Will web 2.0 pose a “threat” to conventional forensics?

Will the advance of web 2.0 applications impose a threat to conventional forensics?

First let’s provide some examples of what I feel web 2.0 applications are in this context, since that too is still a matter of debate. Sharing pictures with friends using Flickr, keeping in touch with those friends through MySpace, adding content to Wiki pages, updating your Twitter. The list can go on and on. For the record, this is not my definition of Web 2.0, these are just some examples of a trend that I sure will continue.

More and more data we produce is no longer stored on the disk in our computer, but on a network server, often far away and not always within reach or within our control. And when it is stored on our disk, often in part and quickly overwritten.

We see this trend also in webmail. Five years ago it was not uncommon to track entire Hotmail correspondence on disk, each opened e-mail item creating digital traces on a file system. Nowadays, with the usage of Ajax for example, content is offered in a more dynamic fashion, often resulting in less footprint on a (local) disk. At least, this is what I am seeing. Perhaps my interpretation is flawed or my experience too narrow.

So, digital traces of our activity will be more dispersed, perhaps making it more difficult to obtain a complete (and truthful) view of ones actions off- and online. Perhaps threat is not a good choice of words. You could also see it as an incentive to further innovate digital forensic methodology and technics.

Personally I feel we need to change our way of working, or in the future we might find ourselves inadequate to keep up with investigative needs.