Clearing the Digital Forensics BacklogACPO, Manchester July 8th / 9th 2009

Stenography vs. SteganographySteganographyStenography

Digital Forensics is the acquiring and scientific examination and analysis of data retrieved from computer or other digital devices (mobile phones, games consoles, memory sticks etc) in such a way that the information can be used in a court of law.Court PresentationForensic ExpertsWhat is Digital Forensics?PoliceDevices & DataAnalysisArchiving

All Crime becoming eCrime“27 Gigabytes of data if printed would create a stack of A4 paper 920 metres high”. ACPO Good Practice Guide for Computer-Based Electronic Evidence

Chief brodyaka Roy Scheider“we’re going to need a bigger boat”

Ingest- Once cloned, suspect data is ingested directly onto a central evidence repository instead of onto a workstation. Optionally the solution allows for multiple devices to be ingested simultaneously.1IntegrityAssists in preserving the digital Chain of CustodyConfidentialityHelps prevent disclosure or leakage of information Store- Copying data direct to high speed storage helps enable seamless data exchange between servers and storage improving productivity. Analyse - Multiple analyst sessions can be run concurrently on single or multiple client devices resulting in further increased productivity. Present – The solution allows for scalable numbers of on-site or remote viewing teams to be securely granted access to the case data – 24/7/365.234Formalised BURA & Searchof Suspect Data Shared Access To DigitalEvidence24/7/365 - 5*9’sAvailabilityMaximises forensics productivity and efficiencyArchive & Search - industry standard BURA options help to preserve the digital chain of custody and securely exchange data and cooperate in a crisis.5Onsite or Remote, Secure Collaboration& AccessSecure execution of malicious codeInteroperability&ScalabilityDell’s Forensic Lifecycle

IngestionIngest Across Multiple DevicesData Copied to DatacentreSeparates Applications From DatabaseForensic Time Focused on AnalysisStorageMinimal Latency On Huge DatasetsEnables Availability & Simultaneous Access to Multiple Analysts Helps Preserve ConfidentialityIngestion & Storage

Ingest Across Multiple Devices

Data Copied to Datacentre

Separates Applications From Database

Forensic Time Focused on Analysis

Minimal Latency On Huge Datasets

Enables Availability & Simultaneous

Helps Preserve Confidentiality

Indexing & analysisDrastically reduced processing times to find and present digital evidenceMultiple or remote based viewing teams can concurrently access the same case data 24/7/365# ProcessorsTime

Drastically reduced processing times to find and present digital evidence

Multiple or remote based viewing teams can concurrently access the same case data 24/7/365

Archive & Search9Retention and recovery helps prevent against accidental loss or deletion of digital evidence helping to preserve the chain of custodyOlder less frequently used data can be moved to secondary storage as part of formal BURA or Disaster Recovery strategyHelps free up space on servers and reduce overall storage requirements but retains the option of searching and correlating information across previously unrelated case histories Balances storage requirements against legal and policy requirements and risk of non compliance and helps enables controlled deletion of expired data and evidence

Retention and recovery helps prevent against accidental loss or deletion of digital evidence helping to preserve the chain of custody

Older less frequently used data can be moved to secondary storage as part of formal BURA or Disaster Recovery strategy

Helps free up space on servers and reduce overall storage requirements but retains the option of searching and correlating information across previously unrelated case histories

Balances storage requirements against legal and policy requirements and risk of non compliance and helps enables controlled deletion of expired data and evidence

DEMO10

Dell’s Forensic solutionOff-line ArchiveOn-line ArchiveProcessingStorageStorageStorageOutputHigh CapacityDiskHigh PerformanceDiskTapeInputEvidenceStorageApplicationVirtualisationIntegrityServicesAvailabilityDigitalstoragedeviceCaseManagementConfidentialityServicesReviewingStationsAnalyst Workstations 11

Access to expertise ,resources and increasing volume of suspect dataSimplifies digital forensics lifecycle offering dramatic increase in productivityRisks to analyst productivity and contamination to evidence Adhoc approach to backing up data. Risks from media malfunction.BURA and DR options help secure chain of custody / information sharingExpensive forensic time distracted by having to manage technologyIT approach focused on single or multiple PC infrastructure Physical limitations of access to data. Investigators have to be at the lab.Focuses expertise on suspect data instead of becoming a PC Support Eng. Simplifies and standardises forensics IT infrastructure and processesSecure access to either local or remote expertise and analysisDell Digital Forensics benefitsChallengesDell BenefitsMalicious code ring-fenced protecting system integrity and evidence

Access to expertise ,resources and increasing volume of suspect data

Simplifies digital forensics lifecycle offering dramatic increase in productivity

Risks to analyst productivity and contamination to evidence

Adhoc approach to backing up data. Risks from media malfunction.

BURA and DR options help secure chain of custody / information sharing

Expensive forensic time distracted by having to manage technology

IT approach focused on single or multiple PC infrastructure

Physical limitations of access to data. Investigators have to be at the lab.

Focuses expertise on suspect data instead of becoming a PC Support Eng.

Simplifies and standardises forensics IT infrastructure and processes

Secure access to either local or remote expertise and analysis

Malicious code ring-fenced protecting system integrity and evidence

Forensics Blueprint

summaryAll crime is becoming eCrimeConsumer electronics knowingly or involuntarily leaves a digital trail in a pervasive digital societyDigital evidence will become as important to policing as DNA & fingerprintsThis has created a crisis of complexityPolice and security agencies are challenged to respond (technology “arms race”) “We’re going to need a bigger boat”Dell can helpDell’s approach increases the opportunity for collaboration, helps increase productivity and secures convictions and helps preserve the “Digital Chain of Custody”

All crime is becoming eCrime

Consumer electronics knowingly or involuntarily leaves a digital trail in a pervasive digital society

Digital evidence will become as important to policing as DNA & fingerprints

This has created a crisis of complexity

Police and security agencies are challenged to respond (technology “arms race”)

“We’re going to need a bigger boat”

Dell can help

Dell’s approach increases the opportunity for collaboration, helps increase productivity and secures convictions and helps preserve the “Digital Chain of Custody”

THANK YOUFor further information please visit us on Stand F21 or email ben_chapman@dell.com