Embed Size (px)
Citation preview
!
!
"#$%&$'()!*+!,--(&&./0/!
!
!"#$"#%&'$()&*+%&',-#)$'./$'+,0&1'$'./$'+,&+%&2+341'/,2#0&522#))6/$/7&+**#%)&',89)$%:;1#/8',.&)+19$'+,)&$"/$&49$&$"#&4+<#%&+*&*+%#,)'2)&',&:+9%&"/,8)=&>+%&?@&:#/%)0&522#))6/$/&"/)&<+%A#8&<'$"&3+%#&$"/,&B?@0@@@&21'#,$)&',&1/<&#,*+%2#3#,$0&
.+-#%,3#,$&/.#,2'#)0&2+%4+%/$'+,)&/,8&1/<&*'%3)&/%+9,8&$"#&<+%18&$+&9,8#%)$/,8&/,8&*+29)&+,&$"#'%&
9,'C9#&2+11#2$'+,;$+;/,/1:)')&,##8)=&D"#&%#)91$E&F%+892$)&$"/$"+<#%&*/)$#%&%#)91$)0&G#$$#%&
',)'."$)0&/,8&3+%#&2+,,#2$'-'$:=&!
!
!
1$'!2$'(!3%4$'2/03$%5!63&30!700#899:::;/--(&&)/0/;-$2!
!
!
<$%6('&/03$%/=!.3>30/=!1$'(%&3-&!,%/=+&3&!*+!.('(?!,;!"2307!
@!ABCD!<$%6('&/03$%/=!E((?!!
!
!!
ConversationalDigitalForensicsAnalysisPublishedbyConversationalGeekInc.www.conversationalgeek.com
Allrightsreserved.Nopartofthisbookshallbereproduced,storedinaretrievalsystem,ortransmittedbyanymeans,electronic,mechanical,photocopying,recording,orotherwise,withoutwrittenpermissionfromthepublisher.Nopatentliabilityisassumedwithrespecttotheuseoftheinformationcontainedherein.Althougheveryprecautionhasbeentakeninthepreparationofthisbook,thepublisherandauthorassumenoresponsibilityforerrorsoromissions.Norisanyliabilityassumedfordamagesresultingfromtheuseoftheinformationcontainedherein.
TrademarksConversationalGeek,theConversationalGeeklogoandJ.theGeekaretrademarksofConversationalGeek®.Alltermsmentionedinthisbookthatareknowntobetrademarksorservicemarkshavebeenappropriatelycapitalized.Wecannotattesttotheaccuracyofthisinformation.Useofaterminthisbookshouldnotberegardedasaffectingthevalidityofanytrademarkorservicemark.
WarningandDisclaimerEveryefforthasbeenmadetomakethisbookascompleteandasaccurateaspossible,butnowarrantyorfitnessisimplied.Theinformationprovidedisonan“asis”basis.Theauthorandthepublishershallhaveneitherliabilitynorresponsibilitytoanypersonorentitywithrespecttoanylossordamagesarisingfromtheinformationcontainedinthisbookorprogramsaccompanyingit.
AdditionalInformationForgeneralinformationonourotherproductsandservices,orhowtocreateacustomConversationalGeekbookforyourbusinessororganization,pleasevisitourwebsiteatConversationalGeek.com
PublisherAcknowledgmentsAllofthefolksresponsibleforthecreationofthisbook:
Author: DerekSmithProject/CopyEditor: StevenZimmermanContentReviewer(s): J.PeterBruzzese
!
!
J7(!Q<$%6('&/03$%/=R!Y(07$)!
N(!7/6(!0:$!$*S(-036(&!:7(%!:(!-'(/0(!/!Q<$%6('&/03$%/=R!*$$?8!13'&05!0$!2/?(!&G'(!30Z&!:'300(%!3%!/!-$%6('&/03$%/=!0$%(!&$!07/0!30Z&!4G%!/%)!(/&+!0$!'(/);!"(-$%)5!0$!2/?(!&G'(!+$G5!07(!'(/)('5!-/%!322()3/0(=+!0/?(!:7/0!+$G!'(/)!/%)!3%-=G)(!30!3%0$!+$G'!$:%!-$%6('&/03$%&!V#('&$%/=!$'!*G&3%(&&[4$-G&()W!:307!-$%43)(%-(;!
QE((?!3%!07(!Y3''$'R!X$\(&!
