1 hour 4 minutes
in this lesson, we'll talk about different methods of data storage, including forensic system, internal storage network, attached storage or nous
cloud storage. And we'll also talk about encryption of physical storage media.
What is the best physical medium for case data and evidence storage?
It depends. Internal storage network, attached storage and cloud services are all viable options for different use cases.
Clearly, the a number of options When it comes to physical storage of case data,
we can use storage, which is internal to the system or systems on which we are performing the investigation.
We can opt for network attached storage either a small self contained unit or a rack mounted device, depending on our requirements, or we can use a cloud vendor or service.
The option, which is best for one team, may not be great for another.
Using the internal storage of a forensic system works well for individual investigators.
But once two or more people are working on a case, it can become difficult to share information and case work.
That being said, there are situations where internal storage is the best solution, as this can result in greater speed than network storage,
it may be the case that one use case will work for some investigations or parts of an investigation,
but that may not always be true.
Network attached storage can be better in a number of ways.
Capacity is likely far greater than internal storage or hard drives.
Technologies such as raid is more likely to be able to be deployed. Increasing speed in some cases and providing protection from one or multiple drive failure
and storing case data on a network location allows for much easier shared workloads and shared processing.
However, there may be a speed penalty, depending on the size of the evidence being collected or processed, and other variables like the speed of the network. 10 gigabit Ethernet will obviously be preferable over one gigabit ethernet or WiFi,
but this is often expensive to achieve.
Cloud storage is very interesting. As an option for enterprise security cases.
There are concerns, particularly related to security of case data when stored offsite on hardware owned by 1/3 party,
especially when Internet connected.
However, if the right mitigating controls can be enforced and defence in depth can be insured on your cloud infrastructure, it may be possible, and even preferred to implement a cloud storage solution.
The elastic nature of cloud services and the ability to scale up and scale down as required, can be very attractive and make the infrastructure very affordable.
The last thing to cover in this video is encrypting data at rest.
Regardless of where the case data and evidence are stored, you should consider encrypting the data.
Encryption mitigates the risk of data loss or theft in the event that a laptop hard drive go missing.
If a forensic image is saved on an external disk, for example, and someone leaves the hard drive in the back of a taxi, at least it has full disk encryption. The data is safely stored,
whereas with no encryption, the data would be world readable, which is a very bad situation in which to find yourself
which type of physical storage is usually fastest.
Most often it is internal storage, but depending on the configuration oven as device, a raid array might warrant consideration.
In this lesson, we covered different methods of data storage, including forensic system, internal storage
network, attached storage
and cloud storage.
We also coming encryption of physical storage, media
Enterprise Security Case Management
In this online course about Enterprise Security Case Management, you will learn about tools and techniques which help cybersecurity practitioners manage evidence and related case data to preserve their integrity.