티스토리 뷰
While the 'CSI effect' has glamorised and highlighted the importance of forensics to the public, it bears little reality to the hard work, long hours and challenges faced by the analysts who extract evidence from digital devices. In the real world, police forces are experiencing major problems when it comes to ingesting, storing and analysing digital evidence. The amount of digital evidence that needs to be reviewed is growing at a huge rate, and this is putting forensic experts under pressure to analyse data quickly and accurately to help secure arrests and convictions. Rather than CSI, the issue reminds me of the scene in Jaws, where - after seeing exactly what they were up against - Brody (played by Roy Scheider) decides that they're "gonna need a bigger boat." So it was good to be talking about the 'bigger boat' at this year's ACPO conference in Manchester, UK. I was there to launch Dell's digital forensics solution, which I believe will truly transform the digital forensics analysis process. Instead of saving suspect evidence on individual PCs, which can take between 24-48 hours, analysts can save time by storing the evidence directly in the data centre, so that multiple people can access the information. Analysts will be able to multitask as they can work on several cases simultaneously, while running different versions of forensic software from their own individual workstations. A "Google- like" tool will allow analysts to easily search through evidence, link to previously unrelated cases and, because evidence will be available at the touch of a button, it will allow them to share information with other countries, agencies and forces. More details on the benefits can be found in our Digital Forensics Solution Blueprint. We had lots of people visit the stand to find out more about our solution. We also announced it to the media, and seeing the news travel around the world online was fantastic - as was the amount of tweets, which seemed to go on for days! We performed three live demos for delegates on our stand. The demos went through how our solution works and what benefits this new approach can yield such as increased productivity, better storage and being able to share data quickly.
대충 보니까 포렌직 솔루션이라고 하기에는 좀 그렇고, 데이터 인덱싱을 통한 Search 기능에 초점을 맞춘 e-Discovery에 가까운 "검색시스템"이라고 보는게 낫겠다. FTK, EnCase를 통해서 Imaging, Indexing, Searching을 하고 디지털증거를 데이타센터로 옮겨서 여러명이서 동시에 Investigation을 수행하겠다는건데...쩝 forensic solution이라고 말할수는 없네. 발전해서 e-Discovery로 크기를 바란다.
'Tools' 카테고리의 다른 글
WebMail Reconstructor(CacheBack) (0) | 2010.02.25 |
---|---|
Final Forensic V3.0 Pros and Cons (0) | 2010.02.11 |
Live Forensics or Examination of Network Attached Drive (Live forensics for Email Server Using F-Response) (0) | 2010.01.11 |
Netwitness Investigator Tutorial (0) | 2009.05.12 |
Mandiant First Response (0) | 2009.05.07 |
댓글