How cheap storage can hide criminal activities

Advances in technology allow us to store more content, creating a nightmare for overworked online criminal investigator.

Hitachi Global Storage Technologies recently stated that advances in technology make it possible for it to predict 4 terabyte drives on desktops by 2011.That's great if you're storing media files. It's a nightmare, however, if you're a digital forensics investigator, according to Dave Merkel, vice president of products for Mandiant. He's suggesting that to contend with advances in technology online criminal investigators such as himself may have to change the way they collect and analyze data, if only to secure any hope of an eventual prosecution.

"Something that's a continuing challenge in...chasing bad guys and backtracking and what not is just being able to comb through the ridiculous volumes of information that are out there in order to find anything relevant. Whether you're trying to look at a civil matter or a criminal matter--whatever it might be--everything's got storage and there's the variety of devices that are involved with that as well.

"Look at the amount of information you can put on a little USB token these days, it's ridiculous. I think it's interesting to note the amount of difficulty that that's going to continue to pose for everyone that is involved in this particular science and then thinking a little bit about some of the areas of innovation that are going to be necessary in order to meet some of those challenges.

"There are significant hurdles that need to be crossed and I think too there's going to be a change in mind set in a couple of areas I think to date forensics in particular thinking about it in a criminal context a lot of default behavior has been copy everything, retain everything, get a hold of everything, and a single simple case, just getting all the data stored out of a single house on a simple crime, you would never analyze all of it.

"I think there might be a need for a mind shift to think more about pre-filtering and sort of a 'precision strike' forensics approach because I think the days of casting wide nets and trying to get everything involved in any particular event it's just not realistic. The ability to even process that data we can store way more data than we can process. The cost of storing is way cheaper than the cost of pulling out meaningful context. I think there are going to be continued needs for innovation in that regard In whatever particular problem you're trying to solve in this space."

You can read more of Dave Merkel's observations about digital forensics in this week's Security Watch column. You can hear an interview with Dave Merkel in this week's Security Bites podcat.

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Looking for an affordable tablet?

    CNET rounds up high-quality tablets that won't break your wallet.