Systems and methods for enterprise-wide data identification data sharing and management

A method of automatically identifying relevant or suspect data during a digital forensic investigation is described. Software accepts as input raw data which are extracted from various digital data sources. The software or digital forensic and data identification application determines to which one or more identification modules the unknown raw data should be delivered to for processing. This determination is based on the type of data in the extracted raw data coming into the application. Suspect or relevant data that are identified includes that data that are identical to or similar to the extracted unknown raw data. If there are suspect data, the application transmits a message or alert to interested parties or stores the findings/report on an a storage device. In this manner, the suspect data are identified automatically, without intervention by a human being. The identification modules are invoked in a search markup language interpreter and the one or more identification modules are expressed in a search markup language specifically for digital forensics and receives parameters from the search language for processing.