N(!3%4G&(!7G2$'!/%)!3%&3>70!3%0$!$G'!*$$?&!07'$G>7!*$07!-/'0$$%&!/%)!=3>70!*/%0('!4'$2!07(!/G07$';!N7(%!+$G!&((!$%(!$4!07(&(!*$\(&!30Z&!07(!/G07$'!&0(##3%>!$G0&3)(!07(!)3/=$>!0$!&#(/?!)3'(-0=+!0$!+$G;H0!23>70!*(!/%!/%(-)$0(]!30!23>70!*(!/!#('&$%/=!(\#('3(%-(;!!
!
N3073%!07(&(!*$\(&!H!-/%!&7/'(!SG&0!/*$G0!/%+073%>!$%!07(!&G*S(-0!/0!7/%);!U(/)!Z(2^!
ConversationalDigitalForensicsAnalysis
Crimeandmisconductarealmostasoldastimeitself.RememberCainandAbel?Withtheinventionofmisdeedscametheequallybrilliantnotionofthecover-up–afterall,whowantstogetcaught?Sincethen,therehavebeenthosetaskedwithdiscoveringandsortingthroughtheevidencetodetermine“whodoneit?”
!
!
.G'3%>!07(!CbDB&!07(!:$'?!$4!4$'(%&3-!3%6(&03>/03$%!:(%0!)3>30/=;!"3%-(!07(%5!07(!)(2/%)!4$'!)3>30/=!4$'(%&3-&!7/&!>'$:%!(\#$%(%03/==+;!H%!$G'!73>7=+!3%0('-$%%(-0()!:$'=)5!30!3&!%(\0!0$!32#$&&3*=(!0$!!/6$3)!=(/63%>!/!)3>30/=!0'/3=!$4!/!23&)(()]!G%=(&&5!$4!-$G'&(5!07(!&G&#(-0()!23&-'(/%0!7/&!=36()!/%)!:$'?()!(\-=G&36(=+!3%!07(!*/-?:/0('&!$4!07(!,2/M$%!*/&3%!4$'!07(!=/&0!cB!+(/'&;!!
N(!-'(/0(!/!)3>30/=!4$$0#'3%0!(6('+!032(!:(!G&(!/!-$2#G0('!4$'!$%=3%(!$'!$44=3%(!/-036303(&;!Y$'($6('5!:(!3%-'(/&(!$G'!4$$0#'3%0!:307!(6('+!#7$%(!-/==5!(6('+!(2/3=5!(6('+!0(\0!2(&&/>(5!/%)!:307!(/-7!G&(!$4!$G'!-'()30!$'!)(*30!-/');!P6(%!:/=?3%>!*+!/%!,JY!-/2('/!3%-'(/&(&!$G'!)3>30/=!4$$0#'3%0;!!
!"#$%&'(%)*+%*#%$&,%-.,/-+,%0*+*$-1%2''$3/*4$5%%
!
HZ==!*(0!07('(Z&!(6(%!/!)3>30/=!0'/3=!0$!43%)!2+!-/'!?(+&^!
Considerthat,in1860,aponyexpressridercarriedupto1,280messagesweighingnomorethan¼ouncefromNewYorktoSanFrancisco.Thejourneytook10daysandcarriedtheoutrageousexpenseof$50/monthforeachrider.Thatwas1860,andthose1,280letterswereroughlytheequivalentof640kofdata.Todaywecansendterabytesofdata–roughlyabilliontimesmorethantheridercarried–tomultiplesimultaneousdestinationsaroundtheworldinamatterofminutes,ifnotseconds.
Consideralsothatourdigitaltechnologyiscapableofproducingandcollectingmorethanaterabyteofdataeachweekforeveryindividualontheplanet–atleastone-thirdofwhichisaggregated,analyzed,processed,andstoredinthecloud.Withthislevelofdataproduction,itisvirtuallyimpossibletohideamisdeed.Somewhereinthatvastdigitaloceanisevidencewiththesuspect’snameonit,proving“whodoneit.”
Thechallengewiththatmuchdata,ofcourse,isn’twhetherornotthedigitalevidenceexists–itdoes.Thechallengeisisolatingthenecessaryevidencefromtherestoftheinformation.Today’sdigital
investigationsbringawholenewmeaningtotheoldclichéof“aneedleinahaystack.”
Theamountofdatageneratedbyeachpersonisstillincreasingwithnoinflectionpointinsight.Andwehaveyettofindanacceptablecureforcrimeandmisdeeds.Whatisleft,then,istheneedtofindgreaterefficienciesfordigitalinvestigations.
