dell digital forensics solution
DESCRIPTION
July 2009 - This week Dell launched a new Digital Forensics Solution. The presentation was given at the ACPO-APA International Policing Exhibition and Summer Conference in Manchester. Blog - http://en.community.dell.com/blogs/direct2dell/archive/2009/07/06/dell-unveils-its-digital-forensics-solution.aspx Photos - http://www.flickr.com/photos/dellphotos/sets/72157621164484426/TRANSCRIPT
![Page 1: Dell Digital Forensics Solution](https://reader033.vdocuments.site/reader033/viewer/2022061207/548457a1b4af9fbb788b45ed/html5/thumbnails/1.jpg)
Clearing the Digital Forensics Backlog
ACPO, Manchester July 8th / 9th 2009
![Page 2: Dell Digital Forensics Solution](https://reader033.vdocuments.site/reader033/viewer/2022061207/548457a1b4af9fbb788b45ed/html5/thumbnails/2.jpg)
STENOGRAPHY VS. STEGANOGRAPHY
Stenography Steganography
![Page 3: Dell Digital Forensics Solution](https://reader033.vdocuments.site/reader033/viewer/2022061207/548457a1b4af9fbb788b45ed/html5/thumbnails/3.jpg)
Digital Forensics is the acquiring and scientific examination and analysis of data
retrieved from computer or other digital devices (mobile phones, games consoles, memory sticks etc) in such a way that the information can be used in a court of law.
Forensic Experts
Court Presentation
WHAT IS DIGITAL FORENSICS?
Analysis
Archiving
Devices & Data
Police
![Page 4: Dell Digital Forensics Solution](https://reader033.vdocuments.site/reader033/viewer/2022061207/548457a1b4af9fbb788b45ed/html5/thumbnails/4.jpg)
ALL CRIME BECOMING eCRIME
“27 Gigabytes of data if printed would create a stack of A4 paper 920 metres high”. ACPO Good Practice Guide for Computer-Based
Electronic Evidence
![Page 5: Dell Digital Forensics Solution](https://reader033.vdocuments.site/reader033/viewer/2022061207/548457a1b4af9fbb788b45ed/html5/thumbnails/5.jpg)
“we’re going to need a bigger boat”
CHIEF BRODYaka Roy Scheider
![Page 6: Dell Digital Forensics Solution](https://reader033.vdocuments.site/reader033/viewer/2022061207/548457a1b4af9fbb788b45ed/html5/thumbnails/6.jpg)
DELL’S FORENSIC LIFECYCLE
Integrity
Assists in preserving the digital Chain of Custody
Integrity
Assists in preserving the digital Chain of Custody
Availability
Maximises forensics
productivity and efficiency
Availability
Maximises forensics
productivity and efficiency
Confidentiality
Helps prevent disclosure or leakage of
information
Confidentiality
Helps prevent disclosure or leakage of
information
Ingest - Once cloned, suspect data is ingested directly onto a
central evidence repository instead of onto a workstation.
Optionally the solution allows for multiple devices to be ingested
simultaneously.
1
Store - Copying data direct to high speed storage helps enable seamless data exchange between servers and storage improving productivity.
2
Archive & Search - industry standard BURA options help to preserve the digital chain of custody and securely exchange data and cooperate in a crisis.
5
Analyse - Multiple analyst sessions can be run concurrently on single or multiple client devices resulting in further increased productivity.
3
Present – The solution allows for scalable numbers of on-site or remote viewing teams to be securely granted access to the case data – 24/7/365.
