Author(s): Jon Oltsik

Published: March 30, 2010

Trends in Computer Forensics

While at FOSE last week, I attended a very good session called SANS Forensic and Incident Response. The session was led by Rob Lee from Mandiant, who moonlights as a computer forensics trainer. Rob identified seven key trends in computer forensics:

  1. Increasing data breach incidents . More events, more forensics needed.
  2. Lack of preparation for when things go bad. Rather than relying on technology, we need more skilled professionals.
  3. Loss of forensic expertise. Corporate-based forensic experts tend to flee to higher paying jobs with technology vendors and service providers.
  4. Increasingly sophisticated civil cases . As lawyers learn more, cases become more complex. Lee talked about the burgeoning focus on metadata in legal cases.
  5. Too much data. Log data experts like LogRhythm, Log Logic, ArcSight, Nitro, and Q1 Labs present a ton of data to evaluate. Lee said that the real challenge is host-based data, not network data.
  6. Mobile data forensics. We need the ability to understand what's happening on iPhones, Droids, and Blackberries--not just Windows PCs.
  7. Volatile data collection and analysis. This is all about the collection of data residing in memory, which could make or break a case.

Lee did a great job of explaining the art, science, and challenges of forensics in addition to the pressing need for more experts in the field. IT professionals take note: computer forensics is a high growth and potentially high paying area.

Read more of Jon's blog entries at Insecure About Security.


Post a Comment
  • Leave this field empty
Please Enter Correct Verification Number

*All views and opinions expressed in ESG blog posts are intended to be those of the post's author and do not necessarily reflect the views of Enterprise Strategy Group, Inc., or its clients. ESG bloggers do not and will not engage in any form of paid-for blogging. Click to see our complete Disclosure Policy.



Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. 

Full Biography