DigitalInvestigatorsareOverwhelmedBroadlyspeaking,adigitalforensicinvestigationistheapplicationofforensicsciencestodigitalinformation.Thedigitalforensicinvestigationisconcernedwithidentifying,collecting,examining,andanalyzingdigitalevidenceinawaythatmaintainsastrictchainofcustodywhilepreservingdataintegritysothattheevidenceisadmissibleinlegalcourtsandothersettings.Theworkoftheinvestigatoristofindtheinformationthatotherseitherdidn’tknowwasthereorthatsomeonetriedtodestroy.
Backinthe70s,whendigitalforensicinvestigationsweregettingstarted,computersbootedfromone5¼”floppyandstoredtheirprogramsanddataon
!
!
/%$07(';!P/-7!i!fR!4=$##+!-$G=)!7$=)!G#!0$!CCB!mX!$4!)/0/;!H0Z&!3%-'()3*=(!07/0!:(!:('(!/*=(!0$!)3>30/==+!4G%-03$%!*/-?!07(%!a!0$)/+!+$G!-/%Z0!>(0!*+!:307!=(&&!07/%!/!>3>/*+0(!$4!2(2$'+!SG&0!0$!0G'%!$%!/!N3%)$:&!CB!2/-73%(;!J7(!'(=/036(=+!&2/==!/2$G%0!$4!)/0/!/%)!63'0G/==+!%$%[(\3&0(%0!-$%%(-03630+!V/&!2(/&G'()!*+!0$)/+Z&!&0/%)/')&W!2(/%0!07/0!$%=+!!0:$!$'!07'((!)3>30/=!3%6(&03>/0$'&!-$G=)!:(==[(%$G>7!7/%)=(!07(!(%03'(!:$'?=$/)!$4!/!=/'>(!=/:!43'2!$'!'(>3$%/=!$443-(!$4!/!4()('/=!/>(%-+;!!
P/-7!+(/'!&3%-(!07(%5!07(!:$'?=$/)!4$'!)3>30/=!3%6(&03>/0$'&!7/&!'/#3)=+!3%-'(/&();!KG&0!4'$2!ABBD!0$!ABBd5!4$'!(\/2#=(5!1XH!)3>30/=!3%6(&03>/0$'&!3%-'(/&()!07(!/2$G%0!$4!)/0/!#'$-(&&()!*+!ADn;!X+!ABCB5!07(!/6('/>(!1XH!)3>30/=!3%6(&03>/03$%!-/&(=$/)!:/&!B;j!0('/*+0(&;!,%)!*+!ABCc5!07(!/6('/>(!-/&(!&3M(!3%-'(/&()!0$!C;B!0('/*+0(&!:307!ABn!$4!-/&(&!(\-(()3%>!436(!0('/*+0(&;!!
!
136(!0('/*+0(&!$4!)/0/!#('!-/&(!a!30!-$G=)!0/?(!2$%07&!0$!>$!
07'$G>7!/==!07/0^!
Today,ofcourse,withtheamountofdigitalinformationgeneratedbyeachindividual,caseloadsexceedingfiveterabytesiscommon.AccordingtoKathrynSeigfried-Spellar,PurdueUniversitycomputerscienceprofessor,“Almosteverytypeofcrime–whetherit’shomicide,arson,oracomputercrime–isgoingtohavesomesortofdigitalevidenceassociatedwithit.”Recently,forexample,digitalforensicinvestigatorsworkingforTargetwereaskedtolookintothechain’sshrinkageofBlu-Rayinventory.Theinvestigatorswenttoworkpouringovermountainsofdigitalinformation.
Beforelong,theinvestigationcenteredonaspecificsuspect.Throughanalysisofthesuspect’sdigitalfootprint,investigatorslearnedwherethesuspectlived,identifiedthecarhedrove,andlocatedwhereheresoldthestolenBlu-Rayinventory.$15,000worthofmissingBlu-Rayinventorywastiedtothesuspect,andthecasewasturnedovertolocallawenforcementwhochargedthesuspectwithgrandlarceny.
Whileitistechnicallypossibleforawell-traineddigitalinvestigatortoparedownthemountainofdatacollectedinagiveninvestigationtojustthe
informationwhichismostlikelytoproverelevant,thatdoesn’thelptheoverworkedinvestigatorgetthroughtheproverbialhaystackanyfaster.
