Digital Forensics - Top 10 Challenges
The ability of criminals and terrorists to maximise the
opportunities offered by new technology is constantly evolving.
Burying incriminating data within the increasing storage capacity
of PCs and laptops presents the police and security forces with new
and demanding challenges; challenges that are exacerbated by the
very short space of time in which examinations of seized assets can
take place.
As a professional services company, VEGA delivers
technology-enabled change in complex environments, often where
security and resilience are key. Through the experience gained
delivering solutions across the UK Security & Resilience
community, VEGA is able to help organisations with the Top 10
challenges they are likely to face when implementing digital forensics solutions.
1. Storage
When each suspect can store over 10 terabytes of information on
home equipment, a forensic laboratory must be able to cope with the
uploading, retention and manipulation of that data. It’s no longer
viable to rely on local storage for each analyst.
Centralised-storage is becoming a necessity.
To address this issue, VEGA has looked at the advantages offered
by Fibre-Channel storage for the initial uploading and subsequent
retention of data. Fibre-Channel storage is fast, reliable and
supports very high levels of input-output for multiple applications
and intensive processes, such as indexing. This is ideal for
forensic laboratories that must perform to timescales and can’t
afford for their capability to fail.
In addition, VEGA believes it is advisable to complement the
Fibre-Channel storage with very large amounts of Serial Advanced
Technology Attachment (SATA) storage. SATA is cheap and reliable.
By providing both Fibre-Channel and SATA disk storage, it is
possible to balance the real needs of a forensic laboratory, at the
best possible price. The solution has been proven working alongside
forensic-analysts using real data at the VEGA ListX facility in
Bristol.
2. Backup / archive
Forensic
laboratories are often now scaled to hold up to one PetaByte of
online storage. We have devised a manageable solution that
guarantees against loss of data. Furthermore, it does this without
impacting on the performance of a system; a system that has to be
operational 24/7/365.
By taking a “snapshot” of the data before it’s sent to offline
media, the performance of the live storage is never degraded. This
provides the users and the business with what it needs: a system
without planned downtime.
3. Application performance
The
effectiveness of forensic laboratories is often down to the
performance of the applications that are used by the forensic
analysts. This is either because the applications do
not yet take advantage of modern hardware, or because the nature of
their function is such that they will never perform as quickly as
the business would like. To address this issue, VEGA can devise
solutions that allows the most intensive forensic applications to
be served from powerful-servers. This enables applications to
operate with as little “lag” as possible.
By providing multiple variables of the same application,
forensic analysts can initiate multiple actions from a single
workstation. This results in greatly increased productivity,
removing “dead-time” where analysts may have traditionally had to
wait hours before undertaking other activities.
4. Scalability
All technology
solutions have their limits, often requiring a step-change in
hardware or software to expand or contract. This can be a
prohibitive factor in gradual expansion of capabilities due to the
cost associated with this step-change.
VEGA can develop solutions that are fully scalable, supporting
capability and user expansion / contraction through modularised
technology. These solutions can be designed to scale up to a
PetaByte of storage from the start and can be further increased if
required. There is no theoretical limit on the number of users that
can be hosted.
In addition, as the majority of forensic applications are
served, thin-clients can be deployed within minutes anywhere, with
the full set of forensic tools required for any investigation.
5. Malware protection
One of the
biggest issues for forensic laboratories is unknown malware. To
understand what an unidentified piece of software can do, analysts
sometimes need to reverse engineer it, or execute it and monitor
what it does. If it transpires to be unknown malware, there is the
potential of corrupting the entire forensic laboratory and calling
into doubt the integrity of the environment used to produce
evidence.
Even the best anti-virus programmes only mitigate known risks
and attack-vectors. VEGA therefore always builds in a series of
security-enforcing functions that are invisible to the user and
enable forensic analysts to examine unknown code without risk to
the integrity of the forensic laboratory.
6. Accreditation
The high profile data losses of recent years have propelled the
issue of information assurance to the top of the political agenda.
Having devised secure systems for the most sensitive parts of UK
Government, VEGA has the experience to create a solution that
complies with HMG Security Policy Framework, as well as JSP440. The
security enforcing functions mitigate against high confidentiality,
integrity and availability requirements. Furthermore, VEGA can
design secure solutions so that the security does not interfere
with the system performance or the user operations.
7. System Integration
Forensic laboratories are normally isolated technical units that
use an air-gap between themselves and the main desktop
infrastructure. A VEGA solution can include secure and reliable
integration methods that enable organisations to transfer data
safely, between corporate systems and laboratories.
Additionally, VEGA can devise methods to bring multiple sources
of information together, to provide a seamless system that meets
accreditation requirements, as well as extends the information
available to users.
8. Support
It is unacceptable for
forensic laboratories to require a high level of maintenance. VEGA
understands this and has created a solution based on Commercial Off
The Shelf (COTS) products. This means clients are not tied into us
or any supplier for long-term support, since the skills required
are readily available.
However, VEGA can provide a range of support options, if
required, from full system administration to third and fourth-line,
and from on-site to off-site. By using ListX premises, system
engineers with higher-clearances, and appropriate cryptographic
devices, VEGA can devise a support package to suit all our
customers’ needs.
9. Longevity
The rapid development of
information technology and the ability of criminals and terrorists
to use them to their advantage, demands that any digital forensic solution is able to evolve
quickly and with minimum disruption.
VEGA is working with leading forensic application providers to
ensure that we understand how best to improve capability for users
now and in the future. We plan our solution to take account of the
latest hardware in production, software development, and the
ever-increasing burden on forensic analysts and that of the
business. This long-term planning and investment demonstrates our
commitment to this field.
10. Ensuring best value-for-money
As public sector budgets come under increasing pressure, and
expenditure faces intense scrutiny, organisations must ensure
investment in IT provides value-for-money. VEGA offers independent
expert advice and delivers pragmatic, blended solutions that make
the most of third party suppliers. Partners have already included
DellTM, AccessData, EMC, Intel, Oracle, and
Symantec.This approach allows VEGA to deliver the most
cost-effective solution tailored for each client’s specific
digital forensics requirements.
Contact VEGA for further information about
these top 10 digital forensics challenges