Solution Guide
Analyze 77
Analyze
There are several different types of analyses the investigator needs to be able to
conduct on evidence data, including file signature and hash analysis, and
extensive indexing and keyword searches. All of these analyses require
considerable processing power as evidence files for a single case can reach sizes
approaching the terabyte range, and processing these files can take tens of
hours--even days--using datacenter architectures commonly set in place today.
Investigators attempting this analysis on a single workstation must take this
issue into account when scheduling case processing because the analysis and
indexing of a single case may use up the investigator’s hardware assets. Dell’s
Digital Forensics Solution provides the significant advantages of distributed
processing, and that can change the picture entirely. We’ll take a look at
distributed processing shortly, but first let’s examine some of the types of
analysis that the digital forensics investigator typically encounters.
Types of Analysis
Hash Analysis
A hash function uses cryptographic algorithms to create a digital fingerprint
from data. The hash can be used to compare a hash of the original data to one of
the analyzed forensic data, which may be accepted in court as proof that the two
groups of data are identical. Hash analysis compares case file hash values with
known, stored hash values.
Archive
Triage
Ingest
Store
Present