Next-generation digital forensics

The shortcomings of the current generation of digital forensic tools and suggestions to overcome them are discussed. A major problem when investigating large targets is how to capture the essential data during acquisition when working copies of potential evidence sources are created. Smarter acquisition can reduce the amount of data that must be examined by targeting interesting evidence and leaving behind data. The digital forensics community requires better analysis tools that rely on distributed processing. Digital forensics investigators must be relieved of manual, time-consuming tasks, allowing them more time to think to reduce case turnaround time. Commodity computer clusters can reduce the waiting time for traditional forensic operations and provide an architecture for development of much more powerful analysis techniques.