How cheap storage can hide criminal activities

Advances in technology allow us to store more content, creating a nightmare for overworked online criminal investigator.

Hitachi Global Storage Technologies recently stated that advances in technology make it possible for it to predict 4 terabyte drives on desktops by 2011.That's great if you're storing media files. It's a nightmare, however, if you're a digital forensics investigator, according to Dave Merkel, vice president of products for Mandiant. He's suggesting that to contend with advances in technology online criminal investigators such as himself may have to change the way they collect and analyze data, if only to secure any hope of an eventual prosecution.

"Something that's a continuing challenge in...chasing bad guys and backtracking and what not is just being able to comb through the ridiculous volumes of information that are out there in order to find anything relevant. Whether you're trying to look at a civil matter or a criminal matter--whatever it might be--everything's got storage and there's the variety of devices that are involved with that as well.

"Look at the amount of information you can put on a little USB token these days, it's ridiculous. I think it's interesting to note the amount of difficulty that that's going to continue to pose for everyone that is involved in this particular science and then thinking a little bit about some of the areas of innovation that are going to be necessary in order to meet some of those challenges.

"There are significant hurdles that need to be crossed and I think too there's going to be a change in mind set in a couple of areas I think to date forensics in particular thinking about it in a criminal context a lot of default behavior has been copy everything, retain everything, get a hold of everything, and a single simple case, just getting all the data stored out of a single house on a simple crime, you would never analyze all of it.

"I think there might be a need for a mind shift to think more about pre-filtering and sort of a 'precision strike' forensics approach because I think the days of casting wide nets and trying to get everything involved in any particular event it's just not realistic. The ability to even process that data we can store way more data than we can process. The cost of storing is way cheaper than the cost of pulling out meaningful context. I think there are going to be continued needs for innovation in that regard In whatever particular problem you're trying to solve in this space."

You can read more of Dave Merkel's observations about digital forensics in this week's Security Watch column. You can hear an interview with Dave Merkel in this week's Security Bites podcat.

 

ARTICLE DISCUSSION

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

Hot on CNET

Saving your life at speed and in style

Volvo have been responsible for some of the greatest advancements in car safety. We list off the top ways they've kept you safe today, even if you don't drive one.