Clearing the Digital Forensics Backlog ACPO, Manchester July 8 th / 9 th 2009
Dec 07, 2014
Clearing the Digital Forensics Backlog
ACPO, Manchester July 8th / 9th 2009
STENOGRAPHY VS. STEGANOGRAPHY
Stenography Steganography
Digital Forensics is the acquiring and scientific examination and analysis of data
retrieved from computer or other digital devices (mobile phones, games consoles, memory sticks etc) in such a way that the information can be used in a court of law.
Forensic Experts
Court Presentation
WHAT IS DIGITAL FORENSICS?
Analysis
Archiving
Devices & Data
Police
ALL CRIME BECOMING eCRIME
“27 Gigabytes of data if printed would create a stack of A4 paper 920 metres high”. ACPO Good Practice Guide for Computer-Based
Electronic Evidence
“we’re going to need a bigger boat”
CHIEF BRODYaka Roy Scheider
DELL’S FORENSIC LIFECYCLE
Integrity
Assists in preserving the digital Chain of Custody
Integrity
Assists in preserving the digital Chain of Custody
Availability
Maximises forensics
productivity and efficiency
Availability
Maximises forensics
productivity and efficiency
Confidentiality
Helps prevent disclosure or leakage of
information
Confidentiality
Helps prevent disclosure or leakage of
information
Ingest - Once cloned, suspect data is ingested directly onto a
central evidence repository instead of onto a workstation.
Optionally the solution allows for multiple devices to be ingested
simultaneously.
1
Store - Copying data direct to high speed storage helps enable seamless data exchange between servers and storage improving productivity.
2
Archive & Search - industry standard BURA options help to preserve the digital chain of custody and securely exchange data and cooperate in a crisis.
5
Analyse - Multiple analyst sessions can be run concurrently on single or multiple client devices resulting in further increased productivity.
3
Present – The solution allows for scalable numbers of on-site or remote viewing teams to be securely granted access to the case data – 24/7/365.
4
Shared Access To DigitalEvidence
24/7/365 - 5*9’s
Secure execution of
malicious code
Onsite or Remote, Secure
Collaboration& Access Interoperability
&Scalability
Formalised BURA & Search
of Suspect Data
Ingestion•Ingest Across Multiple Devices•Data Copied to Datacentre•Separates Applications From Database•Forensic Time Focused on Analysis
Storage•Minimal Latency On Huge Datasets•Enables Availability & Simultaneous
Access to Multiple Analysts •Helps Preserve Confidentiality
INGESTION & STORAGE
INDEXING & ANALYSIS
Time
# P
roce
sso
rs
• Drastically reduced processing times to find and present digital evidence
• Multiple or remote based viewing teams can concurrently access the same case data 24/7/365
ARCHIVE & SEARCH
9
• Retention and recovery helps prevent against accidental loss or deletion of digital evidence helping to preserve the chain of custody
• Older less frequently used data can be moved to secondary storage as part of formal BURA or Disaster Recovery strategy
• Helps free up space on servers and reduce overall storage requirements but retains the option of searching and correlating information across previously unrelated case histories
• Balances storage requirements against legal and policy requirements and risk of non compliance and helps enables controlled deletion of expired data and evidence
DEMO
10
Tape
High CapacityDisk
High PerformanceDisk
Analyst Workstations
ProcessingOn-line Archive
Off-line Archive
EvidenceStorage
IntegrityServices
CaseManagement
ConfidentialityServices
AvailabilityApplication
Virtualisation
Digitalstoragedevice
Input
Output
ReviewingStations
Storage
Storage
Storage
DELL’S FORENSIC SOLUTION
DELL DIGITAL FORENSICS BENEFITS
Challenges Dell Benefits
• Access to expertise ,resources and increasing volume of suspect data
• Simplifies digital forensics lifecycle offering dramatic increase in productivity
Adhoc approach to backing up data. Risks from media malfunction.
• BURA and DR options help secure chain of custody / information sharing
Physical limitations of access to data. Investigators have to be at the lab.
• Secure access to either local or remote expertise and analysis
Expensive forensic time distracted by having to manage technology
• Focuses expertise on suspect data instead of becoming a PC Support Eng.
IT approach focused on single or multiple PC infrastructure
• Simplifies and standardises forensics IT infrastructure and processes
Risks to analyst productivity and contamination to evidence
• Malicious code ring-fenced protecting system integrity and evidence
FORENSICS BLUEPRINT
SUMMARY All crime is becoming eCrime
Consumer electronics knowingly or involuntarily leaves a digital trail in a pervasive digital society
Digital evidence will become as important to policing as DNA & fingerprints
This has created a crisis of complexity Police and security agencies are challenged to
respond (technology “arms race”) “We’re going to need a bigger boat”
Dell can help Dell’s approach increases the opportunity for
collaboration, helps increase productivity and secures convictions and helps preserve the “Digital Chain of Custody”
THANK YOU
For further information please visit us on Stand F21 or email [email protected]