A discussion of the tradeoff between resources and profit, competitive advantage, the commoditization of relationships and the community, and a call for stronger community-based research.
By now the industry takes it as a given that no one — neither vendors nor independent researchers — can keep up with the new devices, apps and app versions, or operating systems and their versions. Near-constant changes to these elements affect the way they store data, and in turn the way forensic tools acquire and parse that data.
Researchers need two things to attempt to keep pace: time and funding. It’s rare when research can be done for its own sake. Most is done in conjunction with casework or coursework and involves a specific device make / model, or a specific app.
Arguably, vendors are investing in research “deep work” that can ultimately make their tools stronger and serve a wider range of forensic examiners with highly relevant acquisition and analysis capabilities.
On the other hand, no private entity invests in anything without anticipating a return. Community goodwill is valuable, but only if it results in additional sales. Whereas independent research has always been about solving interesting problems and sharing the results with the community in the hopes that it will help, vendor tool development focuses on the most critical needs — identified by the community, yes, but prioritized by how frequent the feedback is.
That means the price of investing in “deep work” may be the kind of research that solves interesting problems. The concern isn’t so much that it will become the vendor’s intellectual property — Edwards’ APOLLO remains on GitHub in addition to being a BlackLight plugin, for instance — as it is the research’s focus. The really “interesting” problems may well be paywalled behind the labs that some vendors now run.