Manyagenciesrequirethedigitalforensicinvestigatorstoanalyzeallthecollecteddata,asthiscouldleadtomoreorexpandedchargesbeingfiledagainstthesuspect.Theresult,saysSeigfried-Spellar,isasignificantbacklog–whichcanbeaslongasyearsinsomecases–ofdataanddeviceswaitingfordigitalforensicanalysisatpolicelabs.
Theamountofdatacollectedandrequiredtobeforensicallyanalyzedcreatesseveralpainpointsforpublicsector,aswellasprivate,organizations.Commonchallengesinclude:
• Thelegalrequirementtogather,analyze,andkeepterabytesofforensicinformationproducesmonstrousdatasetsthatmustbestored;
• Colossalstoragerequirements,ontopofburgeoningcaseloadsforanalysis,strainagencyandorganizationalbudgetsastheytryto
maintainhardware,infrastructures,andequipment;
• Growingworkloads,withHRbudgetsthatcannotkeeppace,areproducingsignificantbacklogsofforensicdatatoinvestigate;
• Asdatasetsgrowmorecumbersome,findingtheproverbialneedleinthehaystack–andmakingcriticalconnectionsbetweendisparatesetsofdata,particularlywhendataisgatheredfromdifferentsources–becomesincreasinglydifficult;
• Largerdatasetsfromdiversesourcesmeansgreaterdifficultytocollaboratereviews;and
• Theinabilityofforensichardwaretokeepupwith,andsearch,neworuncommondatatypes.
Digitalinvestigators,whetherworkingforfederalagencies,locallawenforcement,orfor-profitorganizationslikeWalmartandAmericanExpress,knowthedrill.Theymaybecalleduponto
investigatecorporatetheft,insidercyberthreats,oronlinefraudorterrorismandtracktheflowofinformationbacktoitssource.Theinvestigationmightrequiredefeatingencryption,overcomingpasswordsorphysicallydamagedequipment,ordetailedanlysisofexceptionallylargegraphics.
Theinvestigatormayneedtoanalyzeactivityacrossanextensivenetworkandthroughthecloudtopiecetogether,fromdisparatesources,whichspecificemployee,forexample,hastakensensitivecorporateinformationtoselltotheorganization’scompetitors.
Moreover,equippingandrunningadigitalforensicslabcanbeexpensive,requiringconstantcapitalinvestment,ashardware-basedsolutionsareantiquatedcontinuouslybynewtechnology.Forexample,extractionofdatafrommobiledevicessuchassmartphonesneedstobere-engineeredeachtimethelatestversionofthedevicehitsthemarketwithstrongersecurityprotocols.
!
!
<=$G)!<$2#G03%>!,))&!,))303$%/=!H%6(&03>/036(!<7/==(%>(&!!<=$G)!-$2#G03%>!a!/%)!07(!#'$=34('/03$%!$4!H$J!)(63-(&!:73-7!&(%)!/%!(%)=(&&!&0'(/2!$4!)/0/!0$!07(!-=$G)5!(&#(-3/==+!&G'63==(%-(!)(63-(& a /)) 0$!07(!$6(':7(=23%>!:$'?=$/)!$4!)3>30/=!4$'(%&3-!3%6(&03>/0$'&;!o('(Z&!7$:8!!
•!./0/!07/0!=36(&!3%!07(!-=$G)!3&!%$!=$%>('!3&$=/0()!0$!/!&#(-343-!)'36(!$'!&('6(';!H0!-/%!#7+&3-/==+!=36(!/%+:7('(!3%!07(!:$'=)5!:73-7!-$G=)!'/3&(!07(!3&&G(!$4!#'36/-+!=/:&!34!07(!)/0/!=36(&!3%!-('0/3%!!-$G%0'3(&]!!
•!P&0/*=3&73%>!07(!-7/3%!$4!-G&0$)+5!/G07(%03-30+5!/%)!3%0(>'30+!$4!3%4$'2/03$%!2/+!*(!)3443-G=0!$'!
!
,%!/6('/>(!$4!%3%(!%(:!&2/'0#7$%(&!-$2(!$G0!(/-7!
`G/'0('!a 07/0Z&!/!=$0!$4!0(-7%$=$>+!0$!?((#!G#!:307^!
impossible,dependingonthecloudprovider'savailableforensicservices;
• Thecloudplatformortheserviceprovidermaymakeitdifficulttoidentifyandpreserverelevantdatasubjecttoalegalhold,toconductfastandaccuratesearchesofdata,oreventoensureaproperapproachtodataretentionhasbeentaken.
