INTRODUCTION
Legacy and emerging DFIR challenges

The DFIR landscape is changing

______________________________________________________________________________________________________

The DFIR landscape is constantly evolving. However, three macro trends have remained consistent over the past few years:

Increasing data volume and data source complexity

Time sensitivities and challenges collaborating with stakeholders

The rise of evolved technologies like cloud, AI, and automation

Individually, these create a more demanding DFIR landscape; collectively, they have very quickly changed the scope of an already challenging function. Every investigation type has different needs and challenges, whether that’s assessing the scope and determining the root cause of a cyberattack, preparing evidence that can be used to support insurance claims and other forms of litigation, investigating an employee misconduct case, or demonstrating a duty of care to regulators. This guide is organized into the three most common types of investigations where digital forensics plays a strategic role in uncovering the truth. You'll see chapters relevant to the investigation types you selected when creating the document. In each section, we’ll cover the most common challenges and practical solutions.

What's your top DFIR challenge?

Increasing data volume and data source complexity
Maintaining a timely response
Sharing and collaborating with stakeholders
Keeping pace with the evolution of technology
Difficulty acquiring from remote and/or on or off-network endpoints
Resource constraints (such as budget or skilled professionals)