Modern encryption is already hindering investigations today. Therefore, this does not only concern quantum computers, but very real daily operations. So not theoretically, but in everyday practice. Many companies still feel secure because their data is strongly encrypted. That is good for data protection and IT security, no question. Furthermore, one often sees in daily practice how effective these methods are. A clear advantage, I think. However, there is also another side that one often only sees when looking more closely. And that probably happens more often than one thinks.
This is precisely where the topic of post-quantum forensics begins. It is about how digital evidence can be secured when known methods suddenly no longer work. That surprises many. IT forensics is thus facing a noticeable transformation, in my opinion. New risks are emerging for companies. Cyberattacks or internal incidents can often no longer be fully traced, even when systems are technically well secured. That is frustrating. Consequently, those responsible must react early.
The article explains clearly why strong and post-quantum-secure encryption blocks investigations. Furthermore, it shows which procedures are specifically affected and what this means for IT security officers and legal departments. So quite practically. Finally, it becomes clear why early action often makes the difference, for example in ongoing investigations or internal audits. That is important, I think.
Why Encryption Becomes a Barrier for IT Forensics and IT Security
Encryption is meant to protect data from unauthorized access. That is exactly what it is for, there is no doubt about that. In IT forensics, however, it is increasingly becoming a very concrete challenge. Furthermore, digital doors often simply remain closed. Especially modern end-to-end encryption and new algorithms with a view to the post-quantum era make evaluations significantly more complicated and often slower than just a few years ago.
In many cases, investigations stall because stored information can no longer be decrypted. Even court orders often do not help, as systems remain technically locked. In everyday practice, that is quite frustrating. This is evident with locked smartphones, encrypted cloud data, or completely secured company laptops after internal incidents. Those who work forensically usually know these situations all too well. Furthermore, this illustrates how closely IT security is connected with investigative capability.
The Global Risk Institute estimates the probability of a so-called Q-Day, meaning that current cryptography will be broken by quantum computers, at up to 34 percent by 2034. Therefore, this means growing uncertainty for forensic experts: it is often unclear whether secured evidence will still be usable later or will lose value over time.
| Period | Q-Day Risk | Impact on Encryption |
|---|---|---|
| by 2034 | 19, 34% | Breaking of current public-key methods possible |
| by 2044 | >60% | Large-scale decryption realistic |
Classic public-key methods such as RSA, DSA, and ECC-based approaches are particularly affected. According to NIST, they are considered completely vulnerable. For IT forensics, this means: despite great effort, data carriers, cloud storage, or existing backups often remain unreadable. At the same time, pressure is increasing to find other sources of evidence as early as possible before information is permanently lost. Furthermore, IT security is crucial in this context to minimize risks.
Dr. Charles Romine from NIST puts it this way:
Quantum computing technology is developing rapidly, and some experts predict that a device with the capability to break current encryption methods could appear within a decade, threatening the security and privacy of individuals, organizations and entire nations.
Post-Quantum Encryption and IT Security Are Not a Future Topic
Many decision-makers still see post-quantum cryptography as something that lies far in the future. That feels reassuring at first, but is often a misconception. The impacts are already here today, especially for long-term sensitive data such as personnel files or legal documents. Such data often needs to be protected for decades. Therefore, the risk often arises earlier than expected. Those responsible for such data sets are usually directly affected.
A central keyword here is “harvest now, decrypt later.” Attackers are already collecting encrypted data today and storing it for future use. That sounds simple, but works surprisingly reliably. Later, as soon as the appropriate technology is available, this data will be decrypted. Even old investigation cases can be affected: evidence is considered secure today, but could suddenly be openly accessible in the event of a reopening. A White House report describes this approach as already real. Consequently, action is required now.
Reactions have been occurring for some time. Manufacturers and authorities are increasingly relying on post-quantum-resistant methods. NIST published several new standards in 2024, including CRYSTALS-Kyber and CRYSTALS-Dilithium. These algorithms noticeably change how data is accessed and how evidence is technically evaluated.
For companies, this becomes very concrete: even modern systems are often barely accessible during forensic investigations. Classic password analysis or memory forensics increasingly reaches its limits in practice. Therefore, companies must think about IT security holistically, for example through regular audits. Furthermore, they should adapt their processes early.