4
Shared Access To DigitalEvidence
24/7/365 - 5*9’s
Secure execution of
malicious code
Onsite or Remote, Secure
Collaboration& Access Interoperability
&Scalability
Formalised BURA & Search
of Suspect Data
![Page 7: Dell Digital Forensics Solution](https://reader033.vdocuments.site/reader033/viewer/2022061207/548457a1b4af9fbb788b45ed/html5/thumbnails/7.jpg)
Ingestion•Ingest Across Multiple Devices•Data Copied to Datacentre•Separates Applications From Database•Forensic Time Focused on Analysis
Storage•Minimal Latency On Huge Datasets•Enables Availability & Simultaneous
Access to Multiple Analysts •Helps Preserve Confidentiality
INGESTION & STORAGE
![Page 8: Dell Digital Forensics Solution](https://reader033.vdocuments.site/reader033/viewer/2022061207/548457a1b4af9fbb788b45ed/html5/thumbnails/8.jpg)
INDEXING & ANALYSIS
Time
# P
roce
sso
rs
• Drastically reduced processing times to find and present digital evidence
• Multiple or remote based viewing teams can concurrently access the same case data 24/7/365
![Page 9: Dell Digital Forensics Solution](https://reader033.vdocuments.site/reader033/viewer/2022061207/548457a1b4af9fbb788b45ed/html5/thumbnails/9.jpg)
ARCHIVE & SEARCH
9
• Retention and recovery helps prevent against accidental loss or deletion of digital evidence helping to preserve the chain of custody
• Older less frequently used data can be moved to secondary storage as part of formal BURA or Disaster Recovery strategy
• Helps free up space on servers and reduce overall storage requirements but retains the option of searching and correlating information across previously unrelated case histories
• Balances storage requirements against legal and policy requirements and risk of non compliance and helps enables controlled deletion of expired data and evidence
![Page 10: Dell Digital Forensics Solution](https://reader033.vdocuments.site/reader033/viewer/2022061207/548457a1b4af9fbb788b45ed/html5/thumbnails/10.jpg)
DEMO
10
![Page 11: Dell Digital Forensics Solution](https://reader033.vdocuments.site/reader033/viewer/2022061207/548457a1b4af9fbb788b45ed/html5/thumbnails/11.jpg)
Tape
High CapacityDisk
High PerformanceDisk
Analyst Workstations
ProcessingOn-line Archive
Off-line Archive
EvidenceStorage
IntegrityServices
CaseManagement
ConfidentialityServices
AvailabilityApplication
Virtualisation
Digitalstoragedevice
Input
Output
ReviewingStations
Storage
Storage
Storage
DELL’S FORENSIC SOLUTION
![Page 12: Dell Digital Forensics Solution](https://reader033.vdocuments.site/reader033/viewer/2022061207/548457a1b4af9fbb788b45ed/html5/thumbnails/12.jpg)
DELL DIGITAL FORENSICS BENEFITS
Challenges Dell Benefits
• Access to expertise ,resources and increasing volume of suspect data
• Simplifies digital forensics lifecycle offering dramatic increase in productivity
Adhoc approach to backing up data. Risks from media malfunction.
• BURA and DR options help secure chain of custody / information sharing
Physical limitations of access to data. Investigators have to be at the lab.
• Secure access to either local or remote expertise and analysis
Expensive forensic time distracted by having to manage technology
• Focuses expertise on suspect data instead of becoming a PC Support Eng.
IT approach focused on single or multiple PC infrastructure
• Simplifies and standardises forensics IT infrastructure and processes
Risks to analyst productivity and contamination to evidence
• Malicious code ring-fenced protecting system integrity and evidence
![Page 13: Dell Digital Forensics Solution](https://reader033.vdocuments.site/reader033/viewer/2022061207/548457a1b4af9fbb788b45ed/html5/thumbnails/13.jpg)
FORENSICS BLUEPRINT
![Page 14: Dell Digital Forensics Solution](https://reader033.vdocuments.site/reader033/viewer/2022061207/548457a1b4af9fbb788b45ed/html5/thumbnails/14.jpg)
SUMMARY All crime is becoming eCrime
Consumer electronics knowingly or involuntarily leaves a digital trail in a pervasive digital society
Digital evidence will become as important to policing as DNA & fingerprints
This has created a crisis of complexity Police and security agencies are challenged to
respond (technology “arms race”) “We’re going to need a bigger boat”
Dell can help Dell’s approach increases the opportunity for
collaboration, helps increase productivity and secures convictions and helps preserve the “Digital Chain of Custody”