There’s No Such Thing As Big Data


by Paul Slater | Nuix


Today, “Big Data” is everywhere. All over the media and the internet, you’ll see headline-grabbing statistics and all sorts of people offering opinions and solutions. But I’d like to take a step back from the edge and ask an obvious question: Why does Big Data affect me?


Obviously, there’s the alarming rate at which our multi-device, internet-connected, social media-driven world generates data.


One of my favorite websites demonstrates this in ‘real-time.’ But beyond this, organizations are retaining unstructured data in huge volumes, often without consideration for why they keep it, for how long, and even without understanding if they can.


This can cause serious headaches down the track, especially when they must respond to disclosure, civil litigation, Freedom of Information requests, regulatory enquiries, or criminal investigations.DATA GROWTH IS UNSTOPPABLE

In my area of expertise, computer forensics (or digital forensics as it has become known) investigators have worried for many years about growing data volumes. I remember in the late 1990s standing in awe at an 850-megabyte hard drive (yes, ‘Mega,’ not ‘Giga’) and wondering how on earth we would handle it (which we did, by the way).

To put that in context, it’s about one-fortieth the data contained in an entry-level iPhone or average-sized USB stick. Today I’m sure investigators are having similar conversations when a laptop costing a few hundred pounds contains a two-terabyte drive.

But what’s important here is not the capacity of storage media. It’s how much data they contain. The number and variety of user-generated files, emails, logs, messages, documents, and (social) media content are stretching most forensic tools to their breaking point.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


Even though this ever-increasing volume of data is not unexpected—in fact, Intel’s Gordon Moore predicted in the late 1960s that it would be an integral part of computing—many forensic tools have not evolved beyond their originally designed purpose to deal with a handful of digital devices and evidence files.

These tools still have a vital function. For some investigators, being able to decode the binary content of a recovered file could provide a much-needed breakthrough in a complex investigation. But in many cases, it’s now more important to be able to take a holistic view of the complete data set in order to establish connections between people, objects, locations, and events to show attribution and association.

It’s still common in many investigative organizations for one department to analyze mobile devices and another to look at computers and external media. This issue is compounded when each device is then analyzed individually. It’s inefficient, but more worryingly it means investigations could miss or overlook vital links within the data. What’s required is a “single pane of glass” through which investigators can see the whole picture.

A SINGLE PANE OF GLASS FOR INVESTIGATION

A couple months ago, we released Nuix 8 and launched Nuix Investigate, which bring to market enhanced digital forensic processing and collaborative review capability. Together, they allow digital forensic practitioners and case investigators to work even closer together building on our ‘single pane of glass approach’ to digital investigations and enable investigators to establish a case position sooner and identify the most influential suspects.

Improved investigation workflows and canvas-driven analytics in the software enable you to see who is talking to whom, what about, and how often—across many communication channels.

Nuix Investigate also gives investigators a collaborative environment to share, search, and analyze case data from a web browser—at any time and from (almost) anywhere. Our powerful visualizations show at a glance who the key players are and what they’re up to, so investigators can make faster and better-informed decisions.

Investigators need to join the dots to see how all the devices – and more importantly their owners – connect.

So what does Big Data mean to Nuix customers? Even as the volume and complexity of data increase within digital investigations, you will still be able to get to the truth, quickly and efficiently.

Big Data? Nah, just small tools.

Learn more about handling big data with Nuix.

Leave a Comment