The Information Security team at Microsoft uses an internal tool called Information Security Consolidated Event Management (ICE 3.0) to gather forensic data from more than 85 proxy servers around the world. Powered by SQL Server 2005, the 27 TB data management system collects different types of global evidence, such as inbound and outbound e-mail traffic, Login events, and Web browsing, into a single database. ICE 3.0 provides rapid security analysis and queries, robust proxy performance analysis, and extensive troubleshooting functionality. Table level partitions allow event processing and database loading, without affecting the ongoing query activities and analysis work of security forensics engineers. Storage Area Networking (SANs) manage enterprise storage for ICE 3.0, and the service maintains an uptime of 99.9%. A controller application dynamically launches multiple instances of SQL Server Integration Services (SSIS), which seamlessly respond to changes in the volume of incoming evidence. The tool was redesigned in 2006 using SQL Server 2005. The SQL upgrade enhanced the data feed process, query response time, expanded the data retention period, and reduced manual data loading and data validations.