Investigations and IT Security Under Pressure: Perspective from Europe and Germany
Politically, the topic has long since arrived. At the EU level, a roadmap is currently being developed on the tension between encryption and lawful access. Coordinated measures are scheduled to start from 2026. The claim behind this: investigations and systems should become more secure, while fundamental rights remain clearly regulated and verifiable. That sounds sensible, but is often difficult to implement in everyday practice. Especially when multiple countries are involved, it quickly becomes confusing. In my view, this is exactly where it often gets stuck.
For companies, the focus is thus shifting. New requirements are moving to the forefront. Strong data protection and encryption remain mandatory, but are being monitored more closely. Furthermore, pressure is increasing to work cleanly with authorities and clearly demonstrate compliance. In everyday practice, you notice this quickly. Two worlds collide, and managing both simultaneously makes processes significantly more complicated.
Gabriel von Mitschke-Collande from Giesecke+Devrient puts it this way:
The question is no longer whether quantum computers capable of breaking current cryptographic methods will exist, but when this so-called Q-Day will arrive.
The Federal Office for Information Security is also active early. BSI President Claudia Plattner says:
We must assume that by 2030, quantum computers will be capable of breaking today’s cryptographic algorithms.
Therefore, for companies this often means reorganizing IT security and data protection without losing investigative capability or legal certainty. Risk minimization strategies are essential. More on this in the article Digital Evidence for Legal Departments, Forensics and Compliance.
New Requirements for Modern IT Forensics and IT Security
When encryption blocks classic storage access, other approaches often lead to results more quickly. Modern IT forensics therefore relies more heavily on live response and memory analysis. These methods require specialized expertise, clear procedures, and quick decisions. Meanwhile, pressure to work precisely is increasing. Zero-trust architectures help here, for example through precise logs of logins and access. Therefore, IT security is not just supportive here, but central.
Many companies have similar problems. Reactions come too late, preparation is lacking. Without proper incident response plans, evidence is lost. This is particularly critical in cases of internal crime or targeted cyberattacks. Further insights are provided in the article Forensic Analysis of Mobile Devices for Spyware Detection.
This is where the value of specialized service providers like Quintego becomes apparent. They assist with forensic analysis and evidence preservation, including clear, GDPR-compliant documentation. This creates overview and provides more security, especially when things get serious.
Strategies for Companies and IT Security: Act Now Instead of Losing Later
This is precisely why companies should include post-quantum forensics in their security strategy. The starting point is an honest inventory of the encryption being used. Which systems can still be forensically evaluated properly, and where are blind spots emerging? Such questions are best reviewed regularly. Furthermore, it is worthwhile to discuss the results openly.
Equally important are clear procedures between IT, compliance, and the legal department. Digital evidence must be collected in a legally sound manner, otherwise even the best technology does not help much. A look at service providers is also worthwhile: do they have experience with quantum-safe methods or not? Not every IT forensics provider is suitable for this. Training is part of it, as are tests of incident response scenarios. After all, everyone must know what to do in an emergency.
Questions Folks Often Ask
What exactly does post-quantum forensics mean?
The focus is often on live analysis and direct memory access, because evidence frequently appears there despite barriers. Post-quantum forensics refers to IT forensic methods that also work with strong, quantum-safe encryption.
Why does modern encryption prevent investigations?
Many investigation procedures remain blocked even with legal authorization because data is technically locked and evidence can often barely be secured. This particularly affects end-to-end encrypted systems without central key management.
Are medium-sized companies also affected?
Yes, usually. Today, standard software and cloud services on mobile devices often use strong encryption. In short, this affects companies of all sizes.
Is classic IT forensics still sufficient?
In many cases, not really. Without specialized methods and experience with post-quantum technologies, traces often remain hidden with classic approaches.
When should companies take action?
Early action brings the most benefit. Post-quantum encryption is often already running productively. If you wait, information is lost and this limits legal capacity to act.
What Companies Should Do Now
Maintaining freedom of action when things get complicated is often the biggest lever. This is precisely where post-quantum forensics comes in. It is not a theoretical topic and not a niche topic either. It has to do with real incidents, ongoing investigations, and the legal protection of companies. IT security and data protection should be considered together. In my view, both usually belong in a common governance that works in everyday practice.
What does practice show? Companies are looking more specifically at their investigative capability and consciously adapting it. It quickly becomes clear that it is often about truly understanding the technology being used. Furthermore, procedures should be prepared so that they hold up in an emergency. Professional expertise should be planned early, not only when things are burning. Finally, clear internal responsibilities help so you know who decides. And with external partners, it is worthwhile to examine more closely who is responsible for what.