How cheap storage can hide criminal activities
Advances in technology allow us to store more content, creating a nightmare for overworked online criminal investigator.
Hitachi Global Storage Technologies recently stated that advances in technology make it possible for it to predict 4 terabyte drives on desktops by 2011.That's great if you're storing media files. It's a nightmare, however, if you're a digital forensics investigator, according to Dave Merkel, vice president of products for Mandiant. He's suggesting that to contend with advances in technology online criminal investigators such as himself may have to change the way they collect and analyze data, if only to secure any hope of an eventual prosecution.
"Something that's a continuing challenge in...chasing bad guys and backtracking and what not is just being able to comb through the ridiculous volumes of information that are out there in order to find anything relevant. Whether you're trying to look at a civil matter or a criminal matter--whatever it might be--everything's got storage and there's the variety of devices that are involved with that as well.
"Look at the amount of information you can put on a little USB token these days, it's ridiculous. I think it's interesting to note the amount of difficulty that that's going to continue to pose for everyone that is involved in this particular science and then thinking a little bit about some of the areas of innovation that are going to be necessary in order to meet some of those challenges.
"There are significant hurdles that need to be crossed and I think too there's going to be a change in mind set in a couple of areas I think to date forensics in particular thinking about it in a criminal context a lot of default behavior has been copy everything, retain everything, get a hold of everything, and a single simple case, just getting all the data stored out of a single house on a simple crime, you would never analyze all of it.
"I think there might be a need for a mind shift to think more about pre-filtering and sort of a 'precision strike' forensics approach because I think the days of casting wide nets and trying to get everything involved in any particular event it's just not realistic. The ability to even process that data we can store way more data than we can process. The cost of storing is way cheaper than the cost of pulling out meaningful context. I think there are going to be continued needs for innovation in that regard In whatever particular problem you're trying to solve in this space."