Computer forensics – yesterday, today and tomorrow

Jack Wiles

Few things have changed as rapidly during my lifetime as the field that we call computer forensics. More recent terms like digital forensics and e-discovery are often used interchangeably with the term computer forensics.

When I think about the ‘yesterday’ of computer forensics, I can’t help but remember my first computer. It was a Radio Shack TRS-80 Model III and it was already three years old when the FBI started what I consider the father of all computer forensics teams. I don’t remember even hearing the term computer forensics until the FBI started its Computer Analysis and Response Team (CART) in 1984.

Something else made its debut in 1984. 2600 magazine published its first issue (three full pages front and back on 8.5 x 11 inch paper) in January 1984. A quick look through the entire first year of 2600 did not reveal the words “computer forensics” anywhere that I could find. I’m not sure when 2600 became an actual magazine, but the first three years that I have in my personal library are all printed on 8.5 x 11 inch paper. An article in one of the 1986 issues was describing the possibility of computer crime becoming a federal offence, but there were no real thoughts about computer forensics then.

Things would begin to change in 1986 with the passing of the Computer Fraud and Abuse Act. The Computer Security Act of 1987 quickly followed. Just for fun, I performed a word search for the word ‘forensics’ in both of these important documents of 20+ years ago. You guessed it – word not found!

I want to share my first experience of examining the contents of mass storage media even before this kind of an examination was called computer forensics. Way back in 1988, I was involved with a corporation that had experienced a hacker break-in. The person who allegedly committed the crime did it with a Commodore 64 personal computer, which had a 300-baud modem and one 5.25 inch, 360 kilobyte floppy disk drive as its mass storage device. In a box near the computer were about 100 of these 360k floppy disks full of all kinds of proprietary information.

The main reason that I like to keep an eye on the ‘yesterday’ of computer security issues, including computer forensics, is that it lets me know just how fast things are changing in terms of mass storage devices, as well as computer speed and memory capabilities. Each increase in these numbers presents more possible computer crime targets, and much faster processing speed and storage for those committing the crimes.

The rapidly growing crime of online child pornography is a perfect example. I can’t recall ever seeing a decent picture on a 360k floppy, and the two megapixel digital pictures that many digital cameras produce today would take quite a while to send to anyone with a 300 baud modem.

Looking at the storage and possible forensics needs of yesterday, those 100 floppy disks in the above-mentioned crime of 1988 would have added up to 36 megabytes of data before formatting. My small two gigabyte thumb drive (four gig thumb drives are now becoming common and cheap) would require over 5 500 of those 360k floppies to contain the same amount of data. Make that a two terabyte disk drive, and you would need 5 500 000 000 of those 360k floppies. Let’s not even go there yet with the thought of petabyte drives – but they are coming!

I’ve spent most of my time in this article helping us to remember the not-too-distant ‘yesterday’ of computers and computer forensics. That Commodore 64 was in production from 1982 until 1994 – that’s 12 years. Technology is moving way too fast for that to ever happen again. If something is state of the art for 12 months, it’s incredible.

I’d really like to tell you a whole lot more about computer forensics today and tomorrow, but I have run out of time and space. Here’s want I can do. I can let you know about a brand new book titled Techno Security’s Guide to E-Discovery and Digital Forensics, recently published by Elsevier’s Syngress Publishing which will address many of these issues in great detail.

Jack Wiles is lead author of Techno Security’s Guide to E-Discovery and Digital Forensics, published by Syngress and available fom Amazon and other book retailers. He is also president of TheTrainingCo.

Comment index