Dell

1
Dells Digital Forensics Solution

• Gary ONeal
• Sales Specialist - Computer Forensics and
  Physical Security Solutions

2
Agenda

• Customer Pain Points
• Digital Forensics Business Process
• Current Way of Doing Business
• Dells Solution
• Building the Business Case
• Future Directions

3
Dell Digital Forensics Usage Models

• This one end to end solution can support each of
  the 3 use models effectively

4
The Explosion of Digital Devices
5
The Explosion of Digital Devices

• By 2013
• The average home will have 2.2 TB of new content
  (including backups)
• Total content in an average home could total
  almost 9 TB. (5 TB of this is commercial content)
• Active users of content in the home could easily
  see their storage capacity requirements double
  those of the average user.
• By 2015
• Overall consumer content, including commercial,
  personal as well as shared content could add up
  to about 760 exabytes worldwide

6
Analyst Time

• 33 time lost due to the current forensics process

7
The Digital Forensics Lifecycle
8
Front line triage solution
Lab backlogs, Constant prioritisation and
unnecessary seizures
9
Reduce workload with Triage
10
So how does it work?
Suspect Hard drive
Suspect Image
XFR running Spektor
RD1000
11
Serial Image Ingestion
The current status quo
Suspect Hard drive
Write Blocker
Forensic Workstation
Desktop NAS Storage

• Serial process, one HDD can be ingested at a time
• HDD ingestion times are getting longer

12
Parallel Image Ingestion
RD1000
Suspect Image
13
Tiered Storage Evidence
14
Current Solution
Applications designed for the desktop
Desktop Applications / Enterprise Applications
FTK 1.8
FTK 3.2
Encase 6
15
Current Solution
Applications designed for the desktop
Single Instance Applications
FTK 1.8
FTK 3.2
Encase 6
16
Current Solution
Applications designed for the desktop
Virtualization Applications
17
Current Solution
Applications designed for the desktop
Virtualization Server
18
Current Solution
Applications designed for the desktop
19
Current Solution
Applications designed for the desktop
20
Current Solution
Applications designed for the desktop
21
Centralized Case Management
Law Enforcement Viewing Team
Centralised Evidence Repository
Firewall
22
Cross Case Search Capability
Howard John Henry
Tape Archive or Virtual Tape Library
High Capacity Disk Storage (SATA)
High Performance Disk Storage (SAS / FC)
23
Cross Case Search Capability
Howard John Henry
Tape Archive or Virtual Tape Library
High Capacity Disk Storage (SATA)
High Performance Disk Storage (SAS / FC)
24
Cross Case Search Capability
Correlated Search Results
Howard John Henry
Tape Archive or Virtual Tape Library
High Capacity Disk Storage (SATA)
High Performance Disk Storage (SAS / FC)
25
Two Types of Efficiency Gains
33

• A leaner end to end process
• 10 of time spent copying hard drives for viewers
• 10 downtime due to processing capacity
• 3 delivery of hard drives for viewers
• 5 spent travelling to physical location for
  analysis
• 3 downtime for hardware issues
• 2 time for maintenance and support
• Increased analyst productivity

300
Old System Methodology
New System Methodology
26
Qualitative Benefits

• Solution Designed with the Digital Forensic
  Analyst in Mind
• Integrated supported solution from crime scene to
  court room
• Documented Process
• Full Audit Trail
• High available (Increased uptime), less
  frustration factor
• Expandable and modular (No fork lift upgrades)
• Accessibility (remote secure access)
• Long term user driven archive feature
• Multi case keyword search
• Analyst can do what their paid to do, not be IT
  support people
• Security
• Future Proof through Virtualization
• Protection against rogue code
• Disaster recovery options build in
• Integrated and supported by the two main
  forensics players
• Optional Dell 24/7 support

27

• Thank You
• Learn more about our solutions at
• www.dell.com/federal