Itmaybenotedthatmaintainingaproperchainofevidenceandobtainingforensicallysoundlogsandsnapshotsarepossiblewhenfollowingcloud(AWS/Azure)bestpractices.However,accordingtorenownedcloudsecurityandcyberriskanalystDr.KeyunRuan–whofirstcoinedtheterm“cloudforensics”whileworkingonherPh.D.–digitalforensicsinthecloudarefarmorechallengingthanjustfindingwherethedatalivesorworkingwithcloudproviders.“Thereare[unique]challengeswithmulti-tenanthosting,synchronizationproblems,andtechniquesforsegregatingthedatainthelogs.”
Moreover,saysMartinNovak,aphysicalscientistattheNationalInstituteofJustice,“Manyuserswill
haveaccesstoaparticularcloud.Howcanlawenforcementseizeonlythatportionofthemediawheretheevidencemayexist?Howwilltheyknowiftheyhavegotteneverythingthattheywillneedduringtheanalysis,interpretation,documentationandpresentationphases?”
ABetterWay:CreatingEfficienciesinInvestigativeWorkflowsWhatwouldhappenifyouragencyororganizationweremaderesponsibleforaninvestigationwithfiveormoreterabytesofdatatoanalyzeandhundredsofgigabytesofdigitalsurvillencetoprocessforcrucialevidence?Thatwouldcorrelatetoabout5.2milliondocumentstoscan,correlate,analyze,andprocessinaforensicallydefensiblemanner.
Youcouldhireanarmyofanalysts–butthismaynotbeafeasiblesolutionforagenciesororganizationswithoutunlimitedfinancialresources.
Youcouldtakeyearstosortthroughthedata–butthismaynotbearealisticsolutionasmostinvestigationsarerequiredtobehandledina“reasonable”timeframe.
Youcouldfileforearlyretirement–butthatdoesn’tsolvetheproblem;itonlyshiftstheresponsibilitytosomeoneelse.
!
!
!
P443-3(%0!:$'?4=$:&!/'(!07(!?(+!0$!&G--(&&!:7(%!)(/=3%>!:307!0('/*+0(&!$4!)/0/!#('!-/&(^!
1/-()!:307!43%30(!'(&$G'-(&5!032(!-$%&0'/3%0&5!/%)!/!&(%&(!$4!'(&#$%&3*3=30+5!07(!$%=+!:/+!0$!7/%)=(!/%!3%6(&03>/036(!=$/)!$4!073&!2/>%30G)(!3&!0$!)(6(=$#!!&-/=/*=(!/%)!-$&0[(44(-036(!:$'?4=$:!(443-3(%-3(&;!!
N7(%!)(/=3%>!:307!/%!/6('/>(!-/&(!&3M(!$4!i!0('/*+0(&5!4$'(%&3-!:$'?4=$:!(443-3(%-+!3&!/!0$#!#'3$'30+;!o$:(6('5!07(!/))303$%/=!-7/==(%>(&!/%)!-$%&0'/3%0&!:3073%!07(!#G*=3-!/%)!>$6('%2(%0!&(-0$'&!-$%'(!0$!2/?(!032(=+5!(443-3(%0!#'$-(&&3%>!$4!-/&(&!/!0'G=+!"3&+#7(/%!0/&?;!
p(0Z&!(\/23%(!07(!%G2*('&!:73-7!-7/'/-0('3M()!/!'(-(%0!-/&(!7/%)=()!*+!/!4()('/=!-'323%/=!3%6(&03>/03$%!/>(%-+5!4$'!:73-7!07(!(\#=$&36(!>'$:07!$4!)3>30/=!)(63-(&!$6('!07(!#/&0!436(!+(/'&!'(&G=0()!3%!07(!/>(%-+!-$==(-03%>!DBBn!2$'(!)/0/!4'$2!cBBn!2$'(!)(63-(&;!!
Requirementstocollaboratewithotherpublicsectororganizations,andtotraintheirpersonnel,addedtothemountingworkload.
Bythetimethefederalagencyturnedtooutsidesolutionsforresolution,theircasebackloghadgrowntoninemonthsandwasstillexpandingatanalarmingrate.Undermandatetoacceleratetheprocessingofthisworkloadwithoutaddingnewstaff,theagency’sburdenonlygrewgreater.
