Internal investigations, e-discovery, and cyber breach incident response approaches continue to evolve as new sources of data emerge, and the way we conduct business in a digital world also evolves and changes. As a result, corporate IT professionals have had to take on new roles and responsibilities as well, requiring new skills and the proficient use of tools to help adapt to the continually changing digital environment.\nThree key factors are driving the need for this change:\n1. The Sheer Size of Data \nIn an investigation, finding the relevant data and quickly getting it to legal, human resources, compliance, or audit teams to make decisions on the situation is everything. The sheer size of data organizations are grappling with today makes this increasingly challenging. Mobile device and computer storage capacity has become ginormous, leaving vast amounts of information for investigators to mine. Last fall, AccessData consulted with several industry veterans on the topic of evolving digital investigations and the impact on IT\u2019s role.\n\u201cThe data is 20x what it used to be,\u201d said John Wilson of eDiscovery Squared. IT must be able to use technology to identify sources across the network and collect the data while preserving vital system and item metadata for forensic analysis and evidence integrity. Investigators must also be able to filter at the time of collection and during analysis to focus precious time and resources on core facts hidden in the mass of data volumes.\nImagine what digital investigators face when you consider:\n\nSmartphones can hold 64GB to 500GB of data.\nAverage laptop hard drive has 500GB to 1TB of data.\nAverage desktop hard drive houses 1TB of data.\nUsers typically receive 43,000 emails per year.\nText message data can involve 30,000 texts per year, per users.\n\n2. Data Sources Get Complicated\nGone are the days where IT can simply take and image a hard drive and be done. Today\u2019s investigations require \u201clive box\u201d forensics to ensure critical evidence such as passwords, encryption keys, and chat sessions found in the computer\u2019s volatile memory are preserved and collected.\nThe memory chip of a computer can be a treasure trove of information about a subject\u2019s digital activity. The location of where data is being stored is changing also, with more corporations leveraging cloud apps and content-management systems. IT and investigators need to become proficient in using the necessary tools to collect in this live environment. They must know how to collect from multiple device types and multiple operating systems. Identifying malware in a data set or in an incident response investigation is also part of the role now, as is collecting from remote locations with today\u2019s increasingly mobile workforce. And all of this needs to be done in a minimally invasive way, to ensure the data is preserved and admissible in court.\n3. Needing Critical Communication and Collaboration \nToday\u2019s digital investigations are no longer siloed. Departments from all over the organization are involved and need access to key files and information. It\u2019s not just legal anymore. Human resources, compliance, audit teams, and corporate communications frequently request information and data collection for investigations.\nJason Britton, IT Technical Engineer at iHeartMedia, shared his perspective on this, noting that \u201ccommunicating has been a problem for a lot of groups because there\u2019s a lack of experience in this shift from dead box to live box investigations.\u201d Investigators need to know what is expected from the investigative work of each different group.\nFor example, if evaluating a suspect\u2019s instant messages is critical to an investigation, IT must be made aware of the requirement to collect that data, not typically stored on a computer hard drive, so they can be sure they have the necessary tools available up front to enable the collection. Groups need to communicate with the investigator throughout the collection, and get an early look at the data. Communicating and collaborating with vendors that house data you need, or that come in to help with the investigation, is also key.\nTen years ago, sharing the investigative findings was much simpler. Printing out an investigative report on paper worked. Today, investigators struggle to figure out how to push an entire report and timeline to their stakeholders\u2019 review platform. Increasingly, teams such as HR and compliance are starting to use e-discovery technology to slice and dice the data. The volume is just too big to not use analytics to see information on the data set, social interaction in email patterns \u2014 tools commonly found in e-discovery technology. Tools that help to unify cross-functional investigative teams on a single platform and minimize data movement can facilitate improved collaboration, and help get evidence into the right hands for expedited analysis.\nConclusion\nThe proliferation of digital data \u2014 both volumes and types \u2014 will continue to challenge IT and investigative teams. In an increasingly changing digital environment, it is useless to try and thwart employee adoption of modern technology. Instead, IT teams and investigators must begin to adapt their skills and the tools they use to facilitate thorough investigations and meet those challenges head on. As these challenges are no longer a problem facing IT alone, identifying and collaborating with key stakeholders early and throughout an investigation becomes increasingly important, to ensure critical data is shared in a timely manner and improve investigation efficiency.