Dell Digital Forensics Solution

Clearing the Digital Forensics Backlog

ACPO, Manchester July 8th / 9th 2009

STENOGRAPHY VS. STEGANOGRAPHY

Stenography Steganography

Digital Forensics is the acquiring and scientific examination and analysis of data

retrieved from computer or other digital devices (mobile phones, games consoles, memory sticks etc) in such a way that the information can be used in a court of law.

Forensic Experts

Court Presentation

WHAT IS DIGITAL FORENSICS?

Analysis

Archiving

Devices & Data

Police

ALL CRIME BECOMING eCRIME

“27 Gigabytes of data if printed would create a stack of A4 paper 920 metres high”. ACPO Good Practice Guide for Computer-Based

Electronic Evidence

“we’re going to need a bigger boat”

CHIEF BRODYaka Roy Scheider

DELL’S FORENSIC LIFECYCLE

Integrity

Assists in preserving the digital Chain of Custody

Integrity

Assists in preserving the digital Chain of Custody

Availability

Maximises forensics

productivity and efficiency

Availability

Maximises forensics

productivity and efficiency

Confidentiality

Helps prevent disclosure or leakage of

information

Confidentiality

Helps prevent disclosure or leakage of

information

Ingest - Once cloned, suspect data is ingested directly onto a

central evidence repository instead of onto a workstation.

Optionally the solution allows for multiple devices to be ingested

simultaneously.

1

Store - Copying data direct to high speed storage helps enable seamless data exchange between servers and storage improving productivity.

2

Archive & Search - industry standard BURA options help to preserve the digital chain of custody and securely exchange data and cooperate in a crisis.

5

Analyse - Multiple analyst sessions can be run concurrently on single or multiple client devices resulting in further increased productivity.

3

Present – The solution allows for scalable numbers of on-site or remote viewing teams to be securely granted access to the case data – 24/7/365.

4

Shared Access To DigitalEvidence

24/7/365 - 5*9’s

Secure execution of

malicious code

Onsite or Remote, Secure

Collaboration& Access Interoperability

&Scalability

Formalised BURA & Search

of Suspect Data

Ingestion•Ingest Across Multiple Devices•Data Copied to Datacentre•Separates Applications From Database•Forensic Time Focused on Analysis

Storage•Minimal Latency On Huge Datasets•Enables Availability & Simultaneous

Access to Multiple Analysts •Helps Preserve Confidentiality

INGESTION & STORAGE

INDEXING & ANALYSIS

Time

# P

roce

sso

rs

• Drastically reduced processing times to find and present digital evidence

• Multiple or remote based viewing teams can concurrently access the same case data 24/7/365

ARCHIVE & SEARCH

9

• Retention and recovery helps prevent against accidental loss or deletion of digital evidence helping to preserve the chain of custody

• Older less frequently used data can be moved to secondary storage as part of formal BURA or Disaster Recovery strategy

• Helps free up space on servers and reduce overall storage requirements but retains the option of searching and correlating information across previously unrelated case histories

• Balances storage requirements against legal and policy requirements and risk of non compliance and helps enables controlled deletion of expired data and evidence

DEMO

10

Tape

High CapacityDisk

High PerformanceDisk

Analyst Workstations

ProcessingOn-line Archive

Off-line Archive

EvidenceStorage

IntegrityServices

CaseManagement

ConfidentialityServices

AvailabilityApplication

Virtualisation

Digitalstoragedevice

Input

Output

ReviewingStations

Storage

Storage

Storage

DELL’S FORENSIC SOLUTION

DELL DIGITAL FORENSICS BENEFITS

Challenges Dell Benefits

• Access to expertise ,resources and increasing volume of suspect data

• Simplifies digital forensics lifecycle offering dramatic increase in productivity

Adhoc approach to backing up data. Risks from media malfunction.

• BURA and DR options help secure chain of custody / information sharing

Physical limitations of access to data. Investigators have to be at the lab.

• Secure access to either local or remote expertise and analysis

Expensive forensic time distracted by having to manage technology

• Focuses expertise on suspect data instead of becoming a PC Support Eng.

IT approach focused on single or multiple PC infrastructure

• Simplifies and standardises forensics IT infrastructure and processes

Risks to analyst productivity and contamination to evidence

• Malicious code ring-fenced protecting system integrity and evidence

FORENSICS BLUEPRINT

SUMMARY All crime is becoming eCrime

Consumer electronics knowingly or involuntarily leaves a digital trail in a pervasive digital society

Digital evidence will become as important to policing as DNA & fingerprints

This has created a crisis of complexity Police and security agencies are challenged to

respond (technology “arms race”) “We’re going to need a bigger boat”

Dell can help Dell’s approach increases the opportunity for

collaboration, helps increase productivity and secures convictions and helps preserve the “Digital Chain of Custody”

THANK YOU

For further information please visit us on Stand F21 or email [email protected]