Backlog in digital forensics: Is justice being done?

Backlog in digital forensics: Is justice being done?

Digital forensics is an ever- increasing source of information in many investigations, for both law enforcement and enterprises. Unfortunately, digital forensics suffers from the same problems as other forensic sciences, one of the biggest being backlog.

Digital forensics is a great way to glean more insight into the crime at hand, even ordinary crimes. However that does not mean that it is free of problems that have plagued other forensic sciences, like DNA testing. Because in digital forensics there is also a backlog problem and this problem will likely grow in the future, along with the amount of digital data, if we do nothing to stop it.

The sword of Damocles

At the moment there are not enough computer forensic experts and the material and the forensic programs are often too complex and too elaborate for detectives to investigate themselves. This can be a rather big problem, not only in catching criminals but also in helping innocent people suspected of crimes get their due process. Like the case against school teacher Julie Amero in 2008 who was suspected of having shown pornography to her students in 2004. These charges could have landed her in prison for 40 years and yet the firewall logs were not checked, and the police computer expert did not check or verify any of the claims made by the school’s IT administrator. The computer did not have sufficient anti-malware protection and a piece of spyware was actually responsible for the pornographic pop-ups. The devastating case of Julie Amero shows what can happen if computers and networks are not properly searched and the forensic principles are not upheld. It took four years before she was –somewhat - vindicated of a crime she never committed and for the sword of Damocles to finally be lifted.

Preliminary survey findings

The opposite can also be true, many criminals get away with crimes because it can take too long for experts to seize and search a computer. At the moment a lot of law enforcement agencies work with a priority system. This means that for low tech, less serious crime the computer contents are not even analysed. In a small survey I did, more than half of the respondents noted that their organisation has a priority system in place. And more than one third of respondents think the backlog will be greater for low tech crimes. However the backlog does seem to be declining. Half of the respondents answered ‘yes’ to backlog in the previous five years, but this number declined for reported backlog in 2013. The majority of respondents being confronted with backlogs are from law enforcement agencies, which is easily explained by the fact that private investigation companies can usually choose what cases to take on. Law enforcement agencies do not have this luxury.

Tackle the backlog

Luckily there are multiple ways to tackle the backlog in digital forensics: better triage, training more experts, using “smart” forensic programs, outsourcing or standard workflow per specific crime. If these methods are combined, no criminal will get away with crimes and innocent people will no longer have to wait weeks, months or even years to be exonerated.

P.S.: If you work in digital forensics or investigations (both law enforcement and private) I have good news for you - the survey is still open! So if you have an opinion on the topic of backlog, please fill out my survey!


Nina van der Knaap

That is quite a goal. How many guys in the lab? The best of luck to you!

Steve Lapp

We are in the initial stages of opening the lab and marketing our expertise that included years of DOD and DOJ forensic investigations. My hope is to support the local sheriffs throughout Florida and expand into the DEA/FBI

Nina van der Knaap

Hi Steve, thank you for your comment. It's good to hear that you are working on reducing that backlog. How many law enforcement groups are you going to assist?

Steve Lapp

It is sad but true. I have witnessed first hand federal agencies perform what could be called nothing more then a "data dump" and pass that along to agents as an investigative report. Obviously this is a disservice to the agent in the field but was necessary due to a backlog of over a year.
Here at Kingfisher we hope to assist in the reduction of that backlog by opening a computer forensic lab in the Tampa area hoping to serve local and federal law enforcement groups.

Add a comment