As we have briefly discussed, one of the biggest challenges encountered by digital forensic investigators, whether in criminal or civil cases is the international nature of their investigative scope.

When investigating cases such as DDoS attacks (where a person or group of people flood a website or machine with requests in order to stop it from functioning), online credit card details theft, or bank fraud for example, it is likely that an investigator may find their suspects scattered all around the world. In a recent case involving the live streaming of child abuse from the Philippines, one of the main problems the investigators ran into was that the people who were watching the live streamed content were also subjects for investigation, but they were spread internationally and were difficult to track down due to so many of them using various methods of obfuscation. Laws around the world differ too: legislation in one country may create a legal loophole that causes havoc for a case and has implications on whether it is eventually brought to a conclusion or shelved.

The increasingly globalised nature of crime means that this is a problem we cannot ignore - it is not something that is going to go away. On the contrary, it looks set to only grow further with each passing year. Nowadays, our data is stored in the cloud—Nowadays, our data is stored in the cloud; people we interact with aren't just those we have met in real life, but instead people we would have previously termed strangers now increasingly form the basis of our social interactions; our bank accounts are accessible from almost anywhere in the world, often in multiple currencies. It is difficult enough to trace the actions and data trail of a single individual who is merely living life in the 21st century, let alone to attempt to investigate a large group of people, spread across diverse physical locations, who are making deliberate and sustained attempts to obfuscate data and hide themselves from view.

Strides ahead are being made, however. Various projects have sprung up over recent years which aim to address the specific challenges brought up by international investigations. One example is the EVIDENCE Project coordinated by Maria Angela Biasotti, an Italian lawyer who, in collaboration with colleagues across Europe, is seeking to develop a common understanding of electronic evidence and a more globally viable way of collaborating between territories, as well as a more standardized criminal investigation procedure around the world.

A laudable goal, and one that the EVIDENCE Project at least is moving swiftly towards; at the time of writing, a test implementation between several member countries is on the cards. However, at the moment, investigators are still faced with having to work on cases that have international data sources and implications.

Scoping out a case before taking it on is good practice regardless of its size or relative importance, but this becomes even more pertinent when international factors might be involved. These may have an impact on the time it takes to acquire evidence: for example, if you are looking to extract data from a server in another country, or even another state, you will need at least a basic understanding of the requirements necessary to gain access to it, and indeed whether this is even possible in the first place.

It is, of course, impossible to have an in-depth understanding of the various bits of legislation that are relevant to digital forensic investigations around the world. In reality, the best an investigator can do is to verse themselves as fully as possible in the laws of their own local area, and then seek advice when the need arises to work across borders.

Beyond the legislative elements, however, there are also the more mundane aspects of international investigation, such as linguistic analysis. Keyword searches are often where an investigation starts, or at least fall somewhere near the beginning—but if your case spans a multitude of countries, you may well end up at a loss for keywords.

Most of the larger digital forensics solutions, such as EnCase and Nuix Investigator, have multilingual keyword abilities built in, which is a huge help. Some can even scan the evidence you enter for you, and then bring back an analysis of the languages used within the case. You can then use this to form the basis of your investigation and to inform future searches. Slang is still a problem for many though, and criminals are increasingly becoming wise to this. While a thesaurus can bring back a number of synonyms for a given term relating to drug abuse, the exploitation of children, or financial fraud, it may not be able to include all the less formal terms people are using in their discussions.

Progress is being made, however, and much of the air time at digital forensics conferences and research groups is devoted to how we as investigators can increase collaboration and make it easier to investigate global cases.