RAID (Redundant Array of Inexpensive Disks) is the technology that is used for enhancing the reliability or performance of data storage. The RAID storage system consists of two or more drives that work in parallel. These drives can be hard discs. However, people also use the technology for Solid States Drives (SSD). This article will discuss RAID in more detail, along with the different RAID levels and how it can help in digital forensic investigations.
What Is RAID?
As discussed previously, RAID stands for Redundant Array of Inexpensive Disks. It means that RAID is a way for putting together multiple disks logically into a single array. The idea to put multiple disks together is to make them work as one to achieve higher speed and reliability which is generally offered by expensive types of disks. Being said that, the exact type of reliability and speed that you will achieve will be dependent on the type of RAID that you are using. The following are the different levels of RAID.
Popular RAID Levels
1. RAID Level 0 – Striping
In the Level 0 RAID storage system, the data is split up into several different blocks and is then written across every drive in the array. With the use of multiple disks at the same time, it provides users with superior input-output performance. Being said that, RAID Level 0 offers higher performance in both read and write operations. Moreover, it allows for using all storage capacity.
Ideally, RAID Level 0 is used for non-critical data storage which has to be read/written at a high speed. For instance, image retouching and video editing station.
2. RAID Level 1 – Mirroring
In the Level 1 RAID storage system, the data is stored twice by writing it on the data drive as well as on the mirror drive. Therefore, when the drive fails, computer forensics personnel can use either the mirror drive or the data drive to recover data. Being said that, RAID Level 1 provides an excellent read and write speed which is also comparable to the single drive.
Ideally, RAID Level 1 is used for mission-critical data storage. For instance, accounting systems.
3. RAID Level 5
The Level 5 RAID storage system is the most secure and common RAID level. It requires a minimum of 3 drives, but can also work up to 16. Being said that, data blocks are striped across different drives and on one of the drives, the parity checksum of all block data is written. Even when the drive fails, computer forensics personnel can access all the data. Such is the advantage of RAID Level 5.
Being said that, RAID Level 5 is the perfect RAID storage system that combines efficient storage with great performance and security.
4. RAID Level 10
RAID Level 10 is the combination of RAID Level 1 and RAID Level 0. It is a nested RAID storage system that offers the advantages of both RAID Level 1 and Level 0. For instance, it provides higher security by mirroring the data on secondary drives, while stripping across a different set of drives for higher data transfer speed.
Another advantage of RAID Level 10 is that, if something goes wrong, the rebuild time is very fast. This is because the computer forensics personnel only have to copy the data from the surviving mirror to the new drive.
How Can RAID Help In Digital Forensic Investigations?
Because of their ability to store a large volume of data, computer forensics personnel can use RAID disks to gather evidence during their investigation. Through the use of different digital forensics tools, computer forensics investigators can acquire the disk image and then evaluate the data storage.
0 comments:
Post a Comment