Forensic Trends in 2016

As we enter the new year everyone would like to look forward at the trends of 2016 and beyond and how they will interact and affect the field of digital forensics. According to Gartner some of the technical trends for 2016 are:

  • The Device Mesh – the expanding set of endpoints people use to access applications and information or interact with people, social communities, governments and businesses.
  • Ambient User Experience - a new continuous and ambient user experience built on the foundations of the device mesh.
  • Information of Everything - Everything in the digital mesh produces, uses and transmits information. This information of everything goes beyond textual, audio and video information to include sensory and contextual information.
  • Advanced Machine Learning - advanced machine learning, deep neural nets (DNNs) move beyond classic computing and information management to create systems that can autonomously learn to perceive the world, on their own.
  • Autonomous Agents and Things - Machine learning will give rise to a variety of smart machine implementations — including robots, autonomous vehicles, virtual personal assistants and smart advisors — that act in an autonomous (or semiautonomous) manner.
  • Adaptive Security Architecture – moving beyond perimeter defense and rule-based security to application self-protection as well as user and entity behavior analytics.
  • Mesh App and Service Architecture - software-defined application services will enable web-scale performance, flexibility and agility. Additionally, bringing mobile and IoT elements into the app and service architecture will create a comprehensive model to address back-end cloud scalability and front-end device mesh experiences.
  • Internet of Things (IoT) Platforms - IoT platforms will become the base set of capabilities for building, managing and securing elements in the IoT.

With these emerging technical trends, it is important to remember to maintain forensic readiness within your organization. Forensic readiness is the ability of an organization to maximize its potential to use digital evidence to enhance existing security while minimizing the costs of an investigation. As the information technology landscape continues to evolve traditional prevention and detection measures are no longer enough (see trend #6).

Today, and in the years to come, there is a business requirement for digital evidence to be available even before an incident occurs and regularly collecting digital evidence could help manage the impact of some important business risks. Looking to the new year we will see a lot of changes with how we attack these areas from a forensic perspective. With new options for live collections on the horizon it is an unknown frontier of digital forensics and cyber security that not only cause our fears to bubble to the top, but also inspire us to excel. Happy hunting in the new year.


Greg Kipper

Greg Kipper, Cyber-Futurist