As digital evidence increases in importance, authorities seize anything that can hold data. This includes computers, CDs, USB keys, MP3 players, cell phones and game consoles, Jim Christy, a director of the U.S. Department of Defense Cyber Crime Center, said in a presentation at the Black Hat DC Briefings & Training event here.
"This is everything that you got and gave for Christmas," Christy said. In one case, investigators found child pornography on a modified Xbox, he said. "The challenge is that with digital proliferation, the data volume is tremendous these days."
A single terabyte of data equals about 8,333 old-fashioned, five-drawer file cabinets filled with papers. "That's an awful lot for an examiner to go through," Christy said.
Digital evidence can answer key questions in a legal case, but efficient tools to sift through massive amounts of data don't exist today, Christy said. "I want to call out to the industry to create tools to help us investigate large volumes of data in a forensic manner," he said.
Cybercrime investigators need more tools because they are stretched thin. There are only about a dozen accredited digital-forensics labs in the United States. While it may appear differently on popular TV police dramas, digital evidence is used in many more cases than DNA analysis, for example, which appears in only 1 percent of U.S. criminal cases, Christy said.