Let Us Explore Challenges Faced By Forensic Investigators

challenges faced by forensic investigators
Published By Anurag Sharma
Anuraag Singh
Approved By Anuraag Singh
Published On April 20th, 2020
Reading Time 5 Minutes Reading
Category Forensics

From the past few years, technology has evolved at a much faster pace than expected. With the advancement in technology, there is a huge increase in the number of frauds associated with technology. Nowadays digital forensic investigators have to face complex challenges in digital forensic evidence collection.

There are numerous digital forensic investigation techniques and tools available using which the forensic examiner can investigate cases in a better way and carve evidence. Still, various problems occur during the forensic investigation. In the section given below some of the frequently occurring challenges faced by the forensic investigators are thoroughly explained.

So, let’s begin by exploring all the issues in cybercrime investigation and learn about the perfect technique to eliminate them.

Challenges Faced By Forensic Investigators

Check Out Challenges in Digital Forensics Investigation

Basically, the development of new technology is to invent things to benefit mankind. But criminals use technology to achieve their own targets. Thus, forensic investigators have to go through various challenges & issues in the examination process to find out the real culprit behind the crime. Some of the real-world problems faced by digital forensic investigators are:

Challenge 1: Hardware Issues in Computer Forensics

“Hardware enhancements to fulfil technological needs is a key constraint.”

Sometimes, while investigating a case, the suspect replaces the hard disk before it is acquired by the forensic experts. In such scenarios, the data acquired from the computer system is of no evidentiary value. However, in some cases, the evidence of the replacement of the hard disk may not be apparent which again leads the investigation into darkness.

There are cases in which suspects reset their mobile device so that the investigator cannot find the required evidence. So, in such cases, digital forensics investigator faces challenges at the time of carving evidence of communication from the mobile phone. In such a situation, investigators try to find backups in hope of fetching some evidence.

In various laptops, the hard disk contains an inbuilt algorithm to self-erase data from the machine, if the drive is being removed. Under such instance, it becomes pretty difficult for the investigators to gather evidence from the hard disk without removing it. Moreover, in modern SSDs (Solid State Drives), recovery of deleted contents is another major challenge faced by the forensic investigators.

In a few cases, the size of a hard drive is huge which means the investigator has to become efficient enough while examining large volumes of electronic data. Forensic Examiners also need to be more selective about devices to be seized for examination.

Challenge 2: Software Challenges of Cyber Crime Investigation

“SaaS and PaaS models have altered the structure of computing”

Accessing application data is associated with multiple constraints. It can be due to the nature of the operating system and application in which they are defined. For Example, to track the changes made in the contents of the file one has to compare it with the previous/subsequent version of the file or with its last-modified timestamp. However, it becomes a challenging task for evidence extraction in cases where document manipulation is suspected.

Sometimes, certain logs and application information gathered from an operating system may be helpful in selective investigations. One can understand better via an example:

The Windows 8 operating system gathers information about the Wi-Fi network accessed and the extent of data transmitted. This type of information may be helpful in case of data theft or certain network-intrusion scenarios. However, the correlation between the event of violation and information collected from these sources is still being tested on an individual case basis.

With the increased usage of mobile chat applications, now forensic investigators have to deal with various challenges. One such complication includes the instant messages which get the auto – erased/ deleted, once the message is delivered to the intended recipient.

Encryption in the devices also proves to be quite challenging while carving evidence from them. For example, to gather evidence from a mobile messaging application such as WhatsApp, one has to decrypt the WhatsApp database. This comes out to be a challenging problem in cybercrime investigation.

With the frequent change in the privacy and data protection regulations, it becomes another challenging factor for the investigators to gather digital forensic evidence. For instance, information present on the suspect’s system may contain some non-sensitive, private information. This information may be useful at the time of the investigation. However, accessing such information may be considered as a violation in some countries.

Nowadays, most of the companies believe in BYOD – Bring Your Own Device policy. The companies allow employees to use their personal mobile devices to access the official communication. This has become another complex challenge faced by forensic investigators in gathering evidence during the investigation process.

For example, accessing an email from webmail using a mobile device and then downloading the attachments can lead to data theft. Moreover, specific information on the device such as the type of information downloaded and the file details could be difficult to trace in the current environment.

Additional Issues / Challenges Faced by Forensic Investigators

In a cloud-based environment, there is an increase in the identity theft and opportunities of credential compromise. As cloud-based applications permit users to access data from multiple devices. Thus, it becomes difficult for forensic investigators to gather evidence where a user is using two devices to make changes to the application data or service at the same time. As the major problem occurs while identifying the source of the changes.

Summing Up

Criminals use technology for notorious tasks such as data theft, identity breach etc. Whereas, development in technology is done to provide benefits to mankind. Now, to deal with such kinds of digital crimes, forensic investigators make use of different tricks and software to carve evidence and identify the criminal. Due to constantly developing technology along with frequent advancing skills of criminals in hiding evidence, an investigator has to face a number of challenges during a cybercrime investigation.


By Anurag Sharma

Tech enthusiast & cyber expert for the past 5 years. Love to solve complicated scenarios to counter cyber crimes with in-depth technical knowledge.