I am conducting some research on some best practices and recommendations of long term storage of digital evidence. Here are some of the things I would like to get suggestions for and any reasons why you think this way.
1. What is the best storage media for digital evidence files (tape, hard disk, blue ray, dvd, etc.)?
2. Are there any environmental issues involved with the storage of digital evidence (i.e. Should you seal electronic evidence in plastic bags or paper bags, etc.)? Why?
3. Should there be any consideration of multiple solutions for various time frames? (i.e. On a disk for the first year, on tape for the remaining time (6 year retention need), etc.)?
4. Any data redundancy recommendations? (Failsafe)
Hi,
I store my data and backups on hard drives, not in a RAID, just plain old hard drives. All of my drives are in static bags and in a lockbox which goes into a safe (I've found that this cuts down on moisture)
After acquiring a drive in the field, I bring it back to the office and acquire the case files to another drive with best compression. On a typical 300GB drive I have found I can store a bunch of cases as opposed just putting the cases on a drive without compression. While I have the compressed cases on one drive, I keep the original drive acquired in the field until the case is over with and every appeal has been exhausted.
I know that this seems like a bunch of drives and it is, but with all the sales going on you can get large capacity drives for pretty cheap.
That's my .02
We have been using UDO for 2 years for long term retention. Having done a lot of research, anything magnetic (tapes) or mechanical(hard drives) or purely optical (DVD's) was simply not reliable enough after a few years in store. I asked major broadcasting companies what their achive policy was. Where they used tape, they made at least 3 copies to ensure recovery after a period of time.
I would highly recommend UDO disks
http//
Just this week one of the trade journals came out with an article concerning long term storage of magnetic media. By far tape media was the economic choice with capacities in the 200-400gb range. Now that AIT5 is available we should see 400-800+gb capacity tapes.
The only problem with tapes is the reliability issue; improper envirnomental storage, tape drive shewing and physical anomalies cause recovery failures. 75% of major IT data center managers reported recovery failures.
However, I still do not think that the industry will flock to optical storage until the economics become more reasonable.
I believe the real question will be, "How valuable is the data?" Given the cost's of media - optical would be almost 15 times as expensive as tape in uncompressed mode and roughly 30-50 times in compressed mode 30gb disk for $53 and 400gb-1040gb AIT-5 tape for 57$ - with no possibility of reuse.
Currently, I'm using DVD's, HDD's and DLT tape. I do not have any permnament long term storage requirements. However, I'm planning on purchaesing at least one AIT-4 drive next year. If its a good year I will buy two.
Hope this helps!
Thank you so far for all your responses. I am getting closer to coming to a solution. I appreciate all your comments.
I am conducting some research on some best practices and recommendations of long term storage of digital evidence. Here are some of the things I would like to get suggestions for and any reasons why you think this way.
1. What is the best storage media for digital evidence files (tape, hard disk, blue ray, dvd, etc.)?
2. Are there any environmental issues involved with the storage of digital evidence (i.e. Should you seal electronic evidence in plastic bags or paper bags, etc.)? Why?
3. Should there be any consideration of multiple solutions for various time frames? (i.e. On a disk for the first year, on tape for the remaining time (6 year retention need), etc.)?
4. Any data redundancy recommendations? (Failsafe)
To answer your questions based on my experience..
1) A combination is required to effectively store it. I tend to use optical and magnetic media. 2 disks and a set of dvd's.
2) Yes, the coating on optical media can degrade. Moisture can be a problem, shock can be an issue for magnetic media. I seal evidence in a 3-mil anti-static bag, inside of a 4-mil security evidence bag, sealed with security tape, in a safe.
3) Media rotation is tricky. You typically don't want to handle the evidence unless absolutely required.
4) I know some places have purchased SAN's for their forensic networks and store their evidence in digital format on them. While working on a case, my workstation contains copies of the images on my RAID-5, which lives in a locked case, which lives in a locked server rack, which lives in a locked office.
Hope that Helps.