Raiders of the lost artefacts::championing the need for digital forensics research

Abstract

In digital forensics, the concept of a ‘digital artefact’ exists; coined here as ‘a digital object containing data which may describe the past, present or future use or function of a piece of software, application or device for which it is attributable to’. In almost all digital investigations, a practitioner will query any digital artefacts resident on any device subject to examination in order to establish the presence of potentially evidential information. Whilst on face value this task appears straightforward, in reality, the pace of change within technology can lead to a practitioner encountering many unknown or previously unseen artefacts with undocumented functionalities. This creates state of ‘catch-up’ in regards to investigatory techniques and knowledge as practitioners must seek to ascertain the relevance of such data through additional research and testing. Yet, the demands placed upon the role of the practitioner may prevent engagement in the testing and evaluation of new digital artefacts, leaving them reliant on the timely publication and dissemination of forensic research (whether academic, industry or vendor produced) as a support mechanism. Whilst digital artefact research has a clear applied value, the difficulty of measuring its impact means that it may not always be considered of worth by academic communities and their publication platforms. As a result, this work champions the need for ‘digital artefact’ research, calling for increased engagement in this form of research to support the forensic community