Evidence Repositories

AIR allows you to set up various Evidence Repositories for storing and managing collected data securely. The supported repository types are:

1. SMB: Ideal for sharing files across network devices.

2. SFTP: Utilizes SSH for encrypted data transfer.

3. FTPS: Combines FTP with SSL/TLS for secure transfers.

4. Amazon S3: Provides scalable cloud-based storage, perfect for large-scale investigations.

5. Azure Blob: Microsoft's cloud object storage solution with SAS URL authentication.

6. Google Cloud Storage (GCS) (AIR 5.11+): Google's scalable cloud storage using service account authentication.

Key Features:

• Global or Organization-Level Setup: Repositories can be defined at both global and organizational levels, providing flexibility in evidence management across multiple AIR instances or within a single organization.

• Secure Data Management: Protocols like SFTP and FTPS ensure that data transfers are encrypted, safeguarding sensitive information during uploads and downloads.

• Automatic and Manual Uploads: Evidence can be automatically uploaded to repositories based on configured tasks, or users can manually upload files as needed.

• Task Management: Repositories support task scheduling for evidence uploads, ensuring a smooth workflow for collecting, storing, and analyzing evidence.

• Connection Settings: When configuring repositories, users must provide essential connection details such as credentials, encryption options, and repository paths. For cloud-based storage like Amazon S3, Azure Blob, and Google Cloud Storage, you also need to configure bucket/container settings and authentication credentials.

This setup ensures secure, scalable, and efficient management of evidence within AIR, accommodating various infrastructure needs.