Digital Evidence Analysis Tools

Digital evidence examination is the forensic acquisition and analysis of computer hard drives, thumb drives, cell phones and any other data storage devices seized in the course of an investigation. Computers and electronic devices are common sources of evidence in a wide variety of criminal cases.

The amount of potential stored digital evidence data is doubling at an estimated rate of every 18 to 24 months.[1] As the volume of digital evidence continues to grow, it will become operationally and economically unfeasible for law enforcement agencies to commit the human, financial, and data-processing resources necessary to acquire and analyze large datasets without tools and technologies that speed up the process.

NIJ supports the development of solutions to help increase the speed of digital evidence acquisition and analysis, as well as the range of data that can be analyzed and used as evidence in court. Here are some of NIJ's ongoing projects in this area:


[1] This estimate for potential evidence is based on Kryder's Law on the rise of hard disk storage capacity which is similar to Moore's Law for the rise in processor speed. See "Kryder's Law," Scientific America, 2005 Exit Notice.

Date Created: November 5, 2010