Solution Guide
Store 63
Store
The traditional approach to digital evidence storage starts with investigators
working independently on individual workstations in a multiple-silo
configuration. The evidence file is stored, more or less insecurely, on the
workstation or transferred from a storage server to the workstation on a daily
basis, burdening the network with the continual transfer of very large files. The
structure fails to take advantage of the speed of distributed processing,
economies of scale, and substantial cost savings that an enterprise-level parallel
processing and tiered-storage architecture has to offer. Additionally, within this
configuration, it is difficult at best to efficiently share data or collaborate with
internal and external teams, to ensure regular and reliable evidence data
backups, to audit file changes, and most importantly, to ensure file integrity and
security.
Efficiency
The Dell Digital Forensics Solution can adapt to many different IT
configurations. The closer the configuration is to a true enterprise-level
design—comprised of workstations, dedicated processing servers capable of
distributed processing, a network infrastructure based on parallel rather than
serial communication, and storage—the greater the payoff will be in terms of
efficiency. There is less and faster network traffic because distributed processors
do the bulk of the work—the network is only transferring the results of that
work, rather than the actual evidence files themselves.
When evidence files are maintained on the server instead of on the workstation,
the analyst is free to use the workstation to initiate and monitor multiple jobs
rather than being restricted trying to process a single job. Furthermore, analyses
Analyze ArchiveTriage
Ingest
Present