The FAST Lab Solution is an overall, scalable infrastructure solution designed to maximize human and compute resources to not only protect your data and evidence but more importantly to make things, well you guessed it, FAST!

FAST Digital Forensics Lab Solution

A common lab scenario

 

What we see in most labs is illustrated below.  When (multiple) evidence hard drives come in, they are split up between the processing workstations, and their operators, to be imaged and processed.  Then the data is all kept on the local machine, or possibly offloaded to a storage device like a small NAS or even a storage server at sub-optimal speeds, and not backed up.  This data may or may not be accessible by all evidence processors, and their individual machines.  In many labs the data is stored locally on the forensic workstations, putting it at some risk, and is not accessible by other machines.  If a forensic workstation goes down, or (worst case) loses a hard drive (or multiple RAID drives), locally stored data can be lost.  Of course, an evidence drive can always be re-imaged and processed if needed but this takes time and ties up resources.

Digital Forensic Workstation

CONCERNS

  • Lack of centralized, shareable storage

  • Case files and images stored in various locations

  • Risk of data loss (case data and images) on multiple points of potential failure (local machines, NAS, etc)

  • Limitations on compute resources.  Workstations must image drive, then process

  • Imaging limited to number of forensic workstations and compute resources available on each

  • Many hours lost due to overlapping duties, resources and slow network/storage transfer speeds

A FAST Lab scenario

 

The FAST Lab increases productivity and protects your data with an improved workflow.  This is more than simply buying a product; this is buying in to a scalable overall lab solution.  This is accomplished by splitting up duties to free resources and implementing an advanced storage & network infrastructure.  Note that this is not the same as a "Distributed Install" for FTK as that focuses on the processing of evidence, which is done on the forensic workstations in the FAST Lab solution.  However, we can help you implement a distributed install of FTK which does fit right in to the FAST Lab.

 

First, dedicated imaging workstations are implemented for the imaging of evidence drives.  Multiple drives can be imaged simultanously by an imaging workstation (6+ at a time!) and the images are sent directly to the network'd storage.

 

The storage system utilizes a high performance, highly redundant RAID storage design that has the ability to move data on and off the network at speeds that feel like the storage is local to your computer!  Storage capacity can start as small as you'd like and can be expanded inside the chassis or via additional NAS or storage chassis of the same (or larger/smaller) size.  Don't have a server rack?  No problem.  We can add a small locking rack or desktop NAS units with up to 12 x 3.5" bays + 4 x 2.5" bays, 10TB HDD support, 10Gbps connectivity and desktop expansion units are available.

 

Naturally, your infrastructure is only as fast as the slowest point in path.  A high performance 10Gbps network infrastructure is also implemented as part of the solution to ensure EVERYTHING scales together.

Digital Forensic Workstation

IMPROVEMENTS

  • Fully centralized, shareable storage

  • Case files and images stored on server full time

  • Server storage is highly redundant and extremely fast (faster than most local RAID sets in local workstations)

  • Imaging of evidence drives done on dedicated workstations, freeing processing workstations for case processing only

  • No local E:\ drive (Evidence/case/storage) required on forensic processing workstations.  Processing workstations access images via mapped drive on server, pull the image, process it, then output case data back to server on same (or different) mapped drive on server.

  • Option to have NO, or cheaper/basic write blocker on forensic processing workstations

  • Tape backup implemented for backup of data, which can be taken offsite if desired

  • Scales easily across all tiers.  Imaging worksations, processing workstations and storage can all be added to existing infrastrcucture

  • Many hours saved, especially when many evidence hard drives need processing

The Workflow

Contact us today to discuss how the FAST Lab can help you.  All consultations, are free.