Manualshelf

Solution Guide

ManualsBrandsDell ManualsSoftwareDell Digital Forensics Solution
11121314151617181920
10 Introduction
Ingest
Ingest is the stage of the digital forensics process in which the target data is
imaged (unless it has been imaged in the field as part of the Triage stage), and an
exact copy of the suspect storage device is created in such a way that the
integrity of the duplicate can be assured by comparing hashes of both the
original and duplicate data drives.
In common with existing practices, suspect data is imaged in the Dell Digital
Forensics Solution. Instead of imaging data onto a single workstation, however,
the imaged data is ingested into a central evidence repository. By ingesting data
immediately into the datacenter, data is available to multiple analysts, transfer
from one device to another is minimized, and productivity and efficiency is
dramatically improved. Ingestion can, however, take place in the field if the
target storage capacity is small enough. The Dell Digital Forensics Solution
provides onsite ingestion through the use of an optional SPEKTOR Imager
module.
Store
The Dell Digital Forensics Solution provides a wide range of possible storage
and network access options to suit the individual customer. High-speed storage
and retrieval across an enterprise-level network environment allow for a
multiuser configuration that increases efficiency and productivity. Analysts will
no longer have to allocate their individual computing assets to complete
evidence analysis, as all this will happen on the server dedicated for that
purpose.
Analyze
The parallel processing capability provided by the Dell Digital Forensics
Solution allows the analyst to index and triage data on high-performance servers
rather than on far less powerful individual PCs. Additionally, multiple analyst
sessions may be run concurrently on single or multiple workstations using the
back-end configurations that comprise the Solution. This capability helps
protect both system and evidence integrity, helps prevent the need for
workstation rebuilds if malicious code is mistakenly executed, helps preserve
chain of custody, and obviates the need for analyst workstation rebuilds when
moving from one case to the next. In the Digital Forensics environment, Chain