forensics | 12

 A BETTER WAY

Meet Exterro
With the forensic solutions from Exterro, you get a true end-to-end solution that
is built on a single unified database. It’s an important difference, meaning that
your data doesn’t have to move between separate, disparate platforms, and
products, which can introduce risk and cost and potentially disrupt the chain of
custody. With other solutions, data must pass between platforms and tools as
none of our competitors offer a suite of tools that share the same, forensically
secure back-end database. And as you know, every time you have to move
your data, you risk corruption or potential loss—not to mention added cost. A
connected database means your cross-functional teams can easily collaborate
on an investigation more efficiently, speeding resolution times for your
investigations.

Visit us online: www.exterro.com

©2021 AccessData Group, Inc. All Rights Reserved. AccessData is a registered trademark owned by AccessData, an Exterro Company in the United States and other jurisdictions and may not be
used without prior written permission. All other marks and brands may be claimed as property of their respective owners. 051721

The Way Forward for Digital Forensics | 13