One of the foremost axioms of forensics, digital or otherwise, is Locard’s exchange principle. Simply put, this principle, formulated by Dr. Edmond Locard (known in his time as “the Sherlock Holmes of France”), states:
“Every contact leaves a trace.”
These traces are the tiny pieces left behind that we forensic investigators use to help determine in a given situation what happened, where it happened, who it happened to, when it happened, how it happened and who did it.
So digital forensics is the pursuit of artifacts and traces of digital evidence: small data, not big data. Big data, as a concept, is the study of huge and complex data sets where traditional methods of analysis don’t function as well as new “big data” methodologies.
For example, AI algorithms can be used to detect patterns of usage on mobile devices and GPS to determine the microregions of wealth or poverty. This is a good example of “big data” at work.
Big data, therefore, doesn't present much of a challenge to digital forensics because it deals with smaller data sets.
