Monday, November 19, 2007

Image storage options

Talking about future technology issues has started me thinking more about image storage options, specifically what technologies are most commonly used today and what future advances might have to offer.

Image storage refers to the need to keep a forensic image safe both during an investigation and after the investigation is complete. Both requirements involve protecting the integrity of the image but while an investigation is ongoing access to the image may be required on a regular basis and after an investigation there may be a legal requirement to maintain the image in a secure environment for a certain length of time.

To a large degree the types of technology which a forensic unit chooses to fulfil these requirements may be influenced by the typical size and number of the cases they deal with. Some organisations may use single hard drives for ongoing investigations whereas others may need to invest in large RAID systems. Again, for longer term storage smaller forensic outfits may use DVDs or even CDs whereas larger units are likely to require some form of tape storage. In each case there are always important issues to consider beyond the storage capacity. Considerations surrounding the reliability of the medium, for example, are likely to be paramount but other issues such as compatibility and speed also need to be taken into account.

Image storage is not a particularly glamorous topic but, as with any other aspect of computer forensics which involves data integrity and legislation compliance, it's one which practitioners take seriously. The choice of which technology to use is rarely clear cut, most decisions are to a degree a compromise between various competing factors (including cost). However, as typical image sizes continue to increase every year it's always interesting to keep an eye out for brand new technologies just over the horizon which might just promise to make life easier.

More on that tomorrow, but in the meantime I'm interested to hear what challenges readers are currently experiencing in relation to image storage...please leave a comment!

3 comments:

Anonymous said...

We've not actually hit the problem yet, but I am currently working at a UK academic institution that has some fairly high-brow physics experiments - these are generating in excess of a petabyte of data a day ... We are in the process of starting to evaluate an in house forensic dept and extracting relevant data from this kind of data set is a real issue ! IDS is a no go, imaging the storage medium as well is an impossibility - we are left with live forensics to hopefully image the relevant subset ...

We dread that we should have to call in the Police in anyway, as it would be a nightmare ...

Jamie said...

Thanks for the comment, that's an incredible rate of data production! I note the following from Wikipedia:

"Approximately fifteen petabytes of data will be generated each year in particle physics experiments using CERN’s Large Hadron Collider, due to be launched in May 2008."

Physicists really like their data, don't they!

The Secret Liberal said...

The problem we have is image distribution. We have secure server storage but getting those images to detectives, prosecutors, and defense attorneys requires copying images to DVD. This is time consuming. Also, we still haven't dealt with the issue of auditing who has viewed images very well.

It would be nice if there was a simple system for secure online image distribution that didn't cost a ton of money.