Everydevicedeemed“ofinterest”inaninvestigationhastobeprocessed,andallthedatastoredonthedevice–evendatawhichusersattemptedtoerase–needstobecapturedandfixed.Yetdigitaldatais,bynature,volatile,andcapturingthedataonadeviceofinteresttoacaserequirescreatingaforensicimage–abit-for-bitduplicationofthedataonthedeviceornetwork.
Traditionally,aremotedigitalimagewouldbecapturedwithaUSB2.0writeblocker.TheaveragesustainedtransferrateofaUSB2.0deviceis32.8Mbps.Atthatrate,itwouldtakeabout13½hoursprocessa160GBimage.Nonstopworkoncreatingdigitalimagesfortheaveragecaseloadof5TB
wouldconsume17½days–duringwhichtimetherestoftheinvestigativeprocessmaybeatastandstill.EvenifthehardwarewereupgradedtoUSB3.0–whichcansustainspeedsroughlytwiceasfastasFireWire800–processingthedigitalimagesforacaseloadwouldstillconsume5½days.
Andthechallengesdon’tstopthere.Oncethedataofinterestiscapturedasforensicimages,ithastobeprocessedtoisolatetheevidenciaryneedlesintheproverbialhaystack.Foranaverage5TBcaseload,therequireddataprocessingwouldbeequivalenttocarefullyexamining3.7milliondocuments,determiningwhichinformationisrelevanttotheinvestigation,andthencollatingandindexingtherelevantdataforreference.
Letus,oncemore,putthisinperspective.
Ifateamofteninvestigatorsmanuallyworkednonstop24hoursadaytofullyprocess2documentsanhour(readingandextractingtherelevantinformation,thencollatingandcorrelatingit),gettingthrough3.7milliondocumentswouldconsume21years!
Multiplythechallengesofinvestigatingjustonecase,fromimagingthroughtofinalprocessing,bythenumberofcasesforafederalcriminalinvestigationagencyisresponsibleanditiseasytounderstandwhyorganizationsneedspecializedresourcesintheirdigitalforensicstoolkit.
Inthisinstance,theaforementionedfederalcriminalinvestigationagencyimplementedanenterprisesolutiontoimprovetheirworkflowefficiency.Thesreamlinedworkflowallowedthemto:
• Reducetheircasebacklogfromninemonthstojusttwoweeks;
• Reducethenumberofstaffdedicatedtoprocessingandreviewingevidenceby25%;and
• Reducethecostoftheirdigitalforensicinvestigationsby$500,000overfiveyears.
MakingHayfromDigitalTrailsSinceinvestigationsofonesortoranotherwillbewithusuntiltheendoftime,theroleofdigitalforensicinvestigatorswillcontinuetobeanincreasinglyimportantpartoftheprocess.
Theincredibleamountofdataproduced,transmitted,processed,andstoredinourdigitally-drivenworldisn’tabouttodecrease.Ifanything,theamountofinformationgeneratedwillcontinuetoproliferateatanacceleratedrate.
ThisdataisgeneratedinourhomesaswebrowsetheInternet,placecalls,andtextfriends.Dataisgeneratedaswework,whetherfromhome,whiletraveling,orinoffice.Evenifourjobisditch-digging,weleaveadigitalfootprinteverytimeweclockinoroutfromthejob,getpaid,ordepositourpaycheckinthebank.
OurdigitalfootprintisincreasedeverytimeweinteractwithanIoT-enabledsensororcamera,whetherweknowitornot.Thisdoesn’tevenincludethenormaldatageneratedbybusinessesandagenciesconductingoperationseveryday.
That’swhyspecializedthird-partyvendorshaveengineeredsolutionswhichdeliverascalable,resource-effectivewaytocreatesignificantefficienciesininvestigativeworkflows;becausesizingup,breakingdown,divinginto,andovercomingmountainsofdataisatasknooneshoulddounassisted.
Thisisexcellentnewsforthosepersonsresponsibleforhandlingthecasesunderinvestigation;casescanbeinvestigatedinatimely,forensicallydefensiblewaywithoutcostinganarmandaleg.It’salsogreatnewsforthosedoingthelegworkontheinvestigation,nowabletofocusmoreonfindingtheirsuspectandlessonfindingareasonablewaytodigestpilesofdata.
Byleveragingspecializedcollection,preservation,processing,anddataassessmentsolutions,investigators’dayscanbemuchmorefruitfulandefficient,sotheycangohomehappieratnight.
NOTES
NOTES
