There is no doubt forensic analysts are going to have to work smarter as working harder is not keeping up with the backlog. The quantity of digital data to be examined for each forensic case is growing larger almost weekly as storage capacity expands, becomes more affordable and more compact.
Although more forensic analysts are coming on to the job market this is not solving the backlog issue, the answer lies in the ability to effectively triage computers and other digital media to ascertain whether the item requires a full forensic analysis by the experts.
So who would perform this forensic triage? It makes no sense to ask fully trained (and relatively scarce) forensic analysts to do the triaging as they are much better employed back in the lab doing what they are really skilled at doing; that is the deep dark analysis of systems. Far better is to find a tool that can be deployed by front line staff much as breathalysers are used today by front line staff. The breathalyser embodies sophisticated chemistry but the user only needs to know how to calibrate it, deploy it and then interpret the results. A positive reading will enable the officer to take the suspect back to headquarters for further scientific testing by means of a blood or urine sample.
SPEKTOR is such a tool. A few hours of training will enable an officer or front line person to be able to configure the device for targeted data collection, collect that data from a suspect device in a write-protected manner that does not allow any changes to that device and then generate a report that allows them to see easily and clearly that targeted collected data. Time and effort saved by only seizing the data requiring full analysis is enormous, instead of seizing everything a few hours onsite triaging the items will result in many fewer false positives back in the lab and the use of the forensic analysts’ time on a concentrated and effective manner.
To learn more about SPEKTOR and how it might benefit you read here
What are your views on forensic triage and who should be using it?
