Evidence Talks Newsletter
August 2006

Case Study
Home Contact us News Roundup New Product News Forensics and the Future
How to React Faster and Save Travel Costs
RESPONDING TO FORENSIC INCIDENTS COSTS TIME AND MONEY. "BE THERE" WITH REMOTE FORENSICS AND YOU'LL RESPOND FASTER, SAVE MONEY AND BETTER UTILISE YOUR COSTLY EXPERTS.

FACT: Every year, companies spend thousands getting to incidents before they start investigating! If your risk is spread across geographically dispersed sites, or you offer incident consulting from worldwide office locations, remote forensics from Evidence Talks will allow you to respond faster, reduce travel costs and increase utilization of your specialist human resources.

With more than 14 years experience providing digital forensic response to some of the world's largest companies we learned two things: regardless of whether you have internal forensic resources or hire external consultants, the problem is the same. Your incidents are never where your experts are so they spend hours traveling rather than being productive. Not only does this incur high travel expenses and "travel time" charges from external consultants but it also results in protracted response times.

NOT ANOTHER NETWORK FORENSICS TOOL: That's right, remote forensics from Evidence Talks is not the same as other solutions that allow remote access to remote desktops. In fact nothing gets installed on the target system, avoiding the need to deploy software across your networks, resulting in fast implementation. Remote forensics is a forensically sound environment comprising two core components:

  • An RF POD deployed to your nominated sites - powerful, remote controlled forensic hardware.
  • Our Forensic Incident Management Service or "FIMS" - a sophisticated & secure case management web-app.

Remote Forensics from Evidence Talks combines truly global response flexibility with sophisticated case management and highly secure communications technology. It dynamically builds relationships between the source of the incident, the case manager and the Forensic Service Practitioner (FSP) to deliver dramatic reductions in the response costs and times while increasing manpower utilization and your ability to respond globally in minutes.

USE YOUR FAVOURITE APPLICATIONS: Rather than presenting you with yet another suite of forensic tools, Remote Forensics from Evidence Talks is a unique, forensically sound environment in which existing applications are easily deployed. Your forensic experts can use their favorite tools or dynamically reconfigure the RF POD with tools required for a specific incident. Flexibility is the key to incident response and remote forensics from Evidence Talks gives you unparalleled flexibility without sacrificing power or performance.

DISTANCE IS NO BARRIER TO SPEED: The unique architecture means that all the power is where you need it, at the point of analysis. No more imaging over a network. An investigator can be on an airport wireless connection in Kiev working on a case in Timbuktu but forensic imaging & analysis is performed at the speeds you would expect if you had the disk in front of you. It's just like "being there". The original data stays onsite too, great for dealing with privacy issues.

Features at a Glance
Features at a Glance
  • INTUITIVE - Quick to deploy - Easy to use
  • EFFICIENT - Use internal or external experts
    		•
  • SPEED - all processing is performed at local speeds
    		•
  • EFFECTIVE - Respond faster - report sooner
    		•
  • TRUST - Securely connect from ANYWHERE
    		•
  • ECONOMIC - Reduce costs, increase utilisation
    		•
  • FLEXIBLE - Use your favourite tools
  • COMPREHENSIVE - Forensics, e-discovery, data recovery
    		•
  • CONTINUITY - Full case logging and reporting
    		•
  • SUPPORT - Fully supported HW and SW 24/7
    		•


    Technical Data
    POD

    Basic configuration shown. Our PODS are built to order and options are available for more memory, faster processors and more storage.

    		 Processor:- Dual Xeon 3.2Ghz 2Mb cache
    Memory:-         GB DDR2 SDRAM (option to upgrade)
    Storage:-
    Fixed:-
    72Gb (OS and Applications use only)

    Removable:-

    1 x read/write removable drive bay, up to 500Gb capacity
    1 x read only removable drive bay, up to 500Gb capacity
    2 x removable disk pods for 3.5" IDE HDD
    1 x removable disk pod for 2.5" laptop HDD
    1 x removable disk pods for 3.5" SATA HDD
    Interfaces:
    64Bit Firewire 400/800
    USB 2/1.1
    100/GIGABIT Network Interface Card
    FIMS
    (Forensic Incident Management Service)    		 FIMS is a web application that lies at the heart of the remote forensics solution and acts as the bridge between the case manager, the forensic analyst and the pod. It brokers connections, controls access, records actions and provides reporting.

    FIMS consists of both hardware and software, supplied and configured by Evidence Talks.

    FIMS is supplied either as a "Hosted" service by Evidence Talks which is available to the client staff securely via the internet or as an "in-house" solution where the hardware and software are configured by Evidence Talks prior to delivery to the clients site (or nominated hosting environment) for commissioning. As an in-house solution, it can be placed on an Intranet or the Internet.

    Performance

    Our unique architecture means that forensic imaging does not take place over a network.

    Regardless of software used, speed of imaging is governed by the POD hardware, not the network connection or the remote user's hardware.

    Remote users can disconnect from PODS and leave processes, such as imaging, running.

    The standard POD is configured to provide optimum performance in most circumstances.

    		 remote forensics diagram
    top
    If you do not wish to be informed of further training or events please click here    August 2006
    Copyright Evidence Talks Ltd. Details subject to change without notice.